From 4321c5b0c940e42c50d2abd1edd4318f0727d1be Mon Sep 17 00:00:00 2001
From: Adrian Moennich <adrian@planetcoding.net>
Date: Fri, 5 May 2023 12:32:29 +0200
Subject: [PATCH] Do not apply max_form_parts to non-multipart data

---
 CHANGES.rst                | 2 ++
 src/werkzeug/formparser.py | 9 ++++-----
 tests/test_formparser.py   | 4 ++--
 3 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index fa8d36a8b..86e9d1131 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -8,6 +8,8 @@ Unreleased
 -   ``Authorization.from_header`` and ``WWWAuthenticate.from_header`` detects tokens
     that end with base64 padding (``=``). :issue:`2685`
 -   Remove usage of ``warnings.catch_warnings``. :issue:`2690`
+-   Remove ``max_form_parts`` restriction from standard form data parsing and only use
+    if for multipart content. :pr:`2694`
 
 
 Version 2.3.3
diff --git a/src/werkzeug/formparser.py b/src/werkzeug/formparser.py
index 074ac5421..99937e43d 100644
--- a/src/werkzeug/formparser.py
+++ b/src/werkzeug/formparser.py
@@ -105,8 +105,8 @@ def parse_form_data(
     :param cls: an optional dict class to use.  If this is not specified
                        or `None` the default :class:`MultiDict` is used.
     :param silent: If set to False parsing errors will not be caught.
-    :param max_form_parts: The maximum number of parts to be parsed. If this is
-        exceeded, a :exc:`~exceptions.RequestEntityTooLarge` exception is raised.
+    :param max_form_parts: The maximum number of multipart parts to be parsed. If this
+        is exceeded, a :exc:`~exceptions.RequestEntityTooLarge` exception is raised.
     :return: A tuple in the form ``(stream, form, files)``.
 
     .. versionchanged:: 2.3
@@ -157,8 +157,8 @@ class FormDataParser:
     :param cls: an optional dict class to use.  If this is not specified
                        or `None` the default :class:`MultiDict` is used.
     :param silent: If set to False parsing errors will not be caught.
-    :param max_form_parts: The maximum number of parts to be parsed. If this is
-        exceeded, a :exc:`~exceptions.RequestEntityTooLarge` exception is raised.
+    :param max_form_parts: The maximum number of multipart parts to be parsed. If this
+        is exceeded, a :exc:`~exceptions.RequestEntityTooLarge` exception is raised.
 
     .. versionchanged:: 2.3
         The ``charset`` and ``errors`` parameters are deprecated and will be removed in
@@ -378,7 +378,6 @@ def _parse_urlencoded(
                 keep_blank_values=True,
                 encoding=self.charset,
                 errors="werkzeug.url_quote",
-                max_num_fields=self.max_form_parts,
             )
         except ValueError as e:
             raise RequestEntityTooLarge() from e
diff --git a/tests/test_formparser.py b/tests/test_formparser.py
index f9b44d7ca..1dcb167ef 100644
--- a/tests/test_formparser.py
+++ b/tests/test_formparser.py
@@ -126,8 +126,8 @@ def test_x_www_urlencoded_max_form_parts(self):
         r = Request.from_values(method="POST", data={"a": 1, "b": 2})
         r.max_form_parts = 1
 
-        with pytest.raises(RequestEntityTooLarge):
-            r.form
+        assert r.form["a"] == "1"
+        assert r.form["b"] == "2"
 
     def test_missing_multipart_boundary(self):
         data = (