Opened 6 weeks ago

Last modified 4 weeks ago

#28690 assigned Bug

django.utils.http.parse_http_date two digit year check is incorrect

Reported by: Mads Jensen Owned by: Alexander Vyushkov
Component: Utilities Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: yes UI/UX: no

Description

RFC 850 does not mention this, but in RFC 7231 (and there's something similar in RFC 2822), there's the following quote:

Recipients of a timestamp value in rfc850-date format, which uses a
two-digit year, MUST interpret a timestamp that appears to be more
than 50 years in the future as representing the most recent year in
the past that had the same last two digits.

The < 70 is incorrect, and should have been < 50. I inserted a diff that applies.

Attachments (1)

parse-http-date-year.patch (2.1 KB) - added by Mads Jensen 6 weeks ago.

Download all attachments as: .zip

Change History (7)

Changed 6 weeks ago by Mads Jensen

Attachment: parse-http-date-year.patch added

comment:1 Changed 6 weeks ago by Claude Paroz

Component: UncategorizedUtilities
Triage Stage: UnreviewedAccepted

Accepted, however I don't think your patch is correct. The check should be relative to the current year, if I read the RFC quote correctly.

comment:2 Changed 6 weeks ago by Alexander Vyushkov

Owner: changed from nobody to Alexander Vyushkov
Status: newassigned

comment:3 Changed 6 weeks ago by Alexander Vyushkov

Has patch: set

Created a pull request: Created a pull request: https://github.com/django/django/pull/9214

comment:4 Changed 5 weeks ago by Levi Payne

Triage Stage: AcceptedReady for checkin

comment:5 Changed 5 weeks ago by Levi Payne

Triage Stage: Ready for checkinAccepted

Still some suggested edits on the PR.

comment:6 Changed 4 weeks ago by Tim Graham

Patch needs improvement: set
Note: See TracTickets for help on using tickets.
Back to Top