PHP :: Bug #79618 :: PHP: checkdate does not validate input

Bug #79618	PHP: checkdate does not validate input
Submitted:	2020-05-21 18:42 UTC	Modified:	2020-05-21 18:46 UTC
From:	adam dot engle at adventhealth dot com	Assigned:
Status:	Not a bug	Package:	Date/time related
PHP Version:	7.4.6	OS:	Unix/OSX
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	adam dot engle at adventhealth dot com
New email:
PHP Version:		OS:

New Comment:

[2020-05-21 18:42 UTC] adam dot engle at adventhealth dot com

Description:
------------
---
From manual page: https://php.net/function.checkdate
---

echo "<?php var_dump(checkdate(12, 31, '2000<script>alert(1)</script>'));" | php
bool(true)

echo "<?php var_dump(checkdate('12<script>alert(1)</script>', 31, 2000));" | php
bool(true)

Test script:
---------------
<?php
//Assume year is received via unvalidated input
$post_year_val = '2000<script>alert(1)</script>';
if (!checkdate(12, 1, $post_year_val)) {
        $nowArray = getdate();
        $month = $nowArray['mon'];
        $year = $nowArray['year'];
} else {
        $month = 12;
        $year = $post_year_val;
}

$display_block = "<html><head/><body>";
$calendardate = $year."-".$month."-01";
$display_block .= $calendardate;
$display_block .= '</body></html>';

echo $display_block;

Expected result:
----------------
If input is not a valid integer as an input parameter, the function should fail closed, returning false.  Otherwise, unintended consequences could result if a developer assumes the input provided to this function creates a valid date.

Actual result:
--------------
PHP 7.4.6 does provide a notice that it did not receive a well-formed int, however, it continues processing anyway if a date can be devised from the string, failing open and returning true.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2020-05-21 18:46 UTC] peehaa@php.net

-Status: Open +Status: Not a bug

[2020-05-21 18:46 UTC] peehaa@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

PHP casts the data.

For more information see https://www.php.net/manual/en/language.types.type-juggling.php and https://www.php.net/manual/en/functions.arguments.php#functions.arguments.type-declaration.strict

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri May 09 15:01:27 2025 UTC