diff --git a/src/DbUtils.php b/src/DbUtils.php index 1fec5215aa9..c9bd15a4928 100644 --- a/src/DbUtils.php +++ b/src/DbUtils.php @@ -1913,16 +1913,30 @@ public function closeDBConnections() */ public function getDateCriteria($field, $begin, $end) { + global $DB; + + $date_pattern = '/^\d{4}-\d{2}-\d{2}( \d{2}:\d{2}:\d{2})?$/'; // `YYYY-mm-dd` optionaly followed by ` HH:ii:ss` + $criteria = []; - if (!empty($begin)) { + if (is_string($begin) && preg_match($date_pattern, $begin) === 1) { $criteria[] = [$field => ['>=', $begin]]; + } elseif ($begin !== null && $begin !== '') { + trigger_error( + sprintf('Invalid %s date value.', json_encode($begin)), + E_USER_WARNING + ); } - if (!empty($end)) { + if (is_string($end) && preg_match($date_pattern, $end) === 1) { $end_expr = new QueryExpression( - 'ADDDATE(\'' . $end . '\', INTERVAL 1 DAY)' + 'ADDDATE(' . $DB->quoteValue($end) . ', INTERVAL 1 DAY)' ); $criteria[] = [$field => ['<=', $end_expr]]; + } elseif ($end !== null && $end !== '') { + trigger_error( + sprintf('Invalid %s date value.', json_encode($end)), + E_USER_WARNING + ); } return $criteria; diff --git a/tests/functional/DbUtils.php b/tests/functional/DbUtils.php index 092e0191c1e..7aacc052f98 100644 --- a/tests/functional/DbUtils.php +++ b/tests/functional/DbUtils.php @@ -1281,6 +1281,10 @@ public function testGetDateCriteria() $this->testedInstance->getDateCriteria('date', null, null) )->isIdenticalTo([]); + $this->array( + $this->testedInstance->getDateCriteria('date', '', '') + )->isIdenticalTo([]); + $this->array( $this->testedInstance->getDateCriteria('date', '2018-11-09', null) )->isIdenticalTo([ @@ -1291,9 +1295,9 @@ public function testGetDateCriteria() $this->array($result)->hasSize(1); $this->array($result[0]['date']) - ->hasSize(2) - ->string[0]->isIdenticalTo('<=') - ->object[1]->isInstanceOf('\QueryExpression'); + ->hasSize(2) + ->string[0]->isIdenticalTo('<=') + ->object[1]->isInstanceOf('\QueryExpression'); $this->string( $result[0]['date'][1]->getValue() @@ -1304,13 +1308,31 @@ public function testGetDateCriteria() $this->array($result[0])->isIdenticalTo(['date' => ['>=', '2018-11-08']]); $this->array($result[1]['date']) - ->hasSize(2) - ->string[0]->isIdenticalTo('<=') - ->object[1]->isInstanceOf('\QueryExpression'); + ->hasSize(2) + ->string[0]->isIdenticalTo('<=') + ->object[1]->isInstanceOf('\QueryExpression'); $this->string( $result[1]['date'][1]->getValue() )->isIdenticalTo("ADDDATE('2018-11-09', INTERVAL 1 DAY)"); + + $result = null; + $this->when(function () use (&$result) { + $result = $this->testedInstance->getDateCriteria('date', '2023-02-19\', INTERVAL 1 DAY)))))', null); + })->error + ->withType(E_USER_WARNING) + ->withMessage('Invalid "2023-02-19\', INTERVAL 1 DAY)))))" date value.') + ->exists(); + $this->array($result)->isIdenticalTo([]); + + $result = null; + $this->when(function () use (&$result) { + $result = $this->testedInstance->getDateCriteria('date', null, '2021-02-19\', INTERVAL 1 DAY)))))'); + })->error + ->withType(E_USER_WARNING) + ->withMessage('Invalid "2021-02-19\', INTERVAL 1 DAY)))))" date value.') + ->exists(); + $this->array($result)->isIdenticalTo([]); } protected function autoNameProvider()