DateRangeFilter input validation

[Nibbels]

Hello,

DatatablesBundle/Datatable/Filter/DateRangeFilter.php

Line 43 in 5cca7f7

list($_dateStart, $_dateEnd) = explode(' - ', $searchValue);

    /**
     * {@inheritdoc}
     */
    public function addAndExpression(Andx $andExpr, QueryBuilder $qb, $searchField, $searchValue, $searchTypeOfField, &$parameterCounter)
    {
        list($_dateStart, $_dateEnd) = explode(' - ', $searchValue);
        $dateStart = new DateTime($_dateStart);
        $dateEnd = new DateTime($_dateEnd);
        $dateEnd->setTime(23, 59, 59);

        $andExpr = $this->getBetweenAndExpression($andExpr, $qb, $searchField, $dateStart->format('Y-m-d H:i:s'), $dateEnd->format('Y-m-d H:i:s'), $parameterCounter);
        $parameterCounter += 2;

        return $andExpr;
    }

I want to recommend some hardening for this functions input values one day.
I know the search string comes from $request->columns->{columnnumber}->search->value.

If I pipe some garbage string 'hello - 123' into this filter an exception happens because of the non parsable date or the explode.
If I only return one date '2019-05-14' by manually let the user type in dates then an exception happens too, because of the explode(' - ' ...).

In case of the DateRangeFilter

• I would prefer to have no results when the requests search value is no date at all. "andWhere('1=0')"
• I would prefer to have a one day result when the requests search value is one date without a " - "

Why do I complain? I try to rework some project and found that at least in my project/browser the user can input the string into the date range search field manually. That causes exceptions which I cannot cover without overwriting/extending the class or writing a special prefilter for the request. (At least from my active point of view.)

Greetings

[stephanvierkant]

Thanks for your feedback! I agree, I see those exceptions in my logs as well. This should be improved.

Feel free to open a PR.