[wp-trac] [WordPress Trac] #31083: WP_date_Query - broken before/after validation
WordPress Trac
noreply at wordpress.org
Wed Jan 21 08:18:58 UTC 2015
#31083: WP_date_Query - broken before/after validation
--------------------------+-----------------------------
Reporter: ChriCo | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Query | Version: 4.1
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
Currently the ''before/after'' values in ''WP_Date_Query'' can be an array
or string, which will be parsed by strtotime:
{{{
if ( ! is_array( $datetime ) ) {
// @todo Timezone issues here possibly
return gmdate( 'Y-m-d H:i:s', strtotime( $datetime, $now ) );
}
}}}
But we don't validate this string in ''validate_date_values'':
{{{
if ( array_key_exists( 'before', $date_query ) && is_array(
$date_query['before'] ) ){
$valid = $this->validate_date_values( $date_query['before'] );
}
}}}
----------------------
Example:
{{{
$query_args = array(
array( 'before' => 'i am a valid date string!?' )
);
$date_query = new \WP_Date_Query( $query_args );
echo $date_query->get_sql;
// AND ( ( post_date < '1970-01-01 00:00:00' ) )
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/31083>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list