From 454ffd13642bd3a15b96466b07f41e7d5548552d Mon Sep 17 00:00:00 2001 From: Nathaniel Bibler Date: Sat, 10 Apr 2010 23:58:47 -0400 Subject: [PATCH] Restrict the JSON DATE_REGEX to match only correctly formatted date strings. --- activesupport/lib/active_support/json/encoding.rb | 2 +- activesupport/test/json/decoding_test.rb | 5 +++++ 2 files changed, 6 insertions(+), 1 deletions(-) diff --git a/activesupport/lib/active_support/json/encoding.rb b/activesupport/lib/active_support/json/encoding.rb index 0fbf2fe..8aedcd5 100644 --- a/activesupport/lib/active_support/json/encoding.rb +++ b/activesupport/lib/active_support/json/encoding.rb @@ -11,7 +11,7 @@ module ActiveSupport module JSON # matches YAML-formatted dates - DATE_REGEX = /^(?:\d{4}-\d{2}-\d{2}|\d{4}-\d{1,2}-\d{1,2}[ \t]+\d{1,2}:\d{2}:\d{2}(\.[0-9]*)?(([ \t]*)Z|[-+]\d{2}?(:\d{2})?))$/ + DATE_REGEX = /^(?:\d{4}-(0[1-9]|1[012])-(0[1-9]|[12]\d|3[01])|\d{4}-\d{1,2}-\d{1,2}[ \t]+\d{1,2}:\d{2}:\d{2}(\.[0-9]*)?(([ \t]*)Z|[-+]\d{2}?(:\d{2})?))$/ class << self delegate :encode, :to => :'ActiveSupport::JSON::Encoding' diff --git a/activesupport/test/json/decoding_test.rb b/activesupport/test/json/decoding_test.rb index e45851e..327ecd8 100644 --- a/activesupport/test/json/decoding_test.rb +++ b/activesupport/test/json/decoding_test.rb @@ -19,6 +19,11 @@ class TestJSONDecoding < ActiveSupport::TestCase # needs to be *exact* %({"a": " 2007-01-01 01:12:34 Z "}) => {'a' => " 2007-01-01 01:12:34 Z "}, %({"a": "2007-01-01 : it's your birthday"}) => {'a' => "2007-01-01 : it's your birthday"}, + %({"a": "1234-56-78"}) => {'a' => '1234-56-78'}, + %({"a": "1234-12-31"}) => {'a' => Date.new(1234, 12, 31)}, + %({"a": "1234-12-32"}) => {'a' => '1234-12-32'}, + %({"a": "1234-12-00"}) => {'a' => '1234-12-00'}, + %({"a": "2010-00-78"}) => {'a' => '2010-00-78'}, %([]) => [], %({}) => {}, %({"a":1}) => {"a" => 1}, -- 1.6.4