From 9186ab95943b7c2467a0f27f30bed9db3c589b9d Mon Sep 17 00:00:00 2001
From: VirtualTam <virtualtam@flibidi.net>
Date: Sat, 27 Jun 2015 14:57:44 +0200
Subject: LinkDB::filterDay(): check input date format

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
---
 application/LinkDB.php |  5 ++++-
 application/Utils.php  | 15 +++++++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

(limited to 'application')

diff --git a/application/LinkDB.php b/application/LinkDB.php
index a673b086..82763618 100644
--- a/application/LinkDB.php
+++ b/application/LinkDB.php
@@ -375,7 +375,10 @@ You use the community supported version of the original Shaarli project, by Seba
      */
     public function filterDay($day)
     {
-        // TODO: check input format
+        if (! checkDateFormat('Ymd', $day)) {
+            throw new Exception('Invalid date format');
+        }
+
         $filtered = array();
         foreach ($this->links as $l) {
             if (startsWith($l['linkdate'], $day)) {
diff --git a/application/Utils.php b/application/Utils.php
index 82220bfc..a1e97b35 100644
--- a/application/Utils.php
+++ b/application/Utils.php
@@ -69,4 +69,19 @@ function sanitizeLink(&$link)
     $link['description'] = escape($link['description']);
     $link['tags'] = escape($link['tags']);
 }
+
+/**
+ * Checks if a string represents a valid date
+ *
+ * @param string        a string-formatted date
+ * @param format        the expected DateTime format of the string
+ * @return              whether the string is a valid date
+ * @see                 http://php.net/manual/en/class.datetime.php
+ * @see                 http://php.net/manual/en/datetime.createfromformat.php
+ */
+function checkDateFormat($format, $string)
+{
+    $date = DateTime::createFromFormat($format, $string);
+    return $date && $date->format($string) == $string;
+}
 ?>
-- 
cgit v1.2.3