From 4f7cc7d53bfa3b836580432f4c9f41e8293b1a5f Mon Sep 17 00:00:00 2001 From: James Cole Date: Sat, 25 Jan 2025 04:49:28 +0100 Subject: [PATCH] More strict date validation --- app/Api/V1/Requests/Models/AvailableBudget/Request.php | 4 ++-- app/Api/V1/Requests/Models/Bill/StoreRequest.php | 6 +++--- app/Api/V1/Requests/Models/Bill/UpdateRequest.php | 6 +++--- app/Api/V1/Requests/Models/BudgetLimit/UpdateRequest.php | 4 ++-- app/Api/V1/Requests/Models/Recurrence/UpdateRequest.php | 2 +- app/Api/V1/Requests/Models/Rule/TestRequest.php | 4 ++-- app/Api/V1/Requests/Models/Rule/TriggerRequest.php | 4 ++-- app/Api/V1/Requests/Models/RuleGroup/TestRequest.php | 4 ++-- app/Api/V1/Requests/Models/RuleGroup/TriggerRequest.php | 4 ++-- app/Api/V1/Requests/Models/Tag/StoreRequest.php | 2 +- app/Api/V1/Requests/Models/Tag/UpdateRequest.php | 2 +- app/Api/V1/Requests/System/CronRequest.php | 2 +- .../V2/Request/Model/Transaction/InfiniteListRequest.php | 4 ++-- app/Api/V2/Request/Model/Transaction/ListRequest.php | 4 ++-- 14 files changed, 26 insertions(+), 26 deletions(-) diff --git a/app/Api/V1/Requests/Models/AvailableBudget/Request.php b/app/Api/V1/Requests/Models/AvailableBudget/Request.php index 613855646f..5b0adb3b52 100644 --- a/app/Api/V1/Requests/Models/AvailableBudget/Request.php +++ b/app/Api/V1/Requests/Models/AvailableBudget/Request.php @@ -66,8 +66,8 @@ class Request extends FormRequest 'currency_id' => 'numeric|exists:transaction_currencies,id', 'currency_code' => 'min:3|max:51|exists:transaction_currencies,code', 'amount' => ['nullable', new IsValidPositiveAmount()], - 'start' => 'date', - 'end' => 'date', + 'start' => 'date|after:1900-01-01|before:2099-12-31', + 'end' => 'date|after:1900-01-01|before:2099-12-31', ]; } diff --git a/app/Api/V1/Requests/Models/Bill/StoreRequest.php b/app/Api/V1/Requests/Models/Bill/StoreRequest.php index 5966bfbcff..e6b82c2216 100644 --- a/app/Api/V1/Requests/Models/Bill/StoreRequest.php +++ b/app/Api/V1/Requests/Models/Bill/StoreRequest.php @@ -78,9 +78,9 @@ class StoreRequest extends FormRequest 'amount_max' => ['required', new IsValidPositiveAmount()], 'currency_id' => 'numeric|exists:transaction_currencies,id', 'currency_code' => 'min:3|max:51|exists:transaction_currencies,code', - 'date' => 'date|required', - 'end_date' => 'nullable|date|after:date', - 'extension_date' => 'nullable|date|after:date', + 'date' => 'date|required|after:1900-01-01|before:2099-12-31', + 'end_date' => 'nullable|date|after:date|after:1900-01-01|before:2099-12-31', + 'extension_date' => 'nullable|date|after:date|after:1900-01-01|before:2099-12-31', 'repeat_freq' => 'in:weekly,monthly,quarterly,half-year,yearly|required', 'skip' => 'min:0|max:31|numeric', 'active' => [new IsBoolean()], diff --git a/app/Api/V1/Requests/Models/Bill/UpdateRequest.php b/app/Api/V1/Requests/Models/Bill/UpdateRequest.php index 4b666bac4a..be00edb215 100644 --- a/app/Api/V1/Requests/Models/Bill/UpdateRequest.php +++ b/app/Api/V1/Requests/Models/Bill/UpdateRequest.php @@ -81,9 +81,9 @@ class UpdateRequest extends FormRequest 'amount_max' => ['nullable', new IsValidPositiveAmount()], 'currency_id' => 'numeric|exists:transaction_currencies,id', 'currency_code' => 'min:3|max:51|exists:transaction_currencies,code', - 'date' => 'date', - 'end_date' => 'date|after:date', - 'extension_date' => 'date|after:date', + 'date' => 'date|after:1900-01-01|before:2099-12-31', + 'end_date' => 'date|after:date|after:1900-01-01|before:2099-12-31', + 'extension_date' => 'date|after:date|after:1900-01-01|before:2099-12-31', 'repeat_freq' => 'in:weekly,monthly,quarterly,half-year,yearly', 'skip' => 'min:0|max:31|numeric', 'active' => [new IsBoolean()], diff --git a/app/Api/V1/Requests/Models/BudgetLimit/UpdateRequest.php b/app/Api/V1/Requests/Models/BudgetLimit/UpdateRequest.php index 16814d24a6..34a191c2a7 100644 --- a/app/Api/V1/Requests/Models/BudgetLimit/UpdateRequest.php +++ b/app/Api/V1/Requests/Models/BudgetLimit/UpdateRequest.php @@ -67,8 +67,8 @@ class UpdateRequest extends FormRequest public function rules(): array { return [ - 'start' => 'date', - 'end' => 'date', + 'start' => 'date|after:1900-01-01|before:2099-12-31', + 'end' => 'date|after:1900-01-01|before:2099-12-31', 'amount' => ['nullable', new IsValidPositiveAmount()], 'currency_id' => 'numeric|exists:transaction_currencies,id', 'currency_code' => 'min:3|max:51|exists:transaction_currencies,code', diff --git a/app/Api/V1/Requests/Models/Recurrence/UpdateRequest.php b/app/Api/V1/Requests/Models/Recurrence/UpdateRequest.php index 8c7ab24f79..f81fca7b8c 100644 --- a/app/Api/V1/Requests/Models/Recurrence/UpdateRequest.php +++ b/app/Api/V1/Requests/Models/Recurrence/UpdateRequest.php @@ -154,7 +154,7 @@ class UpdateRequest extends FormRequest return [ 'title' => sprintf('min:1|max:255|uniqueObjectForUser:recurrences,title,%d', $recurrence->id), 'description' => 'min:1|max:32768', - 'first_date' => 'date', + 'first_date' => 'date|after:1900-01-01|before:2099-12-31', 'apply_rules' => [new IsBoolean()], 'active' => [new IsBoolean()], 'repeat_until' => 'nullable|date', diff --git a/app/Api/V1/Requests/Models/Rule/TestRequest.php b/app/Api/V1/Requests/Models/Rule/TestRequest.php index 2703365859..a22b170df3 100644 --- a/app/Api/V1/Requests/Models/Rule/TestRequest.php +++ b/app/Api/V1/Requests/Models/Rule/TestRequest.php @@ -71,8 +71,8 @@ class TestRequest extends FormRequest public function rules(): array { return [ - 'start' => 'date', - 'end' => 'date|after_or_equal:start', + 'start' => 'date|after:1900-01-01|before:2099-12-31', + 'end' => 'date|after_or_equal:start|after:1900-01-01|before:2099-12-31', 'accounts' => '', 'accounts.*' => 'required|exists:accounts,id|belongsToUser:accounts', ]; diff --git a/app/Api/V1/Requests/Models/Rule/TriggerRequest.php b/app/Api/V1/Requests/Models/Rule/TriggerRequest.php index 77f9a9e650..07a4feb7d1 100644 --- a/app/Api/V1/Requests/Models/Rule/TriggerRequest.php +++ b/app/Api/V1/Requests/Models/Rule/TriggerRequest.php @@ -65,8 +65,8 @@ class TriggerRequest extends FormRequest public function rules(): array { return [ - 'start' => 'date', - 'end' => 'date|after_or_equal:start', + 'start' => 'date|after:1900-01-01|before:2099-12-31', + 'end' => 'date|after_or_equal:start|after:1900-01-01|before:2099-12-31', 'accounts' => '', 'accounts.*' => 'exists:accounts,id|belongsToUser:accounts', ]; diff --git a/app/Api/V1/Requests/Models/RuleGroup/TestRequest.php b/app/Api/V1/Requests/Models/RuleGroup/TestRequest.php index 839c6c15ed..79230edebf 100644 --- a/app/Api/V1/Requests/Models/RuleGroup/TestRequest.php +++ b/app/Api/V1/Requests/Models/RuleGroup/TestRequest.php @@ -65,8 +65,8 @@ class TestRequest extends FormRequest public function rules(): array { return [ - 'start' => 'date', - 'end' => 'date|after_or_equal:start', + 'start' => 'date|after:1900-01-01|before:2099-12-31', + 'end' => 'date|after_or_equal:start|after:1900-01-01|before:2099-12-31', 'accounts' => '', 'accounts.*' => 'exists:accounts,id|belongsToUser:accounts', ]; diff --git a/app/Api/V1/Requests/Models/RuleGroup/TriggerRequest.php b/app/Api/V1/Requests/Models/RuleGroup/TriggerRequest.php index fe9d0a002d..97038d6ef2 100644 --- a/app/Api/V1/Requests/Models/RuleGroup/TriggerRequest.php +++ b/app/Api/V1/Requests/Models/RuleGroup/TriggerRequest.php @@ -69,8 +69,8 @@ class TriggerRequest extends FormRequest public function rules(): array { return [ - 'start' => 'date', - 'end' => 'date|after_or_equal:start', + 'start' => 'date|after:1900-01-01|before:2099-12-31', + 'end' => 'date|after_or_equal:start|after:1900-01-01|before:2099-12-31', ]; } } diff --git a/app/Api/V1/Requests/Models/Tag/StoreRequest.php b/app/Api/V1/Requests/Models/Tag/StoreRequest.php index bdf59849b3..2041d8f4b7 100644 --- a/app/Api/V1/Requests/Models/Tag/StoreRequest.php +++ b/app/Api/V1/Requests/Models/Tag/StoreRequest.php @@ -62,7 +62,7 @@ class StoreRequest extends FormRequest $rules = [ 'tag' => 'required|min:1|uniqueObjectForUser:tags,tag|max:1024', 'description' => 'min:1|nullable|max:32768', - 'date' => 'date|nullable', + 'date' => 'date|nullable|after:1900-01-01|before:2099-12-31', ]; return Location::requestRules($rules); diff --git a/app/Api/V1/Requests/Models/Tag/UpdateRequest.php b/app/Api/V1/Requests/Models/Tag/UpdateRequest.php index 9355edad15..8ecf7f71a2 100644 --- a/app/Api/V1/Requests/Models/Tag/UpdateRequest.php +++ b/app/Api/V1/Requests/Models/Tag/UpdateRequest.php @@ -66,7 +66,7 @@ class UpdateRequest extends FormRequest $rules = [ 'tag' => 'min:1|max:1024|uniqueObjectForUser:tags,tag,'.$tag->id, 'description' => 'min:1|nullable|max:32768', - 'date' => 'date|nullable', + 'date' => 'date|nullable|after:1900-01-01|before:2099-12-31', ]; return Location::requestRules($rules); diff --git a/app/Api/V1/Requests/System/CronRequest.php b/app/Api/V1/Requests/System/CronRequest.php index 4ce959c635..9b76e11239 100644 --- a/app/Api/V1/Requests/System/CronRequest.php +++ b/app/Api/V1/Requests/System/CronRequest.php @@ -68,7 +68,7 @@ class CronRequest extends FormRequest { return [ 'force' => 'in:true,false', - 'date' => 'date', + 'date' => 'nullable|date|after:1900-01-01|before:2099-12-31', ]; } } diff --git a/app/Api/V2/Request/Model/Transaction/InfiniteListRequest.php b/app/Api/V2/Request/Model/Transaction/InfiniteListRequest.php index 51c8b0460c..9f083d3935 100644 --- a/app/Api/V2/Request/Model/Transaction/InfiniteListRequest.php +++ b/app/Api/V2/Request/Model/Transaction/InfiniteListRequest.php @@ -109,8 +109,8 @@ class InfiniteListRequest extends FormRequest public function rules(): array { return [ - 'start' => 'date', - 'end' => 'date|after:start', + 'start' => 'date|after:1900-01-01|before:2099-12-31', + 'end' => 'date|after:start|after:1900-01-01|before:2099-12-31', 'start_row' => 'integer|min:0|max:4294967296', 'end_row' => 'integer|min:0|max:4294967296|gt:start_row', ]; diff --git a/app/Api/V2/Request/Model/Transaction/ListRequest.php b/app/Api/V2/Request/Model/Transaction/ListRequest.php index 3d72d70a00..ff6f767e30 100644 --- a/app/Api/V2/Request/Model/Transaction/ListRequest.php +++ b/app/Api/V2/Request/Model/Transaction/ListRequest.php @@ -84,8 +84,8 @@ class ListRequest extends FormRequest public function rules(): array { return [ - 'start' => 'date', - 'end' => 'date|after:start', + 'start' => 'date|after:1900-01-01|before:2099-12-31', + 'end' => 'date|after:start|after:1900-01-01|before:2099-12-31', ]; } }