RE1-T112 PR#324 fixes

Author: ucswift

Web/Resgrid.Web/Areas/User/Controllers/SubscriptionController.cs

@@ -687,6 +687,9 @@ public async Task<IActionResult> CancelAddon(int addonTypeId)
 		[Authorize(Policy = ResgridResources.Department_Update)]
 		public async Task<IActionResult> GetStripeSession(int id, int count, string discountCode = null, CancellationToken cancellationToken = default)
 		{
+			if (count < 1 || count > 200)
+				return BadRequest("Invalid entity pack count.");
+
 			var plan = await _subscriptionsService.GetPlanByIdAsync(id);
 			var stripeCustomerId = await _departmentSettingsService.GetStripeCustomerIdForDepartmentAsync(DepartmentId);
 			var department = await _departmentsService.GetDepartmentByIdAsync(DepartmentId);
@@ -725,6 +728,9 @@ public async Task<IActionResult> GetStripeUpdate()
 		[Authorize(Policy = ResgridResources.Department_Update)]
 		public async Task<IActionResult> GetPaddleCheckout(int id, int count, string discountCode = null, CancellationToken cancellationToken = default)
 		{
+			if (count < 1 || count > 200)
+				return BadRequest("Invalid entity pack count.");
+
 			var plan = await _subscriptionsService.GetPlanByIdAsync(id);
 			var paddleCustomerId = await _departmentSettingsService.GetPaddleCustomerIdForDepartmentAsync(DepartmentId);
 			var department = await _departmentsService.GetDepartmentByIdAsync(DepartmentId);