#35857: django.utils.timesince.timesince incorrectly handles daylight saving
time
-------------------------------------+-------------------------------------
Reporter: Frank Sauerburger | Type:
| Uncategorized
Status: new | Component:
| Uncategorized
Version: 5.0 | Severity: Normal
Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
timesince computes the time elapsed between two datetimes (d and now) and
returns it as a human readable string. The function is intended to show
the elapsed time from a user perspective (sitting with a stopwatch in
front of the computer). timesince relies on Python's timezone arithmetic,
however, there are subtle implementation details for intra- and inter-
timezone calculations. See
* Discussion about the topic:
https://github.com/python/cpython/issues/116111
* Quiz to illustrate subtle examples: https://quiz.sauerburger.com/dxi7m/
Consider the following example around the daylight saving time transition
next weekend in Europe. We start at a point in time a, ten minutes later
we have a_10, and another 60 minutes later we have a_70.
{{{
from zoneinfo import ZoneInfo
from datetime import datetime
from django.utils.timesince import timesince
berlin = ZoneInfo("Europe/Berlin")
a = datetime(2024, 10, 27, 2, 55, tzinfo=berlin)
a_10 = datetime(2024, 10, 27, 2, 5, fold=1, tzinfo=berlin)
a_70 = datetime(2024, 10, 27, 3, 5, tzinfo=berlin)
assert a.isoformat() == '2024-10-27T02:55:00+02:00'
assert a_10.isoformat() == '2024-10-27T02:05:00+01:00'
assert a_70.isoformat() == '2024-10-27T03:05:00+01:00'
assert timesince(a, a_10) == '0\xa0minutes'
assert timesince(a, a_70) == '10\xa0minutes'
}}}
My expectation is that timesince(a, a_10) yields 10 minutes and
timesince(a, a_70) yields 70 minutes aligned with what a user with a
stopwatch would observe.
I think this can lead to a lot of unexpected behavior in web applications
around the DST transition and maybe even exploitable behavior.
--
Ticket URL: <https://code.djangoproject.com/ticket/35857>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/01070192b2b506c0-4b5c8786-6ab4-41dd-b4b6-2f6c07447322-000000%40eu-central-1.amazonses.com.
