hasFormat false positive

[djereg]

Hello,

I encountered an issue with the following code:

echo Carbon::hasFormat('2020-09-09', 'Y.m.d');

Carbon version: 2.39.1

PHP version: 7.4.9

I expected to get:

false

But I actually get:

true

For this format, the generated regex is ([1-9]?[0-9]{4}).(1[012]|0[1-9]).(3[01]|[12][0-9]|0[1-9]) where the problem is the . between the parts, instead of \., which will pass everything on that places.

Carbon::hasFormat('2020-09-09', 'Y.m.d'); // true
Carbon::hasFormat('2020.09.09', 'Y.m.d'); // true
Carbon::hasFormat('2020*09*09', 'Y.m.d'); // true
Carbon::hasFormat('2020k09d09', 'Y.m.d'); // true

Carbon/src/Carbon/Traits/Comparison.php

Lines 859 to 887 in 7af4678

	public static function hasFormat($date, $format)
	{
	// createFromFormat() is known to handle edge cases silently.
	// E.g. "1975-5-1" (Y-n-j) will still be parsed correctly when "Y-m-d" is supplied as the format.
	// To ensure we're really testing against our desired format, perform an additional regex validation.
	// Preg quote, but remove escaped backslashes since we'll deal with escaped characters in the format string.
	$quotedFormat = str_replace('\\\\', '\\', preg_quote($format, '/'));
	// Build the regex string
	$regex = '';
	for ($i = 0; $i < strlen($quotedFormat); ++$i) {
	// Backslash – the next character does not represent a date token so add it on as-is and continue.
	// We're doing an extra ++$i here to increment the loop by 2.
	if ($quotedFormat[$i] === '\\') {
	$char = $quotedFormat[++$i];
	$regex .= $char === '\\' ? '\\\\' : $char;
	continue;
	}
	$regex .= strtr($quotedFormat[$i], static::$regexFormats);
	}
	$regex = preg_replace('#(?<!\\\\)((?:\\\\{2})*)/#', '$1\\/', $regex);
	return (bool) @preg_match('/^'.$regex.'$/', $date);
	}

Thanks!

[kylekatarnls]

I confirm this regressed from 2.39.0 to 2.39.1.

[kylekatarnls]

Fixed in 2.39.2. Thanks for the report.