Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Date.new accepts bogus string input #4913

Open
p6rt opened this issue Dec 23, 2015 · 4 comments
Open

Date.new accepts bogus string input #4913

p6rt opened this issue Dec 23, 2015 · 4 comments
Labels

Comments

@p6rt
Copy link

p6rt commented Dec 23, 2015

Migrated from rt.perl.org#127008 (status was 'open')

Searchable as RT127008$

@p6rt
Copy link
Author

p6rt commented Dec 23, 2015

From zefram@fysh.org

The documentation for Date.new says that when given a string input the
string is to be in ISO 8601 format. In fact it accepts many kinds of
non ISO 8601 strings​:

  "1-01-01" (too few year digits)
  "2000-1-1" (too few month and day digits)
  "2000- 01-01" (illegal spaces)
  "-01-01" (no year digits)
  "2000-0\x[666]-01" (non-ASCII digit)
  "2000.5-01-01" (illegal fraction)
  "2000-001-001" (too many month and day digits)
  "2000-+01-+01" (sign on month and day)

The documentation doesn't actually say that an exception will be thrown
when it is given an invalid string input, but it doesn't give any clue
as to how non ISO 8601 input would be parsed. Some regexp-based syntax
checking would be welcome here.

Bearing in mind your response to [perl #​127002], perhaps you intend to
accept some strings that are not in ISO 8601 format, but the range that
is accepted here goes beyond "liberal in what you accept". Many of these
strings are quite some distance away from being ISO 8601. Whatever you
intend to accept, it would also be wise to document explicitly what
happens with non ISO 8601 input.

-zefram

@p6rt
Copy link
Author

p6rt commented Dec 24, 2015

From @lizmat

On 24 Dec 2015, at 00​:50, Zefram (via RT) <perl6-bugs-followup@​perl.org> wrote​:

# New Ticket Created by Zefram
# Please include the string​: [perl #​127008]
# in the subject line of all future correspondence about this issue.
# <URL​: https://rt-archive.perl.org/perl6/Ticket/Display.html?id=127008 >

The documentation for Date.new says that when given a string input the
string is to be in ISO 8601 format. In fact it accepts many kinds of
non ISO 8601 strings​:

"1-01-01" (too few year digits)
"2000-1-1" (too few month and day digits)
"2000- 01-01" (illegal spaces)
"-01-01" (no year digits)
"2000-0\x[666]-01" (non-ASCII digit)
"2000.5-01-01" (illegal fraction)
"2000-001-001" (too many month and day digits)
"2000-+01-+01" (sign on month and day)

The documentation doesn't actually say that an exception will be thrown
when it is given an invalid string input, but it doesn't give any clue
as to how non ISO 8601 input would be parsed. Some regexp-based syntax
checking would be welcome here.

Bearing in mind your response to [perl #​127002], perhaps you intend to
accept some strings that are not in ISO 8601 format, but the range that
is accepted here goes beyond "liberal in what you accept". Many of these
strings are quite some distance away from being ISO 8601. Whatever you
intend to accept, it would also be wise to document explicitly what
happens with non ISO 8601 input.

Fixed as a side-effect of fixing #​127010 in fb475d22ba6d5507dd . Can be closed.

Liz

@p6rt
Copy link
Author

p6rt commented Dec 24, 2015

The RT System itself - Status changed from 'new' to 'open'

@p6rt
Copy link
Author

p6rt commented Dec 24, 2015

From zefram@fysh.org

Elizabeth Mattijsen via RT wrote​:

Fixed as a side-effect of fixing #​127010 in fb475d22ba6d5507dd . Can be closed.

Not fully fixed. You've fixed most (not all) of the specific cases that
I reported, but you left one of them, along with some year formatting
that I didn't specifically list. Invalid stuff now accepted​:

  "-0000-01-01"
  "12345-01-01"
  "2015-01-0\x[666]"

-zefram

@p6rt p6rt added the Bug label Jan 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant