From 28fab2ffaabde9042f6558d9816851d3221d279c Mon Sep 17 00:00:00 2001 From: Niels Keurentjes Date: Sat, 13 Jan 2018 02:38:52 +0100 Subject: [PATCH 1/3] [Form] Disallow transform dates beyond the year 9999 Fixes #14727 --- .../DateTimeToLocalizedStringTransformer.php | 5 +++++ ...ateTimeToLocalizedStringTransformerTest.php | 18 ++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/src/Symfony/Component/Form/Extension/Core/DataTransformer/DateTimeToLocalizedStringTransformer.php b/src/Symfony/Component/Form/Extension/Core/DataTransformer/DateTimeToLocalizedStringTransformer.php index e2c553c507e4f..9c53e3154b843 100644 --- a/src/Symfony/Component/Form/Extension/Core/DataTransformer/DateTimeToLocalizedStringTransformer.php +++ b/src/Symfony/Component/Form/Extension/Core/DataTransformer/DateTimeToLocalizedStringTransformer.php @@ -22,6 +22,9 @@ */ class DateTimeToLocalizedStringTransformer extends BaseDateTimeTransformer { + // Midnight of last day of 9999 to prevent 5 digit years from being transformed + const MAX_TIMESTAMP = 253370674800; + private $dateFormat; private $timeFormat; private $pattern; @@ -123,6 +126,8 @@ public function reverseTransform($value) if (0 != intl_get_error_code()) { throw new TransformationFailedException(intl_get_error_message()); + } elseif ($timestamp > self::MAX_TIMESTAMP) { + throw new TransformationFailedException('Years beyond 9999 are not supported.'); } try { diff --git a/src/Symfony/Component/Form/Tests/Extension/Core/DataTransformer/DateTimeToLocalizedStringTransformerTest.php b/src/Symfony/Component/Form/Tests/Extension/Core/DataTransformer/DateTimeToLocalizedStringTransformerTest.php index 1562071edfd12..60b83c222b7fc 100644 --- a/src/Symfony/Component/Form/Tests/Extension/Core/DataTransformer/DateTimeToLocalizedStringTransformerTest.php +++ b/src/Symfony/Component/Form/Tests/Extension/Core/DataTransformer/DateTimeToLocalizedStringTransformerTest.php @@ -343,4 +343,22 @@ public function testReverseTransformOutOfTimestampRange() $transformer = new DateTimeToLocalizedStringTransformer('UTC', 'UTC'); $transformer->reverseTransform('1789-07-14'); } + + /** + * @expectedException \Symfony\Component\Form\Exception\TransformationFailedException + */ + public function testReverseTransformFiveDigitYears() + { + $transformer = new DateTimeToLocalizedStringTransformer('UTC', 'UTC', null, null, \IntlDateFormatter::GREGORIAN, 'yyyy-MM-dd'); + $transformer->reverseTransform('20107-03-21'); + } + + /** + * @expectedException \Symfony\Component\Form\Exception\TransformationFailedException + */ + public function testReverseTransformFiveDigitYearsWithTimestamp() + { + $transformer = new DateTimeToLocalizedStringTransformer('UTC', 'UTC', null, null, \IntlDateFormatter::GREGORIAN, 'yyyy-MM-dd HH:mm:ss'); + $transformer->reverseTransform('20107-03-21 12:34:56'); + } } From f056e060a07da94982fc4cfaf1025ed1f476e190 Mon Sep 17 00:00:00 2001 From: Niels Keurentjes Date: Tue, 16 Jan 2018 09:42:12 +0100 Subject: [PATCH 2/3] Correct timestamp to 9999-12-31 midnight --- .../DataTransformer/DateTimeToLocalizedStringTransformer.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Symfony/Component/Form/Extension/Core/DataTransformer/DateTimeToLocalizedStringTransformer.php b/src/Symfony/Component/Form/Extension/Core/DataTransformer/DateTimeToLocalizedStringTransformer.php index 9c53e3154b843..40d68dc348cda 100644 --- a/src/Symfony/Component/Form/Extension/Core/DataTransformer/DateTimeToLocalizedStringTransformer.php +++ b/src/Symfony/Component/Form/Extension/Core/DataTransformer/DateTimeToLocalizedStringTransformer.php @@ -23,7 +23,7 @@ class DateTimeToLocalizedStringTransformer extends BaseDateTimeTransformer { // Midnight of last day of 9999 to prevent 5 digit years from being transformed - const MAX_TIMESTAMP = 253370674800; + const MAX_TIMESTAMP = 253402214400; private $dateFormat; private $timeFormat; From 185f075054ea244be331bb520f3a39d255179ae6 Mon Sep 17 00:00:00 2001 From: Niels Keurentjes Date: Tue, 16 Jan 2018 23:31:34 +0100 Subject: [PATCH 3/3] Inline const timestamp limit --- .../DateTimeToLocalizedStringTransformer.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/Symfony/Component/Form/Extension/Core/DataTransformer/DateTimeToLocalizedStringTransformer.php b/src/Symfony/Component/Form/Extension/Core/DataTransformer/DateTimeToLocalizedStringTransformer.php index 40d68dc348cda..816e6cad92829 100644 --- a/src/Symfony/Component/Form/Extension/Core/DataTransformer/DateTimeToLocalizedStringTransformer.php +++ b/src/Symfony/Component/Form/Extension/Core/DataTransformer/DateTimeToLocalizedStringTransformer.php @@ -22,9 +22,6 @@ */ class DateTimeToLocalizedStringTransformer extends BaseDateTimeTransformer { - // Midnight of last day of 9999 to prevent 5 digit years from being transformed - const MAX_TIMESTAMP = 253402214400; - private $dateFormat; private $timeFormat; private $pattern; @@ -126,7 +123,8 @@ public function reverseTransform($value) if (0 != intl_get_error_code()) { throw new TransformationFailedException(intl_get_error_message()); - } elseif ($timestamp > self::MAX_TIMESTAMP) { + } elseif ($timestamp > 253402214400) { + // This timestamp represents UTC midnight of 9999-12-31 to prevent 5+ digit years throw new TransformationFailedException('Years beyond 9999 are not supported.'); } pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy