From ee4ce43e91a87d04a7283f71d7a4cf4ca6732470 Mon Sep 17 00:00:00 2001
From: Christian Flothmann <christian.flothmann@sensiolabs.de>
Date: Fri, 14 Sep 2018 13:24:16 +0200
Subject: [PATCH] fail reverse transforming invalid RFC 3339 dates

---
 .../DateTimeToRfc3339Transformer.php            | 10 ++++++----
 .../DateTimeToRfc3339TransformerTest.php        | 17 +++++++++++++++--
 2 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/src/Symfony/Component/Form/Extension/Core/DataTransformer/DateTimeToRfc3339Transformer.php b/src/Symfony/Component/Form/Extension/Core/DataTransformer/DateTimeToRfc3339Transformer.php
index f905fb8665..8d1a92af8b 100644
--- a/src/Symfony/Component/Form/Extension/Core/DataTransformer/DateTimeToRfc3339Transformer.php
+++ b/src/Symfony/Component/Form/Extension/Core/DataTransformer/DateTimeToRfc3339Transformer.php
@@ -69,6 +69,10 @@ class DateTimeToRfc3339Transformer extends BaseDateTimeTransformer
             return;
         }
 
+        if (!preg_match('/^(\d{4})-(\d{2})-(\d{2})T\d{2}:\d{2}(?::\d{2})?(?:\.\d)?(?:Z|(?:(?:\+|-)\d{2}:\d{2}))$/', $rfc3339, $matches)) {
+            throw new TransformationFailedException(sprintf('The date "%s" is not a valid date.', $rfc3339));
+        }
+
         try {
             $dateTime = new \DateTime($rfc3339);
         } catch (\Exception $e) {
@@ -79,10 +83,8 @@ class DateTimeToRfc3339Transformer extends BaseDateTimeTransformer
             $dateTime->setTimezone(new \DateTimeZone($this->inputTimezone));
         }
 
-        if (preg_match('/(\d{4})-(\d{2})-(\d{2})/', $rfc3339, $matches)) {
-            if (!checkdate($matches[2], $matches[3], $matches[1])) {
-                throw new TransformationFailedException(sprintf('The date "%s-%s-%s" is not a valid date.', $matches[1], $matches[2], $matches[3]));
-            }
+        if (!checkdate($matches[2], $matches[3], $matches[1])) {
+            throw new TransformationFailedException(sprintf('The date "%s-%s-%s" is not a valid date.', $matches[1], $matches[2], $matches[3]));
         }
 
         return $dateTime;
diff --git a/src/Symfony/Component/Form/Tests/Extension/Core/DataTransformer/DateTimeToRfc3339TransformerTest.php b/src/Symfony/Component/Form/Tests/Extension/Core/DataTransformer/DateTimeToRfc3339TransformerTest.php
index c02d3dd695..5f4043523e 100644
--- a/src/Symfony/Component/Form/Tests/Extension/Core/DataTransformer/DateTimeToRfc3339TransformerTest.php
+++ b/src/Symfony/Component/Form/Tests/Extension/Core/DataTransformer/DateTimeToRfc3339TransformerTest.php
@@ -134,12 +134,25 @@ class DateTimeToRfc3339TransformerTest extends TestCase
     }
 
     /**
+     * @dataProvider invalidDateStringProvider
      * @expectedException \Symfony\Component\Form\Exception\TransformationFailedException
      */
-    public function testReverseTransformExpectsValidDateString()
+    public function testReverseTransformExpectsValidDateString($date)
     {
         $transformer = new DateTimeToRfc3339Transformer('UTC', 'UTC');
 
-        $transformer->reverseTransform('2010-2010-2010');
+        $transformer->reverseTransform($date);
+    }
+
+    public function invalidDateStringProvider()
+    {
+        return array(
+            'invalid month' => array('2010-2010-01'),
+            'invalid day' => array('2010-10-2010'),
+            'no date' => array('x'),
+            'cookie format' => array('Saturday, 01-May-2010 04:05:00 Z'),
+            'RFC 822 format' => array('Sat, 01 May 10 04:05:00 +0000'),
+            'RSS format' => array('Sat, 01 May 2010 04:05:00 +0000'),
+        );
     }
 }