From 38a24b57e9028609bec004138dfb6f4cc24502c7 Mon Sep 17 00:00:00 2001 From: Ryan Cross Date: Sat, 12 Nov 2016 07:59:52 +0000 Subject: [PATCH] Fix parameter validations in meeting.views.ajax_get_utc(). Fixes 2023. Also fix pyflakes error. Commit ready for merge - Legacy-Id: 12334 --- ietf/meeting/tests_views.py | 5 +++++ ietf/meeting/views.py | 3 +-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ietf/meeting/tests_views.py b/ietf/meeting/tests_views.py index 25867fed2..a2916e029 100644 --- a/ietf/meeting/tests_views.py +++ b/ietf/meeting/tests_views.py @@ -1290,6 +1290,11 @@ class AjaxTests(TestCase): self.assertEqual(r.status_code, 200) data = json.loads(r.content) self.assertEqual(data["error"], True) + url = urlreverse('ietf.meeting.views.ajax_get_utc') + "?date=2016-1-1&time=10:00am&timezone=UTC" + r = self.client.get(url) + self.assertEqual(r.status_code, 200) + data = json.loads(r.content) + self.assertEqual(data["error"], True) # test good query url = urlreverse('ietf.meeting.views.ajax_get_utc') + "?date=2016-1-1&time=12:00&timezone=US/Pacific" r = self.client.get(url) diff --git a/ietf/meeting/views.py b/ietf/meeting/views.py index 166191baa..9963a05d0 100644 --- a/ietf/meeting/views.py +++ b/ietf/meeting/views.py @@ -1603,7 +1603,7 @@ def ajax_get_utc(request): time = request.GET.get('time') timezone = request.GET.get('timezone') date = request.GET.get('date') - time_re = re.compile(r'^\d{2}:\d{2}') + time_re = re.compile(r'^\d{2}:\d{2}$') # validate input if not time_re.match(time) or not date: return HttpResponse(json.dumps({'error': True}), @@ -1676,7 +1676,6 @@ def interim_skip_announcement(request, number): first announcing. Only applicable to IRTF groups. ''' meeting = get_object_or_404(Meeting, number=number) - group = meeting.session_set.first().group if request.method == 'POST': meeting.session_set.update(status_id='sched')