Merged in [12334] from rcross@amsl.com:

Fix parameter validations in meeting.views.ajax_get_utc(). Fixes 2023. Also fix pyflakes error. - Legacy-Id: 12345 Note: SVN reference [12334] has been migrated to Git commit 38a24b57e9
2016-11-14 05:12:34 +00:00 · 2016-11-14 05:12:34 +00:00 · 7d443357b0
parent aa4a46086a 38a24b57e9
commit 7d443357b0
2 changed files with 6 additions and 1 deletions
--- a/ietf/meeting/tests_views.py
+++ b/ietf/meeting/tests_views.py
@ -1314,6 +1314,11 @@ class AjaxTests(TestCase):
        self.assertEqual(r.status_code, 200)
        data = json.loads(r.content)
        self.assertEqual(data["error"], True)
+        url = urlreverse('ietf.meeting.views.ajax_get_utc') + "?date=2016-1-1&time=10:00am&timezone=UTC"
+        r = self.client.get(url)
+        self.assertEqual(r.status_code, 200)
+        data = json.loads(r.content)
+        self.assertEqual(data["error"], True)
        # test good query
        url = urlreverse('ietf.meeting.views.ajax_get_utc') + "?date=2016-1-1&time=12:00&timezone=US/Pacific"
        r = self.client.get(url)
--- a/ietf/meeting/views.py
+++ b/ietf/meeting/views.py
@ -1616,7 +1616,7 @@ def ajax_get_utc(request):
    time = request.GET.get('time')
    timezone = request.GET.get('timezone')
    date = request.GET.get('date')
-    time_re = re.compile(r'^\d{2}:\d{2}')
+    time_re = re.compile(r'^\d{2}:\d{2}$')
    # validate input
    if not time_re.match(time) or not date:
        return HttpResponse(json.dumps({'error': True}),