Fixed CVE-2023-23969 -- Prevented DoS with pathological values for Accept-Language.

The parsed values of Accept-Language headers are cached in order to
avoid repetitive parsing. This leads to a potential denial-of-service
vector via excessive memory usage if the raw value of Accept-Language
headers is very large.

Accept-Language headers are now limited to a maximum length in order
to avoid this issue.

tests/i18n/tests.py

@@ -1501,6 +1501,14 @@ class MiscTests(SimpleTestCase):
             ("de;q=0.", [("de", 0.0)]),
             ("en; q=1,", [("en", 1.0)]),
             ("en; q=1.0, * ; q=0.5", [("en", 1.0), ("*", 0.5)]),
+            (
+                "en" + "-x" * 20,
+                [("en-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x", 1.0)],
+            ),
+            (
+                ", ".join(["en; q=1.0"] * 20),
+                [("en", 1.0)] * 20,
+            ),
             # Bad headers
             ("en-gb;q=1.0000", []),
             ("en;q=0.1234", []),
@@ -1517,6 +1525,10 @@ class MiscTests(SimpleTestCase):
             ("", []),
             ("en;q=1e0", []),
             ("en-au;q=１.０", []),
+            # Invalid as language-range value too long.
+            ("xxxxxxxx" + "-xxxxxxxx" * 500, []),
+            # Header value too long, only parse up to limit.
+            (", ".join(["en; q=1.0"] * 500), [("en", 1.0)] * 45),
         ]
         for value, expected in tests:
             with self.subTest(value=value):