From bfedaca1f82bb54e95163c44f16582b67cd29ac1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= <fpeters@entrouvert.com>
Date: Mon, 21 Dec 2015 12:10:10 +0100
Subject: [PATCH] api: do not fail on invalid timestamp value (#9412)

---
 wcs/api.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/wcs/api.py b/wcs/api.py
index c70dee7..315fb3b 100644
--- a/wcs/api.py
+++ b/wcs/api.py
@@ -67,9 +67,12 @@ def is_url_signed():
     timestamp = get_request().form.get('timestamp')
     if not isinstance(timestamp, basestring):
         raise AccessForbiddenError('missing/multiple timestamp field')
-    delta = (datetime.datetime.utcnow().replace(tzinfo=None) -
-             datetime.datetime.strptime(timestamp,
-                     '%Y-%m-%dT%H:%M:%SZ'))
+    try:
+        delta = (datetime.datetime.utcnow().replace(tzinfo=None) -
+                 datetime.datetime.strptime(timestamp,
+                         '%Y-%m-%dT%H:%M:%SZ'))
+    except ValueError:
+        raise AccessForbiddenError('invalid timestamp field')
     MAX_DELTA = 30
     if abs(delta) > datetime.timedelta(seconds=MAX_DELTA):
         raise AccessForbiddenError('timestamp delta is more '
-- 
2.6.4