MAX_INCLUDE_DEPTH include parsing for querystring is wrong

[iamareebjamal]

Let's take a look at this code

flask-rest-jsonapi/flask_rest_jsonapi/querystring.py

Lines 193 to 201 in b44bc08

	include_param = self.qs.get('include', [])
	if current_app.config.get('MAX_INCLUDE_DEPTH') is not None:
	for include_path in include_param:
	if len(include_path.split('.')) > current_app.config['MAX_INCLUDE_DEPTH']:
	raise InvalidInclude("You can't use include through more than {} relationships"
	.format(current_app.config['MAX_INCLUDE_DEPTH']))
	return include_param.split(',') if include_param else []

flask-rest-jsonapi/flask_rest_jsonapi/querystring.py

Line 193 in b44bc08

include_param = self.qs.get('include', [])

This expects self.querystring['include'] to be a list, whereas we know that it is a string by looking at last line

flask-rest-jsonapi/flask_rest_jsonapi/querystring.py

Line 201 in b44bc08

return include_param.split(',') if include_param else []

Hence, this block of code is wrong.

flask-rest-jsonapi/flask_rest_jsonapi/querystring.py

Lines 195 to 199 in b44bc08

	if current_app.config.get('MAX_INCLUDE_DEPTH') is not None:
	for include_path in include_param:
	if len(include_path.split('.')) > current_app.config['MAX_INCLUDE_DEPTH']:
	raise InvalidInclude("You can't use include through more than {} relationships"
	.format(current_app.config['MAX_INCLUDE_DEPTH']))

If MAX_INCLUDE_DEPTH is not None and querystring is not empty, it'll loop through the individual characters of the querystring and not different parts of include string separated by commas