You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@whimsical.apache.org by se...@apache.org on 2020/10/06 19:12:38 UTC
[whimsy] branch master updated: Date validation
This is an automated email from the ASF dual-hosted git repository.
sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push:
new 9ced4ea Date validation
9ced4ea is described below
commit 9ced4eae5e1496d6d9f74928b10d24c75be01e0e
Author: Sebb <se...@apache.org>
AuthorDate: Tue Oct 6 20:12:29 2020 +0100
Date validation
---
www/board/agenda/views/actions/publish.json.rb | 3 ++-
www/board/agenda/views/actions/todos.json.rb | 6 +++---
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/www/board/agenda/views/actions/publish.json.rb b/www/board/agenda/views/actions/publish.json.rb
index 4de3acd..3e42f42 100755
--- a/www/board/agenda/views/actions/publish.json.rb
+++ b/www/board/agenda/views/actions/publish.json.rb
@@ -42,8 +42,9 @@ end
# clean up summary
@summary = @summary.gsub(/\r\n/,"\n").sub(/\s+\Z/,'') + "\n"
+raise ArgumentError, "Invalid date #{@date}" unless @date =~ /\A\d+_\d+_\d+\z/
+
# extract date and year from minutes
-@date.untaint if @date =~ /^\d+_\d+_\d+$/
date = Date.parse(@date.gsub('_', '-'))
year = date.year
fdate = date.strftime("%d %B %Y")
diff --git a/www/board/agenda/views/actions/todos.json.rb b/www/board/agenda/views/actions/todos.json.rb
index 78b0815..5619df4 100644
--- a/www/board/agenda/views/actions/todos.json.rb
+++ b/www/board/agenda/views/actions/todos.json.rb
@@ -5,13 +5,13 @@
TLPREQ = ASF::SVN['tlpreq-input']
date = params[:date].gsub('-', '_')
-date.untaint if date =~ /^\d+_\d+_\d+$/
+raise ArgumentError, "Invalid date #{date}" unless date =~ /\A\d+_\d+_\d+\z/
+
agenda = "board_agenda_#{date}.txt"
# fetch minutes
@minutes = agenda.sub('_agenda_', '_minutes_')
-minutes_file = File.join(AGENDA_WORK, "#{@minutes.sub('.txt', '.yml')}")
-minutes_file.untaint if @minutes =~ /^board_minutes_\d+_\d+_\d+\.txt$/
+minutes_file = File.join(AGENDA_WORK, @minutes.sub('.txt', '.yml'))
if File.exist? minutes_file
minutes = YAML.load_file(minutes_file) || {}