WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Throw notices when invalid date values are passed to WP_Date_Query. 

`_doing_it_wrong()` notices are now generated when passing out-of-range values
(`month=13`) or invalid dates (`2014-02-29`).

Includes unit tests.

Props ChriCo.
Fixes #25834.
Built from https://develop.svn.wordpress.org/trunk@29925


git-svn-id: http://core.svn.wordpress.org/trunk@29677 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Boone Gorges 2014-10-16 20:12:18 +00:00
parent e3e1433e9a
commit cac92b2876
1 changed files with 188 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

188
wp-includes/date.php
View File

@ -6,6 +6,10 @@
* to filter their results by date columns, by generating `WHERE` subclauses to be attached * to filter their results by date columns, by generating `WHERE` subclauses to be attached
* to the primary SQL query string. * to the primary SQL query string.
* *
* Attempting to filter by an invalid date value (eg month=13) will generate SQL that will
* return no results. In these cases, a _doing_it_wrong() error notice is also thrown.
* See {@link WP_Date_Query::validate_date_values()}.
*
* @link http://codex.wordpress.org/Function_Reference/WP_Query Codex page. * @link http://codex.wordpress.org/Function_Reference/WP_Query Codex page.
* *
* @since 3.7.0 * @since 3.7.0
@ -201,6 +205,11 @@ class WP_Date_Query {
} }
} }
// Validate the dates passed in the query.
if ( $this->is_first_order_clause( $queries ) ) {
$this->validate_date_values( $queries );
}
foreach ( $queries as $key => $q ) { foreach ( $queries as $key => $q ) {
if ( ! is_array( $q ) || in_array( $key, $this->time_keys, true ) ) { if ( ! is_array( $q ) || in_array( $key, $this->time_keys, true ) ) {
// This is a first-order query. Trust the values and sanitize when building SQL. // This is a first-order query. Trust the values and sanitize when building SQL.
@ -244,6 +253,185 @@ class WP_Date_Query {
return $this->compare; return $this->compare;
} }
/**
* Validates the given date_query values and triggers errors if something is not valid.
*
* Note that date queries with invalid date ranges are allowed to
* continue (though of course no items will be found for impossible dates).
* This method only generates debug notices for these cases.
*
* @since 4.1.0
* @access public
*
* @param array $date_query The date_query array.
* @return bool True if all values in the query are valid, false if one or more fail.
*/
public function validate_date_values( $date_query = array() ) {
if ( empty( $date_query ) ) {
return false;
}
$valid = true;
/*
* Validate 'before' and 'after' up front, then let the
* validation routine continue to be sure that all invalid
* values generate errors too.
*/
if ( array_key_exists( 'before', $date_query ) && is_array( $date_query['before'] ) ){
$valid = $this->validate_date_values( $date_query['before'] );
}
if ( array_key_exists( 'after', $date_query ) && is_array( $date_query['after'] ) ){
$valid = $this->validate_date_values( $date_query['after'] );
}
// Message template for the min-max-check.
/* translators: Date query invalid date message: 1: invalid value, 2: type of value, 3: minimum valid value, 4: maximum valid value */
$min_max_msg = __( 'Invalid value <code>%1$s</code> for <strong>%2$s</strong>. Excepted value should between <code>%3$d</code> and </code>%4$d</code>.' );
// Array containing all min-max checks.
$min_max_checks = array();
// Days per year.
if ( array_key_exists( 'year', $date_query ) ) {
// If a year exists in the date query, we can use it to get the days.
$max_days_of_year = date( 'z', mktime( 0, 0, 0, 12, 31, $date_query['year'] ) ) + 1;
} else {
// otherwise we use the max of 366 (leap-year)
$max_days_of_year = 366;
}
$min_max_checks['dayofyear'] = array(
'min' => 1,
'max' => $max_days_of_year
);
// Days per week.
$min_max_checks['dayofweek'] = array(
'min' => 1,
'max' => 7
);
// Months per year.
$min_max_checks['month'] = array(
'min' => 1,
'max' => 12
);
// Weeks per year.
if ( array_key_exists( 'year', $date_query ) ) {
// If we have a specific year, use it to calculate number of weeks.
$date = new DateTime();
$date->setISODate( $date_query['year'], 53 );
$week_count = $date->format( "W" ) === "53" ? 53 : 52;
} else {
// Otherwise set the week-count to a maximum of 53.
$week_count = 53;
}
$min_max_checks['week'] = array(
'min' => 1,
'max' => $week_count
);
// Days per month.
$min_max_checks['day'] = array(
'min' => 1,
'max' => 31
);
// Hours per day.
$min_max_checks['hour'] = array(
'min' => 1,
'max' => 23
);
// Minutes per hour.
$min_max_checks['minute'] = array(
'min' => 0,
'max' => 59
);
// Seconds per minute.
$min_max_checks['second'] = array(
'min' => 0,
'max' => 59
);
// Concatenate and throw a notice for each invalid value.
foreach ( $min_max_checks as $key => $check ) {
if ( ! array_key_exists( $key, $date_query ) ) {
continue;
}
$is_between = $date_query[ $key ] >= $check['min'] && $date_query[ $key ] <= $check['max'];
if ( ! $is_between ) {
$error = sprintf(
$min_max_msg,
esc_html( $date_query[ $key ] ),
$key,
$check['min'],
$check['max']
);
_doing_it_wrong( __CLASS__, $error, '4.1.0' );
$valid = false;
}
}
// If we already have invalid date messages, don't bother running through checkdate().
if ( ! $valid ) {
return $valid;
}
$day_month_year_error_msg = '';
$day_exists = array_key_exists( 'day', $date_query ) && is_numeric( $date_query['day'] );
$month_exists = array_key_exists( 'month', $date_query ) && is_numeric( $date_query['month'] );
$year_exists = array_key_exists( 'year', $date_query ) && is_numeric( $date_query['year'] );
if ( $day_exists && $month_exists && $year_exists ) {
// 1. Checking day, month, year combination.
if ( ! checkdate( $date_query['month'], $date_query['day'], $date_query['year'] ) ) {
/* translators: 1: year, 2: month, 3: day of month */
$day_month_year_error_msg = sprintf(
__( 'The following values do not describe a valid date: year <code>%1$s</code>, month <code>%2$s</code>, day <code>%3$s</code>.' ),
esc_html( $date_query['year'] ),
esc_html( $date_query['month'] ),
esc_html( $date_query['day'] )
);
$valid = false;
}
} else if ( $day_exists && $month_exists ) {
/*
* 2. checking day, month combination
* We use 2012 because, as a leap year, it's the most permissive.
*/
if ( ! checkdate( $date_query['month'], $date_query['day'], 2012 ) ) {
/* translators: 1: month, 2: day of month */
$day_month_year_error_msg = sprintf(
__( 'The following values do not describe a valid date: month <code>%1$d</code>, day <code>%2$d</code>.' ),
esc_html( $date_query['month'] ),
esc_html( $date_query['day'] )
);
$valid = false;
}
}
if ( ! empty( $day_month_year_error_msg ) ) {
_doing_it_wrong( __CLASS__, $day_month_year_error_msg, '4.1.0' );
}
return $valid;
}
/** /**
* Validates a column name parameter. * Validates a column name parameter.
* *