Better date validation, do not redirect if form has errors

Now, in addition to checking that the date has the correct format (YYYY-MM) we also check to make sure the date is in the future and the month is in the range 01 to 12. This fixes the problem where users were seeing a 500 server error after entering invalid values for the month when entering their credit card info. This change also fixes a problem where the form was redirecting even if there were validation errors, leading the user to believe their authorization was successful when it wasn't.
2026-01-27 07:48:16 -05:00 · 2012-06-11 15:35:35 -07:00
parent cf8b55274c
commit 1a423aa5ad
2 changed files with 25 additions and 5 deletions
--- a/r2/r2/controllers/promotecontroller.py
+++ b/r2/r2/controllers/promotecontroller.py
@@ -416,6 +416,7 @@ class PromoteController(ListingController):
    def POST_update_pay(self, form, jquery, link, indx, customer_id, pay_id,
                        edit, address, creditcard):
        address_modified = not pay_id or edit
+        form_has_errors = False
        if address_modified:
            if (form.has_errors(["firstName", "lastName", "company", "address",
                                 "city", "state", "zip",
@@ -423,13 +424,13 @@ class PromoteController(ListingController):
                                errors.BAD_ADDRESS) or
                form.has_errors(["cardNumber", "expirationDate", "cardCode"],
                                errors.BAD_CARD)):
-                pass
+                form_has_errors = True
            elif g.authorizenetapi:
                pay_id = edit_profile(c.user, address, creditcard, pay_id)
            else:
                pay_id = 1
        # if link is in use or finished, don't make a change
-        if pay_id:
+        if pay_id and not form_has_errors:
            # valid bid and created or existing bid id.
            # check if already a transaction
            if g.authorizenetapi:
--- a/r2/r2/controllers/validator/validator.py
+++ b/r2/r2/controllers/validator/validator.py
@@ -1638,15 +1638,34 @@ class ValidCard(Validator):
                            dict(message=msg), field = field)

    def run(self, cardNumber, expirationDate, cardCode):
+        has_errors = False
+
        if not self.valid_ccn.match(cardNumber or ""):
            self.set_error(_("credit card numbers should be 13 to 16 digits"),
                           "cardNumber")
-        elif not self.valid_date.match(expirationDate or ""):
+            has_errors = True
+        
+        if not self.valid_date.match(expirationDate or ""):
            self.set_error(_("dates should be YYYY-MM"), "expirationDate")
-        elif not self.valid_ccv.match(cardCode or ""):
+            has_errors = True
+        else:
+            now = datetime.now()
+            yyyy, mm = expirationDate.split("-")
+            year = int(yyyy)
+            month = int(mm)
+            if month < 1 or month > 12:
+                self.set_error(_("month must be in the range 01..12"), "expirationDate")
+                has_errors = True
+            elif datetime(year, month, now.day) < now:
+                self.set_error(_("expiration date must be in the future"), "expirationDate")
+                has_errors = True
+
+        if not self.valid_ccv.match(cardCode or ""):
            self.set_error(_("card verification codes should be 3 or 4 digits"),
                           "cardCode")
-        else:
+            has_errors = True
+
+        if not has_errors:
            return CreditCard(cardNumber = cardNumber,
                              expirationDate = expirationDate,
                              cardCode = cardCode)