If the junk doesn't change the validity of the date, I don;t see why we shouldn't silently accept... "be lenient" and all that jazz...
On Feb 12, 2011, at 3:12 PM, Graham Leggett wrote: > Hi all, > > As part of https://issues.apache.org/bugzilla/show_bug.cgi?id=16521, we > currently accept dates that are trailed by extra characters without > complaining. The following patch marks such dates as APR_DATE_BAD. Does this > patch make sense? > > Index: util-misc/apr_date.c > =================================================================== > --- util-misc/apr_date.c (revision 1070137) > +++ util-misc/apr_date.c (working copy) > @@ -147,7 +147,8 @@ > apr_time_exp_t ds; > apr_time_t result; > int mint, mon; > - const char *monstr, *timstr; > + int time_len=12; /* "HH:MM:SS GMT" */ > + const char *monstr, *timstr = 0; > static const int months[12] = > { > ('J' << 16) | ('a' << 8) | 'n', ('F' << 16) | ('e' << 8) | 'b', > @@ -214,6 +215,7 @@ > > monstr = date; > timstr = date + 7; > + time_len = 13; /* HH:MM:SS YYYY */ > } > else if (apr_date_checkmask(date, "# @$$ #### ##:##:## *")) { > /* RFC 1123 format with one day */ > @@ -231,6 +233,17 @@ > else > return APR_DATE_BAD; > > + /* Testing if the date has any junk characters at the end */ > + if (timstr && strlen(timstr) > time_len) { > + > + date = timstr + time_len; > + > + if (date && *date) { > + return APR_DATE_BAD; > + } > + > + } > + > if (ds.tm_mday <= 0 || ds.tm_mday > 31) > return APR_DATE_BAD; > > > Regards, > Graham > -- >
