From: Rob Kinyon <rkinyon@cpan.org>
Date: Fri, 10 Jul 2009 22:03:07 +0000 (+0000)
Subject: Applied patch from kados regarding use of a DateTime::Format class to validate
X-Git-Tag: v0.08109~88
X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=d6aed6385781443c0a65cacabaa3a4f071d63f88;p=dbsrgits%2FDBIx-Class.git

Applied patch from kados regarding use of a DateTime::Format class to validate
---

diff --git a/lib/DBIx/Class/InflateColumn/DateTime.pm b/lib/DBIx/Class/InflateColumn/DateTime.pm
index 50539d6..25ed7e7 100644
--- a/lib/DBIx/Class/InflateColumn/DateTime.pm
+++ b/lib/DBIx/Class/InflateColumn/DateTime.pm
@@ -51,6 +51,14 @@ It's also possible to explicitly skip inflation:
     starts_when => { data_type => 'datetime', inflate_datetime => 0 }
   );
 
+NOTE: Don't rely on C<InflateColumn::DateTime> to validate user input, this
+may have unexpected security implications. Instead, use an input parser to
+create a DateTime object. For instance, if your user input comes as a
+'YYYY-MM-DD' string, you can use C<DateTime::Format::ISO8601> thusly:
+
+  use DateTime::Format::ISO8601;
+  my $dt = DateTime::Format::ISO8601->parse_datetime('YYYY-MM-DD');
+
 =head1 DESCRIPTION
 
 This module figures out the type of DateTime::Format::* class to