logo       
<prev   next>

[jira] Created: (XERCESJ-1271) org.apache.xerces.impl.dv.xs.AbstractDateTim: msg#00019

Subject: [jira] Created: (XERCESJ-1271) org.apache.xerces.impl.dv.xs.AbstractDateTimeDV.getDate() wrongly validates xsd:dateTime data 2007-02-201T11:01:53.111Z 
org.apache.xerces.impl.dv.xs.AbstractDateTimeDV.getDate() wrongly validates 
xsd:dateTime data 2007-02-201T11:01:53.111Z
-----------------------------------------------------------------------------------------------------------------------

                 Key: XERCESJ-1271
                 URL: https://issues.apache.org/jira/browse/XERCESJ-1271
             Project: Xerces2-J
          Issue Type: Bug
          Components: XML Schema Datatypes
         Environment: All
            Reporter: Rajeev Misra


ISO Standards says that xsd:dateTime should be in the form of

  [-]CCYY-MM-DDThh:mm:ss[Z|(+|-)hh:mm]

There is a bug in the implementation of 
org.collaxa.thirdparty.apache.xerces.impl.dv.xs.AbstractDateTimeDV.getDate(String
 buffer, int start, int end, int[] date) method which parses
 2007-02-201T11:01:53.111Z and validates it as a valid xsd:dateTime.

>From  DateTimeDV.parse()  we pass 2007-02-201T11:01:53.111Z in buffer and 
>"end" is index of 'T' which is 11, and start =0 to 
>AbstractDateTimeDV.getDate() function.

Now in getDate() we assume that Date is either in form "-CCYY-MM-DD" or in form 
of "CCYY-MM-DD", This assumption allows getDate() method to parse 
2007-02-201T11:01:53.111Z and return  2007-02-20,  and 2007-02-20 is valid  
date, but  2007-02-201T11:01:53.111Z is not a valid (2007-02-201 is not valid
 date) xsd:dateTime. As per standard '2007-02-201T' is invalid data, we can 
have only two char 'DD' just before 'T' and after CCYY-MM-.
 
Right now in code we are ignoring all data that comes after CCYY-MM-DD and 
before 'T' because we have already assumed that user is passing 2 char DD data 
just before 'T' and after CCYY-MM- which is not true,
 
 This means 2007-02-201T11:01:53.111Z, or "2007-02-2011111T11:01:53.111Z", or 
"2007-02-20garbagedataT11:01:53.111Z" (all invalid xsd:dateTime) are parsed
 as 2007-02-20 and accepted as valid xsd:dateTime.

-----------------------------------------------------------------------------------------------------

Solution is simple, we should check if "stop" variable and "end" are pointing 
to index of 'T' or not. ie.

Change the implementation as
------------------------------------------
        protected int getDate (String buffer, int start, int end, DateTimeData 
date) throws RuntimeException{
                
                start = getYearMonth(buffer, start, end, date);
                
                if (buffer.charAt(start++) !='-') {
                        throw new RuntimeException("CCYY-MM must be followed by 
'-' sign");
                }
                int stop = start + 2;
                /* proposed change to invalidate  2007-02-201T11:01:53.111Z  
and similar invalide xsd:dateTime*/
                if( end != stop)
                {
                        throw new RuntimeException("CCYY-MM-DDT must have 2 
char DD");
                }
                date.day=parseInt(buffer, start, stop);
                return stop;
        }
----------------------------------------------------------

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ANNOUNCEMENT]: Xerces-J 2.9.1 now available, Michael Glavassevich
Next by Date:  [jira] Resolved: (XERCESJ-1271) org.apache.xerces.impl.dv.xs.AbstractDateTimeDV.getDate() wrongly validates xsd:dateTime data 2007-02-201T11:01:53.111Z, Michael Glavassevich (JIRA)
Previous by Thread:  [ANNOUNCEMENT]: Xerces-J 2.9.1 now available, Michael Glavassevich
Next by Thread:  [jira] Resolved: (XERCESJ-1271) org.apache.xerces.impl.dv.xs.AbstractDateTimeDV.getDate() wrongly validates xsd:dateTime data 2007-02-201T11:01:53.111Z, Michael Glavassevich (JIRA)
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
Recently Viewed:
boot-loaders.gr...    php.pear.genera...    debugging.valgr...    kde.redhat.user...    text.xml.xsl.ge...    culture.languag...    hardware.microc...    java.servicemix...    redhat.release....    web.zope.plone....    user-groups.lin...    opendarwin.webk...    video.mjpeg.use...    sysutils.bcfg2....    encryption.gpg....    lx-office.devel...    xfree86.forum/2...    mail.mutt.devel...    acpi.devel/2003...    qnx.openqnx.dev...    network.irc.irs...    freebsd.devel.m...   
Home | blog view | USPTO Patent Archive | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe