2 files changed, 19 insertions, 1 deletions
diff --git a/application/LinkDB.php b/application/LinkDB.php
index a673b086..82763618 100644
--- a/application/LinkDB.php
+++ b/application/LinkDB.php
@@ -375,7 +375,10 @@ You use the community supported version of the original Shaarli project, by Seba
     */
    public function filterDay($day)
    {
-        // TODO: check input format
+        if (! checkDateFormat('Ymd', $day)) {
+            throw new Exception('Invalid date format');
+        }
        $filtered = array();
        foreach ($this->links as $l) {
            if (startsWith($l['linkdate'], $day)) {
diff --git a/application/Utils.php b/application/Utils.php
index 82220bfc..a1e97b35 100644
--- a/application/Utils.php
+++ b/application/Utils.php
@@ -69,4 +69,19 @@ function sanitizeLink(&$link)
    $link['description'] = escape($link['description']);
    $link['tags'] = escape($link['tags']);
 }
+/**
+ * Checks if a string represents a valid date
+ *
+ * @param string        a string-formatted date
+ * @param format        the expected DateTime format of the string
+ * @return              whether the string is a valid date
+ * @see                 http://php.net/manual/en/class.datetime.php
+ * @see                 http://php.net/manual/en/datetime.createfromformat.php
+ */
+function checkDateFormat($format, $string)
+{
+    $date = DateTime::createFromFormat($format, $string);
+    return $date && $date->format($string) == $string;
+}
 ?>

diff --git a/application/LinkDB.php b/application/LinkDB.php index a673b086..82763618 100644 --- a/application/LinkDB.php +++ b/application/LinkDB.php
@@ -375,7 +375,10 @@ You use the community supported version of the original Shaarli project, by Seba
375	*/	375	*/
376	public function filterDay($day)	376	public function filterDay($day)
377	{	377	{
378	// TODO: check input format	378	if (! checkDateFormat('Ymd', $day)) {
		379	throw new Exception('Invalid date format');
		380	}
		381
379	$filtered = array();	382	$filtered = array();
380	foreach ($this->links as $l) {	383	foreach ($this->links as $l) {
381	if (startsWith($l['linkdate'], $day)) {	384	if (startsWith($l['linkdate'], $day)) {


diff --git a/application/Utils.php b/application/Utils.php index 82220bfc..a1e97b35 100644 --- a/application/Utils.php +++ b/application/Utils.php
@@ -69,4 +69,19 @@ function sanitizeLink(&$link)
69	$link['description'] = escape($link['description']);	69	$link['description'] = escape($link['description']);
70	$link['tags'] = escape($link['tags']);	70	$link['tags'] = escape($link['tags']);
71	}	71	}
		72
		73	/**
		74	* Checks if a string represents a valid date
		75	*
		76	* @param string a string-formatted date
		77	* @param format the expected DateTime format of the string
		78	* @return whether the string is a valid date
		79	* @see http://php.net/manual/en/class.datetime.php
		80	* @see http://php.net/manual/en/datetime.createfromformat.php
		81	*/
		82	function checkDateFormat($format, $string)
		83	{
		84	$date = DateTime::createFromFormat($format, $string);
		85	return $date && $date->format($string) == $string;
		86	}
72	?>	87	?>