Changeset 29925 for trunk/src/wp-includes/date.php

Timestamp:

10/16/2014 08:11:13 PM (11 years ago)

Author:

boonebgorges

Message:

Throw notices when invalid date values are passed to WP_Date_Query.

_doing_it_wrong() notices are now generated when passing out-of-range values
(month=13) or invalid dates (2014-02-29).

Includes unit tests.

Props ChriCo.
Fixes #25834.

File:

• trunk/src/wp-includes/date.php (modified) (3 diffs)

trunk/src/wp-includes/date.php

@@ -6 +6 @@
  * to filter their results by date columns, by generating `WHERE` subclauses to be attached
  * to the primary SQL query string.
+ *
+ * Attempting to filter by an invalid date value (eg month=13) will generate SQL that will
+ * return no results. In these cases, a _doing_it_wrong() error notice is also thrown.
+ * See {@link WP_Date_Query::validate_date_values()}.
  *
  * @link http://codex.wordpress.org/Function_Reference/WP_Query Codex page.
@@ -202 +206 @@
         }
 
+        // Validate the dates passed in the query.
+        if ( $this->is_first_order_clause( $queries ) ) {
+            $this->validate_date_values( $queries );
+        }
+
         foreach ( $queries as $key => $q ) {
             if ( ! is_array( $q ) || in_array( $key, $this->time_keys, true ) ) {
@@ -243 +252 @@
 
         return $this->compare;
+    }
+
+    /**
+     * Validates the given date_query values and triggers errors if something is not valid.
+     *
+     * Note that date queries with invalid date ranges are allowed to
+     * continue (though of course no items will be found for impossible dates).
+     * This method only generates debug notices for these cases.
+     *
+     * @since  4.1.0
+     * @access public
+     *
+     * @param  array $date_query The date_query array.
+     * @return bool  True if all values in the query are valid, false if one or more fail.
+     */
+    public function validate_date_values( $date_query = array() ) {
+        if ( empty( $date_query ) ) {
+            return false;
+        }
+
+        $valid = true;
+
+        /*
+         * Validate 'before' and 'after' up front, then let the
+         * validation routine continue to be sure that all invalid
+         * values generate errors too.
+         */
+        if ( array_key_exists( 'before', $date_query ) && is_array( $date_query['before'] ) ){
+            $valid = $this->validate_date_values( $date_query['before'] );
+        }
+
+        if ( array_key_exists( 'after', $date_query ) && is_array( $date_query['after'] ) ){
+            $valid = $this->validate_date_values( $date_query['after'] );
+        }
+
+        // Message template for the min-max-check.
+        /* translators: Date query invalid date message: 1: invalid value, 2: type of value, 3: minimum valid value, 4: maximum valid value */
+        $min_max_msg = __( 'Invalid value <code>%1$s</code> for <strong>%2$s</strong>. Excepted value should between <code>%3$d</code> and </code>%4$d</code>.' );
+
+        // Array containing all min-max checks.
+        $min_max_checks = array();
+
+        // Days per year.
+        if ( array_key_exists( 'year', $date_query ) ) {
+            // If a year exists in the date query, we can use it to get the days.
+            $max_days_of_year = date( 'z', mktime( 0, 0, 0, 12, 31, $date_query['year'] ) ) + 1;
+        } else {
+            // otherwise we use the max of 366 (leap-year)
+            $max_days_of_year = 366;
+        }
+
+        $min_max_checks['dayofyear'] = array(
+            'min' => 1,
+            'max' => $max_days_of_year
+        );
+
+        // Days per week.
+        $min_max_checks['dayofweek'] = array(
+            'min' => 1,
+            'max' => 7
+        );
+
+        // Months per year.
+        $min_max_checks['month'] = array(
+            'min' => 1,
+            'max' => 12
+        );
+
+        // Weeks per year.
+        if ( array_key_exists( 'year', $date_query ) ) {
+            // If we have a specific year, use it to calculate number of weeks.
+            $date = new DateTime();
+            $date->setISODate( $date_query['year'], 53 );
+            $week_count = $date->format( "W" ) === "53" ? 53 : 52;
+
+        } else {
+            // Otherwise set the week-count to a maximum of 53.
+            $week_count = 53;
+        }
+
+        $min_max_checks['week'] = array(
+            'min' => 1,
+            'max' => $week_count
+        );
+
+        // Days per month.
+        $min_max_checks['day'] = array(
+            'min' => 1,
+            'max' => 31
+        );
+
+        // Hours per day.
+        $min_max_checks['hour'] = array(
+            'min' => 1,
+            'max' => 23
+        );
+
+        // Minutes per hour.
+        $min_max_checks['minute'] = array(
+            'min' => 0,
+            'max' => 59
+        );
+
+        // Seconds per minute.
+        $min_max_checks['second'] = array(
+            'min' => 0,
+            'max' => 59
+        );
+
+        // Concatenate and throw a notice for each invalid value.
+        foreach ( $min_max_checks as $key => $check ) {
+            if ( ! array_key_exists( $key, $date_query ) ) {
+                continue;
+            }
+
+            $is_between = $date_query[ $key ] >= $check['min'] && $date_query[ $key ] <= $check['max'];
+
+            if ( ! $is_between ) {
+                $error = sprintf(
+                    $min_max_msg,
+                    esc_html( $date_query[ $key ] ),
+                    $key,
+                    $check['min'],
+                    $check['max']
+                );
+
+                _doing_it_wrong( __CLASS__, $error, '4.1.0' );
+
+                $valid = false;
+            }
+        }
+
+        // If we already have invalid date messages, don't bother running through checkdate().
+        if ( ! $valid ) {
+            return $valid;
+        }
+
+        $day_month_year_error_msg = '';
+
+        $day_exists   = array_key_exists( 'day', $date_query ) && is_numeric( $date_query['day'] );
+        $month_exists = array_key_exists( 'month', $date_query ) && is_numeric( $date_query['month'] );
+        $year_exists  = array_key_exists( 'year', $date_query ) && is_numeric( $date_query['year'] );
+
+        if ( $day_exists && $month_exists && $year_exists ) {
+            // 1. Checking day, month, year combination.
+            if ( ! checkdate( $date_query['month'], $date_query['day'], $date_query['year'] ) ) {
+                /* translators: 1: year, 2: month, 3: day of month */
+                $day_month_year_error_msg = sprintf(
+                    __( 'The following values do not describe a valid date: year <code>%1$s</code>, month <code>%2$s</code>, day <code>%3$s</code>.' ),
+                    esc_html( $date_query['year'] ),
+                    esc_html( $date_query['month'] ),
+                    esc_html( $date_query['day'] )
+                );
+
+                $valid = false;
+            }
+
+        } else if ( $day_exists && $month_exists ) {
+            /*
+             * 2. checking day, month combination
+             * We use 2012 because, as a leap year, it's the most permissive.
+             */
+            if ( ! checkdate( $date_query['month'], $date_query['day'], 2012 ) ) {
+                /* translators: 1: month, 2: day of month */
+                $day_month_year_error_msg = sprintf(
+                    __( 'The following values do not describe a valid date: month <code>%1$d</code>, day <code>%2$d</code>.' ),
+                    esc_html( $date_query['month'] ),
+                    esc_html( $date_query['day'] )
+                );
+
+                $valid = false;
+            }
+        }
+
+        if ( ! empty( $day_month_year_error_msg ) ) {
+            _doing_it_wrong( __CLASS__, $day_month_year_error_msg, '4.1.0' );
+        }
+
+        return $valid;
     }