On Tue, Dec 15, 2009 at 7:03 PM, Bill Moseley <mose...@hank.org> wrote:
> On Tue, Dec 15, 2009 at 6:12 PM, Lyle <webmas...@cosmicperl.com> wrote:
>
>> Michael G Schwern wrote:
>>
>>> Clever watchdogs can prevent this from bringing down a server, but I think
>>> we can all agree that a date library should not be the source of DOS
>>> attacks.
>>>
>>
>> Maybe a warning of this in the POD would be enough? Or a more active built
>> in restriction on future dates that users of DataTime must manually
>> override...
>>
>
> Would a global be too ugly for a short-term fix? $DateTime::MaxFutureYears
> = 20; # no dates more than 20 years from current year.
>
>
It's documented in the POD already. If your application is sane, you
already verify user input, right? Just an extra filter on the
validation.
Moose and Data::Verifier ftw:
subtype ValidYear,
as Int,
where { $_ > 1900 && $_ < ((localtime)[5] + 1930) },
message { "Valid years for this input must be after 1900 and
within 30 years" };
My vote goes for no changes, as it is in the POD as a warning and has
existing for a very long time. The better fix is to write better
applications.
-J
