ImageHistoryPseudoPager: Protect against TimestampException from bad user input

Bug: T204796
Change-Id: I17455fef0d899c56ce10f0df0db3457d944e353d

diff --git a/includes/page/ImageHistoryPseudoPager.php b/includes/page/ImageHistoryPseudoPager.php
index 20bc614..799c33a 100644 (file)
--- a/includes/page/ImageHistoryPseudoPager.php
+++ b/includes/page/ImageHistoryPseudoPager.php
@@ -18,6 +18,8 @@
  * @file
  */
 
+use Wikimedia\Timestamp\TimestampException;
+
 class ImageHistoryPseudoPager extends ReverseChronologicalPager {
        protected $preventClickjacking = false;
 
@@ -138,6 +140,14 @@ class ImageHistoryPseudoPager extends ReverseChronologicalPager {
                if ( !$this->mImg->exists() ) {
                        return;
                }
+               // Make sure the date (probably from user input) is valid; if not, drop it.
+               if ( $this->mOffset !== null ) {
+                       try {
+                               $sadlyWeCannotPassThisTimestampDownTheStack = $this->mDb->timestamp( $this->mOffset );
+                       } catch ( TimestampException $e ) {
+                               $this->mOffset = null;
+                       }
+               }
                $queryLimit = $this->mLimit + 1; // limit plus extra row
                if ( $this->mIsBackwards ) {
                        // Fetch the file history