Permalink
Browse files

Fixed XSS spoil

  • Loading branch information...
1 parent 42bac33 commit 3913325772ce95af889615ce8c126bc2f41a5db2 @keul keul committed Mar 21, 2012
Showing with 2 additions and 1 deletion.
  1. +2 −1 dateable/chronos/utils.py
@@ -1,4 +1,5 @@
import calendar
+import re
from datetime import date
@@ -15,7 +16,7 @@ def get_view_day(request):
if 'date' in request.form:
# A new date was passed in. Switch date:
date_str = request.form['date']
- if not date_str:
+ if not date_str or not re.match(r"^\d{4}-\d{2}-\d{2}$", date_str):
# The string as empty: Return today.
return date.today()
year, month, day = date_str.split('-')

0 comments on commit 3913325

Please sign in to comment.