forms/source/xforms/datatypes.cxx | 15 +++++++++++++++
unotools/source/misc/datetime.cxx | 17 ++++++++++++++---
2 files changed, 29 insertions(+), 3 deletions(-)
New commits:
commit c4aa51f497db8b659cc66402dea7be88f57c2580
Author: Julien Nabet <serval2...@yahoo.fr>
AuthorDate: Mon May 1 21:14:14 2023 +0200
Commit: Julien Nabet <serval2...@yahoo.fr>
CommitDate: Wed May 3 13:55:30 2023 +0200
Related tdf#154769: XML Form add limits of length value for some datatype
length value for:
- year:4
- month and day:2
change ISO8601parseDate in unotools to return false when month or day
length > 2
Change-Id: I807a8a784c8924750ae2c821de4be667e514e91f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/151238
Tested-by: Jenkins
Reviewed-by: Julien Nabet <serval2...@yahoo.fr>
diff --git a/forms/source/xforms/datatypes.cxx
b/forms/source/xforms/datatypes.cxx
index eb458ae925ba..e81f40246425 100644
--- a/forms/source/xforms/datatypes.cxx
+++ b/forms/source/xforms/datatypes.cxx
@@ -1051,6 +1051,11 @@ namespace xforms
static bool lcl_getValueYear( std::u16string_view value, double& fValue )
{
+ if (value.size() > 4)
+ {
+ fValue = 0;
+ return false;
+ }
if (o3tl::equalsAscii(value, "0"))
{
fValue = 0;
@@ -1072,6 +1077,11 @@ namespace xforms
static bool lcl_getValueMonth( std::u16string_view value, double& fValue )
{
+ if (value.size() > 2)
+ {
+ fValue = 0;
+ return false;
+ }
sal_Int32 int32Value = o3tl::toInt32(value);
if (
int32Value == 0 ||
@@ -1088,6 +1098,11 @@ namespace xforms
static bool lcl_getValueDay( std::u16string_view value, double& fValue )
{
+ if (value.size() > 2)
+ {
+ fValue = 0;
+ return false;
+ }
sal_Int32 int32Value = o3tl::toInt32(value);
if (
int32Value == 0 ||
diff --git a/unotools/source/misc/datetime.cxx
b/unotools/source/misc/datetime.cxx
index 348dd0df4934..e2cc1f6d1150 100644
--- a/unotools/source/misc/datetime.cxx
+++ b/unotools/source/misc/datetime.cxx
@@ -350,14 +350,25 @@ bool ISO8601parseDate(std::u16string_view aDateStr,
css::util::Date& rDate)
sal_Int32 nDay = 30;
sal_Int32 nIdx {0};
- if ( !convertNumber32( nYear, o3tl::getToken(aDateStr, 0, '-', nIdx ), 0,
9999 ) )
+ auto strCurrentToken = o3tl::getToken(aDateStr, 0, '-', nIdx );
+ if ( !convertNumber32( nYear, strCurrentToken, 0, 9999 ) )
return false;
if ( nDateTokens >= 2 )
- if ( !convertNumber32( nMonth, o3tl::getToken(aDateStr, 0, '-', nIdx
), 0, 12 ) )
+ {
+ strCurrentToken = o3tl::getToken(aDateStr, 0, '-', nIdx );
+ if (strCurrentToken.size() > 2)
+ return false;
+ if ( !convertNumber32( nMonth, strCurrentToken, 0, 12 ) )
return false;
+ }
if ( nDateTokens >= 3 )
- if ( !convertNumber32( nDay, o3tl::getToken(aDateStr, 0, '-', nIdx ),
0, 31 ) )
+ {
+ strCurrentToken = o3tl::getToken(aDateStr, 0, '-', nIdx );
+ if (strCurrentToken.size() > 2)
+ return false;
+ if ( !convertNumber32( nDay, strCurrentToken, 0, 31 ) )
return false;
+ }
rDate.Year = static_cast<sal_uInt16>(nYear);
rDate.Month = static_cast<sal_uInt16>(nMonth);
