Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-06 22:40:14 -05:00
Code Issues Activity

🐛 Fixed being able to store invalid date formats (#9090)

Browse source 
closes #9089
- use the current date any time a post is fetched if the database contains an invalid date
- raise an error any time an attempt is made to save an invalidate date via the API
This commit is contained in:
Katharina Irrgang 2017-10-04 10:56:09 +02:00 committed by Kevin Ansfield
parent 1933c77773
commit 5f44972d44
3 changed files with 71 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
core/server/models/base/index.js
View file

@ -217,13 +217,21 @@ ghostBookshelf.Model = ghostBookshelf.Model.extend({
* - knex wraps the UTC value into a local JS Date
*/
fixDatesWhenFetch: function fixDates(attrs) {
var self = this;
var self = this, dateMoment;
_.each(attrs, function each(value, key) {
if (value !== null
&& schema.tables[self.tableName].hasOwnProperty(key)
&& schema.tables[self.tableName][key].type === 'dateTime') {
attrs[key] = moment(value).startOf('seconds').toDate();
dateMoment = moment(value);
// CASE: You are somehow able to store e.g. 0000-00-00 00:00:00
// Protect the code base and return the current date time.
if (dateMoment.isValid()) {
attrs[key] = dateMoment.startOf('seconds').toDate();
} else {
attrs[key] = moment().startOf('seconds').toDate();
}
}
});
@ -398,7 +406,7 @@ ghostBookshelf.Model = ghostBookshelf.Model.extend({
* proper strings, see `format`.
*/
sanitizeData: function sanitizeData(data) {
var tableName = _.result(this.prototype, 'tableName');
var tableName = _.result(this.prototype, 'tableName'), dateMoment;
_.each(data, function (value, key) {
if (value !== null
@ -406,7 +414,16 @@ ghostBookshelf.Model = ghostBookshelf.Model.extend({
&& schema.tables[tableName][key].type === 'dateTime'
&& typeof value === 'string'
) {
data[key] = moment(value).toDate();
dateMoment = moment(value);
// CASE: client sends `0000-00-00 00:00:00`
if (!dateMoment.isValid()) {
throw new errors.ValidationError({
message: i18n.t('errors.models.base.invalidDate', {key: key})
});
}
data[key] = dateMoment.toDate();
}
});

3
core/server/translations/en.json
View file

@ -257,7 +257,8 @@
"token": {
"noUserFound": "No user found",
"tokenNotFound": "Token not found"
}
},
"invalidDate": "Date format for `{key}` is invalid."
},
"plugins": {
"filter": {

48
core/test/integration/model/model_posts_spec.js
View file

@ -963,6 +963,54 @@ describe('Post Model', function () {
done();
}).catch(done);
});
it('send invalid published_at date', function (done) {
var postId = testUtils.DataGenerator.Content.posts[0].id;
PostModel
.findOne({
id: postId
})
.then(function (results) {
var post;
should.exist(results);
post = results.toJSON();
post.id.should.equal(postId);
return PostModel.edit({published_at: '0000-00-00 00:00:00'}, _.extend({}, context, {id: postId}));
})
.then(function () {
done(new Error('This test should fail.'));
})
.catch(function (err) {
err.statusCode.should.eql(422);
done();
});
});
it('send empty date', function (done) {
var postId = testUtils.DataGenerator.Content.posts[0].id;
PostModel
.findOne({
id: postId
})
.then(function (results) {
var post;
should.exist(results);
post = results.toJSON();
post.id.should.equal(postId);
return PostModel.edit({created_at: ''}, _.extend({}, context, {id: postId}));
})
.then(function () {
done(new Error('This test should fail.'));
})
.catch(function (err) {
err.statusCode.should.eql(422);
done();
});
});
});
describe('add', function () {