Skip to content

Commit

Permalink
feat: Sanitize invalid datetimes
Browse files Browse the repository at this point in the history
  • Loading branch information
@KminekMatej
KminekMatej committed Sep 6, 2024
1 parent ff03b39 commit c415da7
Showing 1 changed file with 20 additions and 4 deletions.
24 changes: 20 additions & 4 deletions app/module/event/manager/EventManager.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -302,12 +302,24 @@ protected function allowCreate(?array &$data = null): void
if (!isset($data["endTime"])) {
$data["endTime"] = $data["startTime"];
}
if (!isset($data["closeTime"])) {

try {
$closeTimeDT = new DateTime($data["closeTime"]);
} catch (Exception $exc) {

Check failure on line 308 in app/module/event/manager/EventManager.php

View workflow job for this annotation

GitHub Actions / PHP Stan 

Caught class Tymy\Module\Event\Manager\Exception not found.
$this->respondBadRequest($this->translator->translate("event.close") . ": " . $this->translator->translate("common.errors.valueInvalid"));
}

try {
$startTimeDT = new DateTime($data["startTime"]);
} catch (Exception $exc) {

Check failure on line 314 in app/module/event/manager/EventManager.php

View workflow job for this annotation

GitHub Actions / PHP Stan 

Caught class Tymy\Module\Event\Manager\Exception not found.
$this->respondBadRequest($this->translator->translate("event.start") . ": " . $this->translator->translate("common.errors.valueInvalid"));
}

$closeTimeDT = new DateTime($data["closeTime"]);
$startTimeDT = new DateTime($data["startTime"]);
$endTimeDT = new DateTime($data["endTime"]);
try {
$endTimeDT = new DateTime($data["endTime"]);
} catch (Exception $exc) {

Check failure on line 320 in app/module/event/manager/EventManager.php

View workflow job for this annotation

GitHub Actions / PHP Stan 

Caught class Tymy\Module\Event\Manager\Exception not found.
$this->respondBadRequest($this->translator->translate("event.end") . ": " . $this->translator->translate("common.errors.valueInvalid"));
}

if ($closeTimeDT > $startTimeDT) {

Check failure on line 324 in app/module/event/manager/EventManager.php

View workflow job for this annotation

GitHub Actions / PHP Stan 

Variable $closeTimeDT might not be defined.

Check failure on line 324 in app/module/event/manager/EventManager.php

View workflow job for this annotation

GitHub Actions / PHP Stan 

Variable $startTimeDT might not be defined.
$this->respondBadRequest($this->translator->translate("event.errors.closeAfterStart"));
Expand Down Expand Up @@ -346,6 +358,10 @@ protected function allowRead(?int $recordId = null): void
if ($recordId) {
$this->event = $this->getById($recordId);

if (!$this->event) {
$this->respondNotFound(Event::MODULE, $recordId);
}

if (!$this->canRead($this->event, $this->user->getId())) {
$this->responder->E4001_VIEW_NOT_PERMITTED(Event::MODULE, $recordId);
}
Expand Down

0 comments on commit c415da7

Please sign in to comment.