#48906 [Com]: checkdate returns true on false date

sjoerd-php at linuxonly dot nl Tue, 14 Jul 2009 04:15:05 -0700

 ID:               48906
 Comment by:       sjoerd-php at linuxonly dot nl
 Reported By:      arno dot zandink at gmail dot com
 Status:           Open
 Bug Type:         Date/time related
 Operating System: *
 PHP Version:      5.3.0
 New Comment:


The function checkdate() takes three integers as arguments. That means
that if you pass it a string, it will be cast to an int. The string
"1980 <script>alert('test');</script>" cast to an int will result in
1980.

So
checkdate("01", "01", "1980 <script>alert('test');</script>")
is equivalent to
checkdate(1, 1, 1980)

This is not a bug in PHP, rather a limitation of checkdate: it assumes
that you pass it numbers. You should check yourself that your input is
numeric.


Previous Comments:
------------------------------------------------------------------------

[2009-07-13 20:54:59] arno dot zandink at gmail dot com

hmm, indeed I changed my scripted at the last minute because I got a
deprecated notice.

My first test was as following:
<?php

$date = "01-01-1980 <script>alert('test');</script>";
$aDate_parts = split('-', $date);
print_r($aDate_parts);
var_dump(
    checkdate(
        $aDate_parts[1], // Month
        $aDate_parts[0], // Day
        $aDate_parts[2] // Year
    )
);

?>

This example will result in the following array:
<?php

Array
(
    [0] => 01
    [1] => 01
    [2] => 1980 <script>alert('test');</script>
)

?>

And it will return a boolean (true)

------------------------------------------------------------------------

[2009-07-13 19:49:18] sjoerd-php at linuxonly dot nl

Thank you for your bug report.

Your example code can be summarized as follows:
<?php var_dump(checkdate('01', '01', '1980')); ?>

I would expect this to return true, because January 1st 1980 is a valid
date. Why do you think it is an invalid date?

------------------------------------------------------------------------

[2009-07-13 19:11:20] arno dot zandink at gmail dot com

Description:
------------
checkdate returns true when the date given is not a valid date

If this is not considered a bug, perhaps adding a waring on the manual
page would be wise 

Reproduce code:
---------------
---
>From manual page: function.checkdate
---
<?php

$date = "01-01-1980 <script>alert('test');</script>";
$aDate_parts = preg_split("/[\s-]+/", $date);

var_dump(
    checkdate(
        $aDate_parts[1], // Month
        $aDate_parts[0], // Day
        $aDate_parts[2] // Year
    )
);

?>

Expected result:
----------------
I would expect var_dump to print a boolean (false) because the date is
not valid

Actual result:
--------------
A boolean (true) is returned with a invalid date


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=48906&edit=1

#48906 [Com]: checkdate returns true on false date

Reply via email to