/** * Sanitize a date for SQL search. Return false if malformed input. * */ function yourls_sanitize_date_for_sql($date) { if (!yourls_sanitize_date($date)) { return false; } return date('Y-m-d', strtotime($date)); }
break; case 'after': $date_filter = 'after'; if (isset($_GET['date_first']) && yourls_sanitize_date($_GET['date_first'])) { $date_first_sql = yourls_sanitize_date_for_sql($_GET['date_first']); $date_first = yourls_sanitize_date($_GET['date_first']); $where .= " AND `timestamp` > '{$date_first_sql}'"; } break; case 'between': $date_filter = 'between'; if (isset($_GET['date_first']) && isset($_GET['date_second']) && yourls_sanitize_date($_GET['date_first']) && yourls_sanitize_date($_GET['date_second'])) { $date_first_sql = yourls_sanitize_date_for_sql($_GET['date_first']); $date_second_sql = yourls_sanitize_date_for_sql($_GET['date_second']); $date_first = yourls_sanitize_date($_GET['date_first']); $date_second = yourls_sanitize_date($_GET['date_second']); $where .= " AND `timestamp` BETWEEN '{$date_first_sql}' AND '{$date_second_sql}'"; } break; } } // Sorting if (!empty($_GET['sort_by']) || !empty($_GET['sort_order'])) { switch ($_GET['sort_by']) { case 'keyword': $sort_by_text = yourls__('Short URL'); $sort_by = 'keyword'; break; case 'url': $sort_by_text = yourls__('URL'); $sort_by = 'url';
$date_first_sql = yourls_sanitize_date_for_sql($_GET['date_first']); $where .= " AND `timestamp` < '{$date_first_sql}'"; $date_first = $_GET['date_first']; } break; case 'after': $date_filter = 'after'; if (yourls_sanitize_date($_GET['date_first'])) { $date_first_sql = yourls_sanitize_date_for_sql($_GET['date_first']); $where .= " AND `timestamp` > '{$date_first_sql}'"; $date_first = $_GET['date_first']; } break; case 'between': $date_filter = 'between'; if (yourls_sanitize_date($_GET['date_first']) && yourls_sanitize_date($_GET['date_second'])) { $date_first_sql = yourls_sanitize_date_for_sql($_GET['date_first']); $date_second_sql = yourls_sanitize_date_for_sql($_GET['date_second']); $where .= " AND `timestamp` BETWEEN '{$date_first_sql}' AND '{$date_second_sql}'"; $date_first = $_GET['date_first']; $date_second = $_GET['date_second']; } break; } } // Sorting if (!empty($_GET['s_by']) || !empty($_GET['s_order'])) { switch ($_GET['s_by']) { case 'keyword': $sort_by_text = 'Short URL'; $sort_by_sql = 'keyword';