diff --git a/src/applications/calendar/query/PhabricatorCalendarEventSearchEngine.php b/src/applications/calendar/query/PhabricatorCalendarEventSearchEngine.php --- a/src/applications/calendar/query/PhabricatorCalendarEventSearchEngine.php +++ b/src/applications/calendar/query/PhabricatorCalendarEventSearchEngine.php @@ -485,6 +485,12 @@ ->setHeader($header); } + /** + * @param string|null $range_start Epoch + * @param string|null $range_end Epoch + * @param string $display View, such as "month" or "day" + * @return array YYYY, M, D + */ private function getDisplayYearAndMonthAndDay( $range_start, $range_end, @@ -527,7 +533,7 @@ /** * @param PhabricatorSavedQuery $saved - * @return AphrontFormDateControlValue + * @return AphrontFormDateControlValue Query date range start */ private function getQueryDateFrom(PhabricatorSavedQuery $saved) { if ($this->calendarYear && $this->calendarMonth) { @@ -544,11 +550,36 @@ )); } - return $this->getQueryDate($saved, 'rangeStart'); + $date = $this->getQueryDate($saved, 'rangeStart'); + $this->validateDate($date); + + return $date; } + /** + * @param PhabricatorSavedQuery $saved + * @return AphrontFormDateControlValue Query date range end + */ private function getQueryDateTo(PhabricatorSavedQuery $saved) { - return $this->getQueryDate($saved, 'rangeEnd'); + $date = $this->getQueryDate($saved, 'rangeEnd'); + $this->validateDate($date); + return $date; + } + + /** + * Validate the user provided date and time value(s) by calling + * @{class:AphrontFormDateControlValue}::isValid(). + * Throw an Exception if invalid. + * + * @param AphrontFormDateControlValue $date + * @return void + */ + private function validateDate(AphrontFormDateControlValue $date) { + if (!$date->isValid()) { + // TODO: Use DateMalformedStringException once we require PHP 8.3.0 + throw new Exception( + pht('Invalid date or time value set as query value.')); + } } private function getQueryDate(PhabricatorSavedQuery $saved, $key) {