From 9ab6c15b92d4cf7935f752fd5408d70e494e0f0b Mon Sep 17 00:00:00 2001
From: Mitch Jackson <mitch@mitchjacksontech.com>
Date: Sun, 26 Aug 2018 17:11:38 -0400
Subject: [PATCH] RT# 80869 Improve cust_main.paydate validation

---
 FS/FS/Record.pm    | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 FS/FS/cust_main.pm |  4 ++++
 2 files changed, 58 insertions(+)

diff --git a/FS/FS/Record.pm b/FS/FS/Record.pm
index 9f9b1e2fc..5048e4407 100644
--- a/FS/FS/Record.pm
+++ b/FS/FS/Record.pm
@@ -2999,6 +2999,60 @@ sub ut_enumn {
     : '';
 }
 
+=item ut_date COLUMN
+
+Check/untaint a column containing a date string.
+
+Date will be normalized to YYYY-MM-DD format
+
+=cut
+
+sub ut_date {
+  my ( $self, $field ) = @_;
+  my $value = $self->getfield( $field );
+
+  my @date = split /[\-\/]/, $value;
+  if ( scalar(@date) == 3 ) {
+    @date = @date[2,0,1] if $date[2] >= 1900;
+
+    local $@;
+    my $ymd;
+    eval {
+      # DateTime will die given invalid date
+      $ymd = DateTime->new(
+        year  => $date[0],
+        month => $date[1],
+        day   => $date[2],
+      )->ymd('-');
+    };
+
+    unless( $@ ) {
+      $self->setfield( $field, $ymd ) unless $value eq $ymd;
+      return '';
+    }
+
+  }
+  return "Illegal (date) field $field: $value";
+}
+
+=item ut_daten COLUMN
+
+Check/untaint a column containing a date string.
+
+Column may be null.
+
+Date will be normalized to YYYY-MM-DD format
+
+=cut
+
+sub ut_daten {
+  my ( $self, $field ) = @_;
+
+  $self->getfield( $field ) =~ /^()$/
+  ? $self->setfield( $field, '' )
+  : $self->ut_date( $field );
+}
+
 =item ut_flag COLUMN
 
 Check/untaint a column if it contains either an empty string or 'Y'.  This
diff --git a/FS/FS/cust_main.pm b/FS/FS/cust_main.pm
index 621f3d144..36775127b 100644
--- a/FS/FS/cust_main.pm
+++ b/FS/FS/cust_main.pm
@@ -2145,6 +2145,10 @@ sub check {
       if !$import
       && !$ignore_expired_card 
       && ( $y<$nowy || ( $y==$nowy && $1<$nowm ) );
+
+    if ( my $error = $self->ut_daten('paydate') ) {
+      return $error;
+    }
   }
 
   if ( $self->payname eq '' && $self->payby !~ /^(CHEK|DCHK)$/ &&
-- 
2.11.0