From: Rob Kinyon Date: Fri, 10 Jul 2009 22:03:07 +0000 (+0000) Subject: Applied patch from kados regarding use of a DateTime::Format class to validate X-Git-Tag: v0.08109~88 X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=d6aed6385781443c0a65cacabaa3a4f071d63f88;p=dbsrgits%2FDBIx-Class.git Applied patch from kados regarding use of a DateTime::Format class to validate --- diff --git a/lib/DBIx/Class/InflateColumn/DateTime.pm b/lib/DBIx/Class/InflateColumn/DateTime.pm index 50539d6..25ed7e7 100644 --- a/lib/DBIx/Class/InflateColumn/DateTime.pm +++ b/lib/DBIx/Class/InflateColumn/DateTime.pm @@ -51,6 +51,14 @@ It's also possible to explicitly skip inflation: starts_when => { data_type => 'datetime', inflate_datetime => 0 } ); +NOTE: Don't rely on C to validate user input, this +may have unexpected security implications. Instead, use an input parser to +create a DateTime object. For instance, if your user input comes as a +'YYYY-MM-DD' string, you can use C thusly: + + use DateTime::Format::ISO8601; + my $dt = DateTime::Format::ISO8601->parse_datetime('YYYY-MM-DD'); + =head1 DESCRIPTION This module figures out the type of DateTime::Format::* class to