[wp-trac] [WordPress Trac] #31083: WP_date_Query - broken before/after validation

[WordPress Trac]

#31083: WP_date_Query - broken before/after validation
--------------------------+-----------------------------
 Reporter:  ChriCo        |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Query         |    Version:  4.1
 Severity:  normal        |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 Currently the ''before/after'' values in ''WP_Date_Query'' can be an array
 or string, which will be parsed by strtotime:


 {{{
 if ( ! is_array( $datetime ) ) {
         // @todo Timezone issues here possibly
         return gmdate( 'Y-m-d H:i:s', strtotime( $datetime, $now ) );
 }
 }}}

 But we don't validate this string in ''validate_date_values'':


 {{{
 if ( array_key_exists( 'before', $date_query ) && is_array(
 $date_query['before'] ) ){
         $valid = $this->validate_date_values( $date_query['before'] );
 }
 }}}

 ----------------------

 Example:


 {{{
 $query_args = array(
         array( 'before' => 'i am a valid date string!?' )
 );
 $date_query = new \WP_Date_Query( $query_args );
 echo $date_query->get_sql;
 //  AND ( ( post_date < '1970-01-01 00:00:00' ) )
 }}}

--
Ticket URL: <https://core.trac.wordpress.org/ticket/31083>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform