[Bast-commits] r7029 - DBIx-Class/0.08/trunk/lib/DBIx/Class/InflateColumn

Fri Jul 10 22:03:07 GMT 2009

Author: robkinyon
Date: 2009-07-10 22:03:07 +0000 (Fri, 10 Jul 2009)
New Revision: 7029

Modified:
   DBIx-Class/0.08/trunk/lib/DBIx/Class/InflateColumn/DateTime.pm
Log:
Applied patch from kados regarding use of a DateTime::Format class to validate

Modified: DBIx-Class/0.08/trunk/lib/DBIx/Class/InflateColumn/DateTime.pm
===================================================================

--- DBIx-Class/0.08/trunk/lib/DBIx/Class/InflateColumn/DateTime.pm	2009-07-10 21:59:31 UTC (rev 7028)
+++ DBIx-Class/0.08/trunk/lib/DBIx/Class/InflateColumn/DateTime.pm	2009-07-10 22:03:07 UTC (rev 7029)
@@ -51,6 +51,14 @@
     starts_when => { data_type => 'datetime', inflate_datetime => 0 }
   );
 
+NOTE: Don't rely on C<InflateColumn::DateTime> to validate user input, this
+may have unexpected security implications. Instead, use an input parser to
+create a DateTime object. For instance, if your user input comes as a
+'YYYY-MM-DD' string, you can use C<DateTime::Format::ISO8601> thusly:
+
+  use DateTime::Format::ISO8601;
+  my $dt = DateTime::Format::ISO8601->parse_datetime('YYYY-MM-DD');
+
 =head1 DESCRIPTION
 
 This module figures out the type of DateTime::Format::* class to 


