Recipients of a timestamp value in rfc850-date format, which uses a
two-digit year, MUST interpret a timestamp that appears to be more
than 50 years in the future as representing the most recent year in
the past that had the same last two digits.
The `< 70` is incorrect, and should have been `< 50`. I inserted a diff
that applies.
--
Ticket URL: <https://code.djangoproject.com/ticket/28690>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
* Attachment "parse-http-date-year.patch" added.
* component: Uncategorized => Utilities
* stage: Unreviewed => Accepted
Comment:
Accepted, however I don't think your patch is correct. The check should be
relative to the current year, if I read the RFC quote correctly.
--
Ticket URL: <https://code.djangoproject.com/ticket/28690#comment:1>
* status: new => assigned
* owner: nobody => Baguage
--
Ticket URL: <https://code.djangoproject.com/ticket/28690#comment:2>
* has_patch: 0 => 1
Comment:
Created a pull request: Created a pull request:
https://github.com/django/django/pull/9214
--
Ticket URL: <https://code.djangoproject.com/ticket/28690#comment:3>
* stage: Accepted => Ready for checkin
--
Ticket URL: <https://code.djangoproject.com/ticket/28690#comment:4>
* stage: Ready for checkin => Accepted
Comment:
Still some suggested edits on the PR.
--
Ticket URL: <https://code.djangoproject.com/ticket/28690#comment:5>
* needs_better_patch: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/28690#comment:6>
* needs_better_patch: 1 => 0
Comment:
I added regression test that fails with old code
(test_parsing_rfc850_year_69), updated commit message to hopefully follow
the guidelines, and added additional comments about the change. Squashed
commits as well.
Could you review the pull request again?
--
Ticket URL: <https://code.djangoproject.com/ticket/28690#comment:7>
* needs_better_patch: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/28690#comment:8>
* needs_better_patch: 1 => 0
Comment:
sent new pull request
--
Ticket URL: <https://code.djangoproject.com/ticket/28690#comment:9>
* needs_better_patch: 0 => 1
Comment:
This is awaiting for changes from Tim's feedback on PR.
(Please uncheck "Patch needs improvement" again when that's done. 🙂)
--
Ticket URL: <https://code.djangoproject.com/ticket/28690#comment:10>
Comment (by Tameesh Biswas):
As this issue hasn't received any updates in the last 6 months, may I work
on this ticket?
--
Ticket URL: <https://code.djangoproject.com/ticket/28690#comment:11>
* status: assigned => new
* owner: Alexander Vyushkov => (none)
Comment:
Go for it, I don't think I will have time to finish it.
--
Ticket URL: <https://code.djangoproject.com/ticket/28690#comment:12>
* status: new => assigned
* owner: (none) => Tameesh Biswas
Comment:
Thanks, I'll open pick up from where you left off in the PR and make the
recommended changes on a new PR.
--
Ticket URL: <https://code.djangoproject.com/ticket/28690#comment:13>
Comment (by Vishvajit Pathak):
Tameesh Biswas
Are you working on this ?
--
Ticket URL: <https://code.djangoproject.com/ticket/28690#comment:14>
Comment (by Tameesh Biswas):
Yes, I am.
--
Ticket URL: <https://code.djangoproject.com/ticket/28690#comment:15>
Comment (by Tameesh Biswas):
I've just picked up from the previous PR and opened a new PR here:
https://github.com/django/django/pull/10749
It adds regression tests in the first commit that pass without applying
the fix and adds the fix with another test-case that only passes with the
fix applied.
Could you please review the changes?
--
Ticket URL: <https://code.djangoproject.com/ticket/28690#comment:16>
Comment (by Simon Charette):
Tameesh, I left a comment on the PR regarding the use of non-UTC
''today''.
--
Ticket URL: <https://code.djangoproject.com/ticket/28690#comment:17>
* owner: Tameesh Biswas => David Jovanović
Comment:
As an issue haven't received an update for 4 months, I'm taking it over
(djangocon europe 2019 sprint day 1).
--
Ticket URL: <https://code.djangoproject.com/ticket/28690#comment:18>
Comment (by David Jovanović):
Created new PR: https://github.com/django/django/pull/11212
--
Ticket URL: <https://code.djangoproject.com/ticket/28690#comment:19>
* needs_better_patch: 1 => 0
--
Ticket URL: <https://code.djangoproject.com/ticket/28690#comment:20>
Comment (by Tim Bell):
I think an earlier comment by Simon Charette (about using a fixed year in
the tests) still applies to the new PR; I've added it.
--
Ticket URL: <https://code.djangoproject.com/ticket/28690#comment:21>
* needs_better_patch: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/28690#comment:22>
* cc: Ad Timmering (added)
* owner: David Jovanović => Ad Timmering
Old description:
> RFC 850 does not mention this, but in RFC 7231 (and there's something
> similar in RFC 2822), there's the following quote:
>
> Recipients of a timestamp value in rfc850-date format, which uses a
> two-digit year, MUST interpret a timestamp that appears to be more
> than 50 years in the future as representing the most recent year in
> the past that had the same last two digits.
>
> The `< 70` is incorrect, and should have been `< 50`. I inserted a diff
> that applies.
New description:
RFC 850 does not mention this, but in RFC 7231 (and there's something
similar in RFC 2822), there's the following quote:
Recipients of a timestamp value in rfc850-date format, which uses a
two-digit year, MUST interpret a timestamp that appears to be more
than 50 years in the future as representing the most recent year in
the past that had the same last two digits.
Current logic is hard coded to consider 0-69 to be in 2000-2069, and 70-99
to be 1970-1999, instead of comparing versus the current year.
--
Comment:
Taking the liberty to reassign due to inactivity (6 months) and adding a
pull request with revised code and addressing feedback on prior PRs.
Please add give your comments for any concerns:)
--
Ticket URL: <https://code.djangoproject.com/ticket/28690#comment:23>
* needs_better_patch: 1 => 0
--
Ticket URL: <https://code.djangoproject.com/ticket/28690#comment:24>
Comment (by Mariusz Felisiak <felisiak.mariusz@…>):
In [changeset:"7cbd25a06e820cbd1a0bfbc339fb7d9a737c54fa" 7cbd25a]:
{{{
#!CommitTicketReference repository=""
revision="7cbd25a06e820cbd1a0bfbc339fb7d9a737c54fa"
Refs #28690 -- Added more tests for parse_http_date().
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/28690#comment:25>
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"7b5f8acb9e6395a1660dd7bfeb365866ca8ef47c" 7b5f8ac]:
{{{
#!CommitTicketReference repository=""
revision="7b5f8acb9e6395a1660dd7bfeb365866ca8ef47c"
Fixed #28690 -- Fixed handling of two-digit years in parse_http_date().
Due to RFC7231 ayear that appears to be more than 50 years in the
future are interpreted as representing the past.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/28690#comment:26>
Comment (by Mariusz Felisiak <felisiak.mariusz@…>):
In [changeset:"f38655ed1c701ebbaffab15cc6ae56376b9c25ba" f38655e]:
{{{
#!CommitTicketReference repository=""
revision="f38655ed1c701ebbaffab15cc6ae56376b9c25ba"
[3.0.x] Refs #28690 -- Added more tests for parse_http_date().
Backport of 7cbd25a06e820cbd1a0bfbc339fb7d9a737c54fa from master
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/28690#comment:27>
Comment (by Mariusz Felisiak <felisiak.mariusz@…>):
In [changeset:"556d0c08bded4cdeaedd513c4c73dbf05fd8650e" 556d0c0]:
{{{
#!CommitTicketReference repository=""
revision="556d0c08bded4cdeaedd513c4c73dbf05fd8650e"
[3.0.x] Fixed #28690 -- Fixed handling of two-digit years in
parse_http_date().
Due to RFC7231 ayear that appears to be more than 50 years in the
future are interpreted as representing the past.
Backport of 7b5f8acb9e6395a1660dd7bfeb365866ca8ef47c from master
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/28690#comment:28>