Date validation functions are overly lenient

batchu / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java

0 stars 0 forks source link

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

isValidDate and getValidDate are both way to forgiving. We should force the 
DateFormat object to setLenient(false) to force stricter validation.

Original issue reported on code.google.com by manico.james@gmail.com on 7 Dec 2009 at 8:52

GoogleCodeExporter commented 8 years ago

This is a very easy fix, but I'm worried the change will have a negative impact 
on
existing code. Thoughts?

Original comment by manico.james@gmail.com on 18 Jan 2010 at 6:24

GoogleCodeExporter commented 8 years ago

Can we not make this a configurable option in the DateValidationRule that 
defaults to 
true?

Original comment by chrisisbeef on 18 Jan 2010 at 6:27

GoogleCodeExporter commented 8 years ago

Agree with Chris, make this configurable. I'll do it before 2.0 GA

Original comment by manico.james@gmail.com on 1 Nov 2010 at 12:46

GoogleCodeExporter commented 8 years ago

Original comment by manico.james@gmail.com on 19 Nov 2010 at 2:35

GoogleCodeExporter commented 8 years ago

Original comment by chrisisbeef on 20 Nov 2010 at 9:54

GoogleCodeExporter commented 8 years ago

Fixed via SVN revisions 1729 through 1735, inclusive.
See new ESAPI.property property 'Validator.AcceptLenientDates'.

Original comment by kevin.w.wall@gmail.com on 22 Mar 2011 at 2:26