projects / dbsrgits/DBIx-Class.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw (from parent 1: f27af22)
Applied patch from kados regarding use of a DateTime::Format class to validate
Rob Kinyon [Fri, 10 Jul 2009 22:03:07 +0000 (22:03 +0000)]
lib/DBIx/Class/InflateColumn/DateTime.pm patch | blob | blame | history

diff --git a/lib/DBIx/Class/InflateColumn/DateTime.pm b/lib/DBIx/Class/InflateColumn/DateTime.pm
index 50539d6..25ed7e7 100644 (file)
--- a/lib/DBIx/Class/InflateColumn/DateTime.pm
+++ b/lib/DBIx/Class/InflateColumn/DateTime.pm
@@ -51,6 +51,14 @@ It's also possible to explicitly skip inflation:
     starts_when => { data_type => 'datetime', inflate_datetime => 0 }
   );
 
+NOTE: Don't rely on C<InflateColumn::DateTime> to validate user input, this
+may have unexpected security implications. Instead, use an input parser to
+create a DateTime object. For instance, if your user input comes as a
+'YYYY-MM-DD' string, you can use C<DateTime::Format::ISO8601> thusly:
+
+  use DateTime::Format::ISO8601;
+  my $dt = DateTime::Format::ISO8601->parse_datetime('YYYY-MM-DD');
+
 =head1 DESCRIPTION
 
 This module figures out the type of DateTime::Format::* class to 
The Perl ORM (dbsrgits@git.shadowcat.co.uk:DBIx-Class.git)