diff --git a/src/wp-includes/date.php b/src/wp-includes/date.php
index 33f8d21c1d..426b24dba2 100644
--- a/src/wp-includes/date.php
+++ b/src/wp-includes/date.php
@@ -6,6 +6,10 @@
* to filter their results by date columns, by generating `WHERE` subclauses to be attached
* to the primary SQL query string.
*
+ * Attempting to filter by an invalid date value (eg month=13) will generate SQL that will
+ * return no results. In these cases, a _doing_it_wrong() error notice is also thrown.
+ * See {@link WP_Date_Query::validate_date_values()}.
+ *
* @link http://codex.wordpress.org/Function_Reference/WP_Query Codex page.
*
* @since 3.7.0
@@ -201,6 +205,11 @@ class WP_Date_Query {
}
}
+ // Validate the dates passed in the query.
+ if ( $this->is_first_order_clause( $queries ) ) {
+ $this->validate_date_values( $queries );
+ }
+
foreach ( $queries as $key => $q ) {
if ( ! is_array( $q ) || in_array( $key, $this->time_keys, true ) ) {
// This is a first-order query. Trust the values and sanitize when building SQL.
@@ -244,6 +253,185 @@ class WP_Date_Query {
return $this->compare;
}
+ /**
+ * Validates the given date_query values and triggers errors if something is not valid.
+ *
+ * Note that date queries with invalid date ranges are allowed to
+ * continue (though of course no items will be found for impossible dates).
+ * This method only generates debug notices for these cases.
+ *
+ * @since 4.1.0
+ * @access public
+ *
+ * @param array $date_query The date_query array.
+ * @return bool True if all values in the query are valid, false if one or more fail.
+ */
+ public function validate_date_values( $date_query = array() ) {
+ if ( empty( $date_query ) ) {
+ return false;
+ }
+
+ $valid = true;
+
+ /*
+ * Validate 'before' and 'after' up front, then let the
+ * validation routine continue to be sure that all invalid
+ * values generate errors too.
+ */
+ if ( array_key_exists( 'before', $date_query ) && is_array( $date_query['before'] ) ){
+ $valid = $this->validate_date_values( $date_query['before'] );
+ }
+
+ if ( array_key_exists( 'after', $date_query ) && is_array( $date_query['after'] ) ){
+ $valid = $this->validate_date_values( $date_query['after'] );
+ }
+
+ // Message template for the min-max-check.
+ /* translators: Date query invalid date message: 1: invalid value, 2: type of value, 3: minimum valid value, 4: maximum valid value */
+ $min_max_msg = __( 'Invalid value %1$s for %2$s. Excepted value should between %3$d and %4$d.' );
+
+ // Array containing all min-max checks.
+ $min_max_checks = array();
+
+ // Days per year.
+ if ( array_key_exists( 'year', $date_query ) ) {
+ // If a year exists in the date query, we can use it to get the days.
+ $max_days_of_year = date( 'z', mktime( 0, 0, 0, 12, 31, $date_query['year'] ) ) + 1;
+ } else {
+ // otherwise we use the max of 366 (leap-year)
+ $max_days_of_year = 366;
+ }
+
+ $min_max_checks['dayofyear'] = array(
+ 'min' => 1,
+ 'max' => $max_days_of_year
+ );
+
+ // Days per week.
+ $min_max_checks['dayofweek'] = array(
+ 'min' => 1,
+ 'max' => 7
+ );
+
+ // Months per year.
+ $min_max_checks['month'] = array(
+ 'min' => 1,
+ 'max' => 12
+ );
+
+ // Weeks per year.
+ if ( array_key_exists( 'year', $date_query ) ) {
+ // If we have a specific year, use it to calculate number of weeks.
+ $date = new DateTime();
+ $date->setISODate( $date_query['year'], 53 );
+ $week_count = $date->format( "W" ) === "53" ? 53 : 52;
+
+ } else {
+ // Otherwise set the week-count to a maximum of 53.
+ $week_count = 53;
+ }
+
+ $min_max_checks['week'] = array(
+ 'min' => 1,
+ 'max' => $week_count
+ );
+
+ // Days per month.
+ $min_max_checks['day'] = array(
+ 'min' => 1,
+ 'max' => 31
+ );
+
+ // Hours per day.
+ $min_max_checks['hour'] = array(
+ 'min' => 1,
+ 'max' => 23
+ );
+
+ // Minutes per hour.
+ $min_max_checks['minute'] = array(
+ 'min' => 0,
+ 'max' => 59
+ );
+
+ // Seconds per minute.
+ $min_max_checks['second'] = array(
+ 'min' => 0,
+ 'max' => 59
+ );
+
+ // Concatenate and throw a notice for each invalid value.
+ foreach ( $min_max_checks as $key => $check ) {
+ if ( ! array_key_exists( $key, $date_query ) ) {
+ continue;
+ }
+
+ $is_between = $date_query[ $key ] >= $check['min'] && $date_query[ $key ] <= $check['max'];
+
+ if ( ! $is_between ) {
+ $error = sprintf(
+ $min_max_msg,
+ esc_html( $date_query[ $key ] ),
+ $key,
+ $check['min'],
+ $check['max']
+ );
+
+ _doing_it_wrong( __CLASS__, $error, '4.1.0' );
+
+ $valid = false;
+ }
+ }
+
+ // If we already have invalid date messages, don't bother running through checkdate().
+ if ( ! $valid ) {
+ return $valid;
+ }
+
+ $day_month_year_error_msg = '';
+
+ $day_exists = array_key_exists( 'day', $date_query ) && is_numeric( $date_query['day'] );
+ $month_exists = array_key_exists( 'month', $date_query ) && is_numeric( $date_query['month'] );
+ $year_exists = array_key_exists( 'year', $date_query ) && is_numeric( $date_query['year'] );
+
+ if ( $day_exists && $month_exists && $year_exists ) {
+ // 1. Checking day, month, year combination.
+ if ( ! checkdate( $date_query['month'], $date_query['day'], $date_query['year'] ) ) {
+ /* translators: 1: year, 2: month, 3: day of month */
+ $day_month_year_error_msg = sprintf(
+ __( 'The following values do not describe a valid date: year %1$s, month %2$s, day %3$s.' ),
+ esc_html( $date_query['year'] ),
+ esc_html( $date_query['month'] ),
+ esc_html( $date_query['day'] )
+ );
+
+ $valid = false;
+ }
+
+ } else if ( $day_exists && $month_exists ) {
+ /*
+ * 2. checking day, month combination
+ * We use 2012 because, as a leap year, it's the most permissive.
+ */
+ if ( ! checkdate( $date_query['month'], $date_query['day'], 2012 ) ) {
+ /* translators: 1: month, 2: day of month */
+ $day_month_year_error_msg = sprintf(
+ __( 'The following values do not describe a valid date: month %1$d, day %2$d.' ),
+ esc_html( $date_query['month'] ),
+ esc_html( $date_query['day'] )
+ );
+
+ $valid = false;
+ }
+ }
+
+ if ( ! empty( $day_month_year_error_msg ) ) {
+ _doing_it_wrong( __CLASS__, $day_month_year_error_msg, '4.1.0' );
+ }
+
+ return $valid;
+ }
+
/**
* Validates a column name parameter.
*
diff --git a/tests/phpunit/tests/date/query.php b/tests/phpunit/tests/date/query.php
index c5ca9f114c..84bda07d7e 100644
--- a/tests/phpunit/tests/date/query.php
+++ b/tests/phpunit/tests/date/query.php
@@ -9,6 +9,14 @@
* @group date
*/
class Tests_WP_Date_Query extends WP_UnitTestCase {
+ public $q;
+
+ public function setUp() {
+ parent::setUp();
+ unset( $this->q );
+ $this->q = new WP_Date_Query( array( 'm' => 2 ) );
+ }
+
public function test_construct_date_query_empty() {
$q = new WP_Date_Query( array() );
$this->assertSame( 'AND', $q->relation );
@@ -582,4 +590,316 @@ class Tests_WP_Date_Query extends WP_UnitTestCase {
// varying precision on different PHP installations
$this->assertRegExp( "/DATE_FORMAT\( post_date, '0\.%i%s' \) = 0\.15350*/", $found );
}
+
+ /**
+ * @ticket 25834
+ * @expectedIncorrectUsage WP_Date_Query
+ */
+ public function test_validate_date_query_before_after(){
+ // Valid values.
+ $valid_args = array(
+ array(
+ 'month' => 2,
+ 'year' => 2014,
+ ),
+ array(
+ 'day' => 8,
+ 'year' => 2014,
+ ),
+ );
+
+ foreach ( $valid_args as $args ) {
+ $this->assertTrue( $this->q->validate_date_values( array( 'before' => $args ) ) );
+ $this->assertTrue( $this->q->validate_date_values( array( 'after' => $args ) ) );
+ }
+
+ // Invalid values.
+ $invalid_args = array(
+ array(
+ 'month' => 13,
+ ),
+ array(
+ 'day' => 32,
+ ),
+ array(
+ 'minute' => 60,
+ ),
+ array(
+ 'second' => 60,
+ ),
+ array(
+ 'week' => 54,
+ ),
+ );
+
+ foreach ( $invalid_args as $args ) {
+ $this->assertFalse( $this->q->validate_date_values( array( 'before' => $args ) ) );
+ $this->assertFalse( $this->q->validate_date_values( array( 'after' => $args ) ) );
+ }
+ }
+
+ /**
+ * @ticket 25834
+ * @expectedIncorrectUsage WP_Date_Query
+ */
+ public function test_validate_date_query_before_after_with_month(){
+ // Both are valid.
+ $args = array(
+ 'before' => array(
+ 'month' => 2,
+ 'year' => 2014,
+ ),
+ 'month' => 10,
+ );
+ $this->assertTrue( $this->q->validate_date_values( $args ) );
+
+ // 'before' is invalid, 'month' is valid.
+ $args = array(
+ 'before' => array(
+ 'month' => 13,
+ 'year' => 2014,
+ ),
+ 'month' => 10,
+ );
+ $this->assertFalse( $this->q->validate_date_values( $args ) );
+
+ // 'before' is valid, 'month' is invalid.
+ $args = array(
+ 'before' => array(
+ 'month' => 10,
+ 'year' => 2014,
+ ),
+ 'month' => 14,
+ );
+ $this->assertFalse( $this->q->validate_date_values( $args ) );
+
+ // Both are invalid.
+ $args = array(
+ 'before' => array(
+ 'month' => 14,
+ 'year' => 2014,
+ ),
+ 'month' => 14,
+ );
+ $this->assertFalse( $this->q->validate_date_values( $args ) );
+ }
+
+ /**
+ * @ticket 25834
+ * @expectedIncorrectUsage WP_Date_Query
+ */
+ public function test_validate_date_values_week() {
+ // Valid values.
+ $weeks = range( 1, 53 );
+ foreach ( $weeks as $week ) {
+ $this->assertTrue( $this->q->validate_date_values( array( 'week' => $week ) ) );
+ }
+
+ // Invalid values.
+ $weeks = array( -1, 0, 54 );
+ foreach ( $weeks as $week ) {
+ $this->assertFalse( $this->q->validate_date_values( array( 'week' => $week ) ) );
+ }
+
+ // Valid combinations.
+ $weeks = array(
+ array(
+ 'week' => 52,
+ 'year' => 2012,
+ ),
+ array(
+ 'week' => 53,
+ 'year' => 2009,
+ ),
+ );
+
+ foreach ( $weeks as $week_args ) {
+ $this->assertTrue( $this->q->validate_date_values( $week_args ) );
+ }
+
+ // Invalid combinations.
+ $weeks = array(
+ // 2012 has 52 weeks.
+ array(
+ 'week' => 53,
+ 'year' => 2012,
+ ),
+
+ // 2013 has 53 weeks.
+ array(
+ 'week' => 54,
+ 'year' => 2009,
+ )
+ );
+
+ foreach ( $weeks as $week_args ) {
+ $this->assertFalse( $this->q->validate_date_values( $week_args ) );
+ }
+ }
+
+ /**
+ * @ticket 25834
+ * @expectedIncorrectUsage WP_Date_Query
+ */
+ public function test_validate_date_values_month() {
+ // Valid values.
+ $months = range( 1, 12 );
+ foreach ( $months as $month ) {
+ $this->assertTrue( $this->q->validate_date_values( array( 'month' => $month ) ) );
+ }
+
+ // Invalid values.
+ $months = array( -1, 0, 13, 'string who wants to be a int' );
+ foreach ( $months as $month ) {
+ $this->assertFalse( $this->q->validate_date_values( array( 'month' => $month ) ) );
+ }
+ }
+
+ /**
+ * @ticket 25834
+ * @expectedIncorrectUsage WP_Date_Query
+ */
+ public function test_validate_date_values_day() {
+ // Valid values.
+ $days = range( 1, 31 );
+ foreach ( $days as $day ) {
+ $this->assertTrue( $this->q->validate_date_values( array( 'day' => $day ) ) );
+ }
+
+ // Invalid values.
+ $days = array( -1, 32 );
+ foreach ( $days as $day ) {
+ $this->assertFalse( $this->q->validate_date_values( array( 'day' => $day ) ) );
+ }
+
+ // Valid combinations.
+ $days = array(
+ array(
+ 'day' => 29,
+ 'month' => 2,
+ 'year' => 2008,
+ ),
+ array(
+ 'day' => 28,
+ 'month' => 2,
+ 'year' => 2009,
+ ),
+ );
+
+ foreach ( $days as $args ) {
+ $this->assertTrue( $this->q->validate_date_values( $args ) );
+ }
+
+ // Invalid combinations.
+ $days = array(
+ // February 2008 has 29 days.
+ array(
+ 'day' => 30,
+ 'month' => 2,
+ 'year' => 2008,
+ ),
+
+ // February 2009 has 29 days.
+ array(
+ 'day' => 29,
+ 'month' => 2,
+ 'year' => 2009,
+ ),
+ );
+
+ foreach ( $days as $args ) {
+ $this->assertFalse( $this->q->validate_date_values( $args ) );
+ }
+ }
+
+ /**
+ * @ticket 25834
+ * @expectedIncorrectUsage WP_Date_Query
+ */
+ public function test_validate_date_values_hour() {
+ // Valid values.
+ $hours = range( 1, 23 );
+ foreach ( $hours as $hour ) {
+ $this->assertTrue( $this->q->validate_date_values( array( 'hour' => $hour ) ) );
+ }
+
+ // Invalid values.
+ $hours = array( -1, 24, 25, 'string who wants to be a int' );
+ foreach ( $hours as $hour ) {
+ $this->assertFalse( $this->q->validate_date_values( array( 'hour' => $hour ) ) );
+ }
+ }
+
+ /**
+ * @ticket 25834
+ * @expectedIncorrectUsage WP_Date_Query
+ */
+ public function test_validate_date_values_minute() {
+ // Valid values.
+ $minutes = range( 0, 59 );
+ foreach ( $minutes as $minute ) {
+ $this->assertTrue( $this->q->validate_date_values( array( 'minute' => $minute ) ) );
+ }
+
+ // Invalid values.
+ $minutes = array( -1, 60 );
+ foreach ( $minutes as $minute ) {
+ $this->assertFalse( $this->q->validate_date_values( array( 'minute' => $minute ) ) );
+ }
+ }
+
+ /**
+ * @ticket 25834
+ * @expectedIncorrectUsage WP_Date_Query
+ */
+ public function test_validate_date_values_second() {
+ // Valid values.
+ $seconds = range( 0, 59 );
+ foreach ( $seconds as $second ) {
+ $this->assertTrue( $this->q->validate_date_values( array( 'second' => $second ) ) );
+ }
+
+ // Invalid values.
+ $seconds = array( -1, 60 );
+ foreach ( $seconds as $second ) {
+ $this->assertFalse( $this->q->validate_date_values( array( 'second' => $second ) ) );
+ }
+
+ }
+
+ /**
+ * @ticket 25834
+ * @expectedIncorrectUsage WP_Date_Query
+ */
+ public function test_validate_date_values_day_of_week() {
+ // Valid values.
+ $days_of_week = range( 1, 7 );
+ foreach ( $days_of_week as $day_of_week ) {
+ $this->assertTrue( $this->q->validate_date_values( array( 'dayofweek' => $day_of_week ) ) );
+ }
+
+ // Invalid values.
+ $days_of_week = array( -1, 0, 8 );
+ foreach ( $days_of_week as $day_of_week ) {
+ $this->assertFalse( $this->q->validate_date_values( array( 'dayofweek' => $day_of_week ) ) );
+ }
+ }
+
+ /**
+ * @ticket 25834
+ * @expectedIncorrectUsage WP_Date_Query
+ */
+ public function test_validate_date_values_day_of_year() {
+ // Valid values.
+ $days_of_year = range( 1, 366 );
+ foreach ( $days_of_year as $day_of_year ) {
+ $this->assertTrue( $this->q->validate_date_values( array( 'dayofyear' => $day_of_year ) ) );
+ }
+
+ // Invalid values.
+ $days_of_year = array( -1, 0, 367 );
+ foreach ( $days_of_year as $day_of_year ) {
+ $this->assertFalse( @$this->q->validate_date_values( array( 'dayofyear' => $day_of_year ) ) );
+ }
+ }
}