summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Friesel <derf@finalrewind.org>2019-05-11 01:35:57 +0200
committerDaniel Friesel <derf@finalrewind.org>2019-05-11 01:35:57 +0200
commit59c677ba12365f0ed2996005fcc6ce1281069be9 (patch)
tree0eb1cadd9cb08c73e8a0b8bdef1181a4baa12bd8
parentb0397e50b422fd99fc6903be2dd598a8280d1381 (diff)
history: validate year and month
-rwxr-xr-xlib/Travelynx/Controller/Traveling.pm14
1 files changed, 12 insertions, 2 deletions
diff --git a/lib/Travelynx/Controller/Traveling.pm b/lib/Travelynx/Controller/Traveling.pm
index ee94913..3d2bb0c 100755
--- a/lib/Travelynx/Controller/Traveling.pm
+++ b/lib/Travelynx/Controller/Traveling.pm
@@ -360,7 +360,10 @@ sub yearly_history {
my @journeys;
my $stats;
- if ( not $year =~ m{ ^ [0-9]{4} $ }x ) {
+ # DateTime is very slow when looking far into the future due to DST changes
+ # -> Limit time range to avoid accidental DoS.
+ if ( not( $year =~ m{ ^ [0-9]{4} $ }x and $year > 1990 and $year < 2100 ) )
+ {
@journeys = $self->get_user_travels;
}
else {
@@ -409,7 +412,14 @@ sub monthly_history {
qw(Januar Februar März April Mai Juni Juli August September Oktober November Dezember)
);
- if ( not( $year =~ m{ ^ [0-9]{4} $ }x and $month =~ m{ ^ [0-9]{1,2} $ }x ) )
+ if (
+ not( $year =~ m{ ^ [0-9]{4} $ }x
+ and $year > 1990
+ and $year < 2100
+ and $month =~ m{ ^ [0-9]{1,2} $ }x
+ and $month > 0
+ and $month < 13 )
+ )
{
@journeys = $self->get_user_travels;
}