From a6408d81fc7fa26b41202d22012aa0e38acb480e Mon Sep 17 00:00:00 2001
From: Tyler Lemburg <trlemburg@gmail.com>
Date: Thu, 11 Aug 2016 13:37:09 -0500
Subject: [PATCH] Recurs until date is max 1 year in the future

---
 routes/resources.rb | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/routes/resources.rb b/routes/resources.rb
index 5e3b7da..9759c3b 100644
--- a/routes/resources.rb
+++ b/routes/resources.rb
@@ -220,7 +220,16 @@ post '/:service_space_url_name/resources/:resource_id/reserve/?' do
 	end
 
 	if params.checked?('recurring')
-		recurs_until_date = Time.strptime(params[:recurs_until_date], '%m/%d/%Y').midnight.in_time_zone
+		begin
+			recurs_until_date = Time.strptime(params[:recurs_until_date], '%m/%d/%Y').midnight.in_time_zone
+		rescue
+			recurs_until_date = nil
+		end
+
+		if recurs_until_date.nil? || recurs_until_date - 365.days > Time.now || recurs_until_date < start_time.midnight.in_time_zone
+			flash :error, 'Invalid Recurs Until Date', 'Your recurs-until date must be less than a year in the future.'
+			redirect back
+		end
 
 		# use the recurring type to increment the date here
 		starts = []
-- 
GitLab