WordPress.org

Make WordPress Core

Opened 6 years ago

Last modified 5 months ago

#26798 new defect (bug)

While inserting a post some values for 'post_date' throw a PHP exception

Reported by: mobius5150 Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.5
Component: Date/Time Keywords: has-patch
Focuses: Cc:
PR Number:

Description

If you try and insert a post with a date that does not have leading zeros (eg 2012-01-8 or 2012-1-08 or 2012-1-8) a PHP error is thrown in trunk/src/wp-includes/functions.php#L4015: A non well formed numeric value encountered due to the checkdate() call.

Minimum code to reproduce:

$post_data = array(
    'post_title' => 'some title',
    'post_content' => 'some content',
    'post_status' => 'publish',
    'post_date' => '2012-01-8 12:00:00',
);

wp_insert_post( $post_data );

Two possible solutions:

  1. Get strict about date formatting: ie: require leading zeros. If a date comes in without leading zeros a WP_Error() should be returned, an error should not get thrown.
  2. Allow non-leading zeros.

Either way using substr() in trunk/src/wp-includes/post.php#L2805 is at fault.

I've attached a diff that uses a regex to parse the date using capture groups. Its much cleaner and will detect a badly formatted date and handle it gracefully. The regex does not require leading zeros. If leading zeros are required the regex should be changed to:
/^(?P<year>\d{4})-(?P<month>0[1-9]|1[012])-(?P<day>0[1-9]|[12][0-9]|3[01])/

Attachments (2)

post.php.diff (989 bytes) - added by mobius5150 6 years ago.
Diff for suggested changes to fix post.php
post.php.2.diff (990 bytes) - added by mobius5150 6 years ago.

Download all attachments as: .zip

Change History (6)

@mobius5150
6 years ago

Diff for suggested changes to fix post.php

#1 @mobius5150
6 years ago

Fixed a typo. The match array should have at least 6 elements not exactly 6.

#2 @nacin
6 years ago

  • Component changed from Validation to Date/Time

Perhaps wp_checkdate() should be able to either:

  • take a string and break it up on its own
  • decline to pass obviously invalid values to checkdate()

#3 @johnbillion
6 years ago

  • Keywords has-patch needs-testing added
  • Version changed from trunk to 3.5

Introduced in r21921

#4 @alordiel
5 years ago

  • Keywords needs-testing removed

Patch works as charm (WP 4.1), no errors or notices where thrown.

Note: See TracTickets for help on using tickets.