@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Harden custom date fields against userland adventures
Summary: Users do things like change the type of a field. Currently, we throw when this happens. Instead, recover somewhat-gracefully.
Test Plan:
Created a "string" field, then changed it to a "date" field.
{F35241}
Reviewers: btrahan, chad
Reviewed By: chad
CC: aran
Differential Revision: https://secure.phabricator.com/D5310
+19
-2
+19
-2
src/applications/maniphest/auxiliaryfield/ManiphestAuxiliaryFieldDefaultSpecification.php
+19
-2
src/applications/maniphest/auxiliaryfield/ManiphestAuxiliaryFieldDefaultSpecification.php
···
195
195
$value = array();
196
196
}
197
197
break;
198
+
case self::TYPE_DATE:
199
+
$value = (int)$value;
200
+
if ($value <= 0) {
201
+
return $this->setDefaultValue($value);
202
+
}
203
+
break;
198
204
default:
199
205
break;
200
206
}
···
336
342
}
337
343
break;
338
344
case self::TYPE_DATE:
339
-
$new_display = phabricator_datetime($new, $this->getUser());
345
+
// NOTE: Although it should be impossible to get bad data in these
346
+
// fields normally, users can change the type of an existing field and
347
+
// leave us with uninterpretable data in old transactions.
348
+
if ((int)$new <= 0) {
349
+
$new_display = "(invalid epoch timestamp: {$new})";
350
+
} else {
351
+
$new_display = phabricator_datetime($new, $this->getUser());
352
+
}
340
353
if ($old === null) {
341
354
$desc = "set field '{$label}' to '{$new_display}'";
342
355
} else {
343
-
$old_display = phabricator_datetime($old, $this->getUser());
356
+
if ((int)$old <= 0) {
357
+
$old_display = "(invalid epoch timestamp: {$old})";
358
+
} else {
359
+
$old_display = phabricator_datetime($old, $this->getUser());
360
+
}
344
361
$desc = "changed field '{$label}' ".
345
362
"from '{$old_display}' to '{$new_display}'";
346
363
}