Re: [Django] #28690: django.utils.http.parse_http_date two digit year check is incorrect

[Django]

#28690: django.utils.http.parse_http_date two digit year check is incorrect
-----------------------------+----------------------------------------
     Reporter:  Mads Jensen  |                    Owner:  Ad Timmering
         Type:  Bug          |                   Status:  assigned
    Component:  Utilities    |                  Version:  master
     Severity:  Normal       |               Resolution:
     Keywords:               |             Triage Stage:  Accepted
    Has patch:  1            |      Needs documentation:  0
  Needs tests:  0            |  Patch needs improvement:  1
Easy pickings:  1            |                    UI/UX:  0
-----------------------------+----------------------------------------
Changes (by Ad Timmering):

 * cc: Ad Timmering (added)
 * owner:  David Jovanović => Ad Timmering


Old description:

> RFC 850 does not mention this, but in RFC 7231 (and there's something
> similar in RFC 2822), there's the following quote:
>
>    Recipients of a timestamp value in rfc850-date format, which uses a
>    two-digit year, MUST interpret a timestamp that appears to be more
>    than 50 years in the future as representing the most recent year in
>    the past that had the same last two digits.
>
> The `< 70` is incorrect, and should have been `< 50`. I inserted a diff
> that applies.

New description:

 RFC 850 does not mention this, but in RFC 7231 (and there's something
 similar in RFC 2822), there's the following quote:

    Recipients of a timestamp value in rfc850-date format, which uses a
    two-digit year, MUST interpret a timestamp that appears to be more
    than 50 years in the future as representing the most recent year in
    the past that had the same last two digits.

 Current logic is hard coded to consider 0-69 to be in 2000-2069, and 70-99
 to be 1970-1999, instead of comparing versus the current year.

--

Comment:

 Taking the liberty to reassign due to inactivity (6 months) and adding a
 pull request with revised code and addressing feedback on prior PRs.
 Please add give your comments for any concerns:)

-- 
Ticket URL: <https://code.djangoproject.com/ticket/28690#comment:23>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/068.07f408a45d8855634987a2d460d9b29d%40djangoproject.com.