diff options
| author | Daniel Friesel <derf@finalrewind.org> | 2019-05-11 01:35:57 +0200 |
|---|---|---|
| committer | Daniel Friesel <derf@finalrewind.org> | 2019-05-11 01:35:57 +0200 |
| commit | 59c677ba12365f0ed2996005fcc6ce1281069be9 (patch) | |
| tree | 0eb1cadd9cb08c73e8a0b8bdef1181a4baa12bd8 | |
| parent | b0397e50b422fd99fc6903be2dd598a8280d1381 (diff) | |
history: validate year and month
| -rwxr-xr-x | lib/Travelynx/Controller/Traveling.pm | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/lib/Travelynx/Controller/Traveling.pm b/lib/Travelynx/Controller/Traveling.pm index ee94913..3d2bb0c 100755 --- a/lib/Travelynx/Controller/Traveling.pm +++ b/lib/Travelynx/Controller/Traveling.pm @@ -360,7 +360,10 @@ sub yearly_history { my @journeys; my $stats; - if ( not $year =~ m{ ^ [0-9]{4} $ }x ) { + # DateTime is very slow when looking far into the future due to DST changes + # -> Limit time range to avoid accidental DoS. + if ( not( $year =~ m{ ^ [0-9]{4} $ }x and $year > 1990 and $year < 2100 ) ) + { @journeys = $self->get_user_travels; } else { @@ -409,7 +412,14 @@ sub monthly_history { qw(Januar Februar März April Mai Juni Juli August September Oktober November Dezember) ); - if ( not( $year =~ m{ ^ [0-9]{4} $ }x and $month =~ m{ ^ [0-9]{1,2} $ }x ) ) + if ( + not( $year =~ m{ ^ [0-9]{4} $ }x + and $year > 1990 + and $year < 2100 + and $month =~ m{ ^ [0-9]{1,2} $ }x + and $month > 0 + and $month < 13 ) + ) { @journeys = $self->get_user_travels; } |