fix: raj pravas arrival time shown in 12 hr format with backward comp…

[vendz]

…atiblity

[gemini-code-assist]

Summary of Changes

Hello @vendz, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request primarily focuses on enhancing the display of arrival times within the admin travel booking interface. The formatDateTime utility function has been refactored to present times in a user-friendly 12-hour format with AM/PM indicators, while also ensuring robust backward compatibility for various input formats. Additionally, the PR includes several minor code style improvements and fixes for filter status persistence, contributing to overall code quality and maintainability.

Highlights

• Arrival Time Formatting: The formatDateTime utility function has been updated to display times in a 12-hour format (e.g., "03:30 PM").
• Backward Compatibility for Time Display: The formatDateTime function now intelligently handles both full date-time strings/objects and time-only strings, ensuring existing data is displayed correctly without breaking older formats.
• Code Readability & Consistency: Various minor formatting adjustments, such as consistent use of single quotes, improved indentation, and better line breaking for complex conditions, have been applied across the fetchUpcomingBookings.js file.
• Filter Status Handling: The logic for saving and restoring filter statuses in sessionStorage has been updated to correctly use JSON.stringify and JSON.parse for array values, ensuring filters persist as expected.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request primarily focuses on formatting improvements and updating the formatDateTime function to correctly format arrival times into a 12-hour format, enhancing readability and backward compatibility. However, a security audit identified several high-severity Cross-Site Scripting (XSS) vulnerabilities. These issues stem from the use of innerHTML to render unsanitized data from API endpoints in both the summary and main bookings tables, and an insecure pattern of injecting variables into inline onclick attributes. It is strongly recommended to refactor the table rendering logic to use safer DOM manipulation methods such as textContent and addEventListener. Additionally, for improved code quality and maintainability, please ensure variables are properly declared to avoid global namespace pollution and consider renaming the formatDateTime function to better reflect its updated behavior.

[gemini-code-assist]

The application renders data from the API response directly into the HTML using innerHTML without sanitization. This can lead to Cross-Site Scripting (XSS) if the API returns malicious content in fields like s.destination or displayStatus. It is safer to use textContent with row.insertCell() to populate the table cells.

          row.insertCell().textContent = s.destination;
          row.insertCell().textContent = displayStatus;
          row.insertCell().textContent = s.count;

[gemini-code-assist]

The bookingid is inserted into an onclick attribute using a template literal within an innerHTML assignment. If b.bookingid contains a single quote, it can break out of the attribute and execute arbitrary JavaScript. This is a form of Cross-Site Scripting (XSS). It is highly recommended to avoid inline event handlers and instead use addEventListener on elements created via document.createElement.

[gemini-code-assist]

These variables are being declared without const, let, or var, which makes them global variables attached to the window object. This is generally considered bad practice as it can lead to naming conflicts and unexpected behavior. They should be explicitly declared using const since they are not reassigned.

  const statusDropdown = document.getElementById('status');
  const issueCreditsField = document.getElementById('issueCreditsField');
  const issueCreditsDropdown = document.getElementById('issueCredits');

[gemini-code-assist]

The function name formatDateTime is now misleading as it only formats and returns the time, not the date. For better maintainability, consider renaming it to something like formatTime or formatTime12Hour and updating its call site on line 272.

[Copilot]

Pull request overview

This pull request aims to convert arrival times in the Raj Pravas (travel) booking system from 24-hour format to 12-hour format (with AM/PM) while maintaining backward compatibility. The changes include extensive code formatting updates (converting from double quotes to single quotes, improving indentation and line breaks) and a significant modification to the formatDateTime function.

Changes:

• Modified formatDateTime function to convert times to 12-hour format with AM/PM
• Applied consistent code formatting throughout the file (single quotes, improved indentation)
• Maintained all existing functionality for booking status management and filtering

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The new formatDateTime function only returns the time in 12-hour format, but it no longer returns the date component (day, month, year). The old implementation returned the full date and time in the format "DD-MM-YYYY HH:MM". This is a breaking change that will result in loss of date information in the arrival time column, making it impossible to distinguish between arrival times on different days. The function should include the date portion as well to maintain backward compatibility and display complete information.

Suggested change

	return to12HourTime(dateObj.getHours(), dateObj.getMinutes());
	const day = String(dateObj.getDate()).padStart(2, '0');
	const month = String(dateObj.getMonth() + 1).padStart(2, '0');
	const year = dateObj.getFullYear();
	const hours = String(dateObj.getHours()).padStart(2, '0');
	const minutes = String(dateObj.getMinutes()).padStart(2, '0');
	// Preserve full date information in "DD-MM-YYYY HH:MM" format
	return `${day}-${month}-${year} ${hours}:${minutes}`;

[Copilot]

The regex pattern for time-only detection does not require leading zeros for single-digit hours (it matches two digits exactly with \d{2}). This means times like "9:30" or "8:45" won't match the pattern, even though they might be valid time inputs. Consider making the hour pattern more flexible to match one or two digits: /^(\d{1,2}):(\d{2})(?::(\d{2}))?$/

Suggested change

	const timeOnlyPattern = /^(\d{2}):(\d{2})(?::(\d{2}))?$/;
	const timeOnlyPattern = /^(\d{1,2}):(\d{2})(?::(\d{2}))?$/;

[Copilot]

Unused variable mumbaiPoints.

Suggested change

	const mumbaiPoints = new Set([
	'dadar',
	'dadar (swami narayan temple)',
	'dadar (swaminarayan temple)',
	'amar mahal',
	'airoli',
	'borivali',
	'vile parle (sahara star)',
	'airport terminal 1',
	'airport terminal 2',
	'railway station (bandra terminus)',
	'railway station (kurla terminus)',
	'railway station (ltt - kurla)',
	'railway station (csmt)',
	'railway station (mumbai central)',
	'mullund',
	'mulund',
	'airport t1',
	'airport t2',
	'other',
	'other (enter location in comments)',
	'railway station (ltt - kurla)',
	'vile parle (sahara star hotel)',
	'full car booking',
	'dadar (pritam hotel)',
	'borivali (indraprasth shopping centre)',
	'dadar (pritam da dhaba)',
	'mulund (sarvoday nagar)'
	]);