whimsical-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s...@apache.org
Subject [whimsy] branch master updated: Date validation
Date Tue, 06 Oct 2020 19:12:38 GMT
This is an automated email from the ASF dual-hosted git repository.

sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git


The following commit(s) were added to refs/heads/master by this push:
     new 9ced4ea  Date validation
9ced4ea is described below

commit 9ced4eae5e1496d6d9f74928b10d24c75be01e0e
Author: Sebb <sebb@apache.org>
AuthorDate: Tue Oct 6 20:12:29 2020 +0100

    Date validation
---
 www/board/agenda/views/actions/publish.json.rb | 3 ++-
 www/board/agenda/views/actions/todos.json.rb   | 6 +++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/www/board/agenda/views/actions/publish.json.rb b/www/board/agenda/views/actions/publish.json.rb
index 4de3acd..3e42f42 100755
--- a/www/board/agenda/views/actions/publish.json.rb
+++ b/www/board/agenda/views/actions/publish.json.rb
@@ -42,8 +42,9 @@ end
 # clean up summary
 @summary = @summary.gsub(/\r\n/,"\n").sub(/\s+\Z/,'') + "\n"
 
+raise ArgumentError, "Invalid date #{@date}" unless @date =~ /\A\d+_\d+_\d+\z/
+
 # extract date and year from minutes
-@date.untaint if @date =~ /^\d+_\d+_\d+$/
 date = Date.parse(@date.gsub('_', '-'))
 year = date.year
 fdate = date.strftime("%d %B %Y")
diff --git a/www/board/agenda/views/actions/todos.json.rb b/www/board/agenda/views/actions/todos.json.rb
index 78b0815..5619df4 100644
--- a/www/board/agenda/views/actions/todos.json.rb
+++ b/www/board/agenda/views/actions/todos.json.rb
@@ -5,13 +5,13 @@
 TLPREQ = ASF::SVN['tlpreq-input']
 
 date = params[:date].gsub('-', '_')
-date.untaint if date =~ /^\d+_\d+_\d+$/
+raise ArgumentError, "Invalid date #{date}" unless date =~ /\A\d+_\d+_\d+\z/
+
 agenda = "board_agenda_#{date}.txt"
 
 # fetch minutes
 @minutes = agenda.sub('_agenda_', '_minutes_')
-minutes_file = File.join(AGENDA_WORK, "#{@minutes.sub('.txt', '.yml')}")
-minutes_file.untaint if @minutes =~ /^board_minutes_\d+_\d+_\d+\.txt$/
+minutes_file = File.join(AGENDA_WORK, @minutes.sub('.txt', '.yml'))
 
 if File.exist? minutes_file
   minutes = YAML.load_file(minutes_file) || {}


Mime
View raw message