From 35f0a66f32ee99f7eb348526db1e6cc4301f4ab1 Mon Sep 17 00:00:00 2001
From: Siebrand Mazeland <s.mazeland@xs4all.nl>
Date: Thu, 25 Apr 2013 09:58:39 +0200
Subject: [PATCH] Add input checks for Language::sprintfDate()

Check if the timestamp has a length of 14 characters and if it is numeric.
Throw an exception otherwise. Includes tests.

Bug: 47629
Change-Id: I9a4fd0af88cf20c2a6bd72fd7048743466c1600f
---
 languages/Language.php                   | 10 ++++++++++
 tests/phpunit/languages/LanguageTest.php | 25 +++++++++++++++++++++++-
 2 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/languages/Language.php b/languages/Language.php
index 9651f3d882..7ec37a1a0b 100644
--- a/languages/Language.php
+++ b/languages/Language.php
@@ -1078,6 +1078,7 @@ class Language {
 	 * @param $zone DateTimeZone: Timezone of $ts
 	 * @todo handling of "o" format character for Iranian, Hebrew, Hijri & Thai?
 	 *
+	 * @throws MWException
 	 * @return string
 	 */
 	function sprintfDate( $format, $ts, DateTimeZone $zone = null ) {
@@ -1093,6 +1094,15 @@ class Language {
 		$thai = false;
 		$minguo = false;
 		$tenno = false;
+
+		if ( strlen( $ts ) !== 14 ) {
+			throw new MWException( __METHOD__ . ": The timestamp $ts should have 14 characters" );
+		}
+
+		if ( !ctype_digit( $ts ) ) {
+			throw new MWException( __METHOD__ . ": The timestamp $ts should be a number" );
+		}
+
 		for ( $p = 0; $p < strlen( $format ); $p++ ) {
 			$num = false;
 			$code = $format[$p];
diff --git a/tests/phpunit/languages/LanguageTest.php b/tests/phpunit/languages/LanguageTest.php
index d5dbfb24db..26bb2f32a4 100644
--- a/tests/phpunit/languages/LanguageTest.php
+++ b/tests/phpunit/languages/LanguageTest.php
@@ -1,7 +1,6 @@
 <?php
 
 class LanguageTest extends LanguageClassesTestCase {
-
 	function testLanguageConvertDoubleWidthToSingleWidth() {
 		$this->assertEquals(
 			"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz",
@@ -499,6 +498,30 @@ class LanguageTest extends LanguageClassesTestCase {
 		);
 	}
 
+	/**
+	 * Test too short timestamp
+	 * @expectedException MWException
+	 */
+	function testSprintfDateTooShortTimestamp() {
+		$this->getLang()->sprintfDate( 'xiY', '1234567890123' );
+	}
+
+	/**
+	 * Test too long timestamp
+	 * @expectedException MWException
+	 */
+	function testSprintfDateTooLongTimestamp() {
+		$this->getLang()->sprintfDate( 'xiY', '123456789012345' );
+	}
+
+	/**
+	 * Test too short timestamp
+	 * @expectedException MWException
+	 */
+	function testSprintfDateNotAllDigitTimestamp() {
+		$this->getLang()->sprintfDate( 'xiY', '-1234567890123' );
+	}
+
 	/**
 	 * @dataProvider provideSprintfDateSamples
 	 */
-- 
2.20.1