[Django] #32904: Tighten up the regular expression used by parse_time to accept less 'invalid' options.

Mon, 05 Jul 2021 07:11:25 -0700 

#32904: Tighten up the regular expression used by parse_time to accept less
'invalid' options.
------------------------------------------------+------------------------
               Reporter:  Keryn Knight          |          Owner:  nobody
                   Type:  Cleanup/optimization  |         Status:  new
              Component:  Utilities             |        Version:  dev
               Severity:  Normal                |       Keywords:
           Triage Stage:  Unreviewed            |      Has patch:  0
    Needs documentation:  0                     |    Needs tests:  0
Patch needs improvement:  0                     |  Easy pickings:  0
                  UI/UX:  0                     |
------------------------------------------------+------------------------
 As per discussion in the ticket #32892 and on the Github comments for
 same, currently the `time_re` allows for some variations which it arguably
 shouldn't.

 For the historical record's sake, the current regex is:
 
`(?P<hour>\d{1,2}):(?P<minute>\d{1,2})(?::(?P<second>\d{1,2})(?:[\.,](?P<microsecond>\d{1,6})\d{0,6})?)?`
 where you can see a whole lot of it ends up optional, and there are some
 ways in which that can be made to accept what we'd probably call 'invalid'
 (though strictly speaking the result is correct for the input portions):

 {{{
 >>> from django.utils.dateparse import parse_time
 >>> parse_time('0:5: ')
 datetime.time(0, 5)
 }}}

 If possible, we should derive examples of which strings might current pass
 and decide which, if any of them, shouldn't be accepted. It's probably
 also fine to leave the whole thing as-is (be liberal in what you accept
 etc) and just add them as necessary to the examples of valid inputs, so in
 future it doesn't come up again beyond "thats just an accepted quirk"

-- 
Ticket URL: <https://code.djangoproject.com/ticket/32904>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/052.e9107981aa735bbd1e68b9aea5939286%40djangoproject.com.

Reply via email to