ZF-10337: Zend_Validate_Date doesn't validate time well

Issue Type:
Bug
Created:
2010-08-19T01:31:33.000+0000
Last Updated:
2011-01-23T07:19:11.000+0000
Status:
Open
Fix version(s):
    Reporter:
    Benjamin Dulau (dbenjamin)
    Assignee:
    Thomas Weidner (thomas)
    Tags:
    • Zend_Validate
    Related issues:
    Attachments:

    Description

    
$timeValidator = new Zend_Validate_Date(array('format' => 'HH:mm:ss'));                               
echo ($timeValidator->isValid('11:d5:00')) ? 'OK' : 'KO'; // output : OK !!
echo ($timeValidator->isValid('11:dd:00')) ? 'OK' : 'KO'; // output : KO

    Comments

    Posted by Thijs Lensselink (m0s) on 2011-01-23T03:13:51.000+0000

    This is a difficult issue. I would probably force the date to be checked before it is passed to the Zend_Validate_Date class. But i agree the Zend_Validate_Date class should throw an exception when a non numeric value is found in the time (date) string.

    The problem is caused by the following line in Zend_Locale_Format

    preg_match_all('/\d+/u', $number, $splitted);

    All non numeric values are stripped. This causes gaps when time strings like '12:dd:12' are given. And strings like '12:d5:12' will be validated because 'd5' evaluates to '5'

    To solve the issue we could validate the date string before parsing it.