From 07cdf6267d4cb76486e43731fcddfdfd8f290c99 Mon Sep 17 00:00:00 2001
From: Ivan Enderlin <ivan.enderlin@hoa-project.net>
Date: Thu, 6 Nov 2014 15:02:52 +0100
Subject: [PATCH 1/2] Strict hours and days format.

Avoid 29h, 00d or 36d for example.
---
 lib/Util.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/Util.php b/lib/Util.php
index 93c50d3..64b1113 100644
--- a/lib/Util.php
+++ b/lib/Util.php
@@ -27,11 +27,11 @@ static function parseHTTPDate($dateHeader) {
         $month = '(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)';
         $weekday = '(Monday|Tuesday|Wednesday|Thursday|Friday|Saturday|Sunday)';
         $wkday = '(Mon|Tue|Wed|Thu|Fri|Sat|Sun)';
-        $time = '[0-2]\d(\:[0-5]\d){2}';
-        $date3 = $month . ' ([1-3]\d| \d)';
-        $date2 = '[0-3]\d\-' . $month . '\-\d\d';
+        $time = '([0-1]\d|2[0-3])(\:[0-5]\d){2}';
+        $date3 = $month . ' ([12]\d|3[01]| [1-9])';
+        $date2 = '(0[1-9]|[12]\d|3[01])\-' . $month . '\-\d{2}';
         //4-digit year cannot begin with 0 - unix timestamp begins in 1970
-        $date1 = '[0-3]\d ' . $month . ' [1-9]\d{3}';
+        $date1 = '(0[1-9]|[12]\d|3[01]) ' . $month . ' [1-9]\d{3}';
 
         //ANSI C's asctime() format
         //4-digit year cannot begin with 0 - unix timestamp begins in 1970

From e893b01704cd45c97ed96feb5a95322366b9a99b Mon Sep 17 00:00:00 2001
From: Ivan Enderlin <ivan.enderlin@hoa-project.net>
Date: Thu, 6 Nov 2014 15:18:10 +0100
Subject: [PATCH 2/2] Add tests for invalid days and hours.

---
 tests/HTTP/UtilTest.php | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/tests/HTTP/UtilTest.php b/tests/HTTP/UtilTest.php
index 4a537b3..447c899 100644
--- a/tests/HTTP/UtilTest.php
+++ b/tests/HTTP/UtilTest.php
@@ -33,6 +33,16 @@ function testParseHTTPDateFail() {
             'Wednesday, 13-Oct-10 10:26:00 UTC',
             // No space before the 6
             'Wed Oct 6 10:26:00 2010',
+            // Invalid day
+            'Wed Oct  0 10:26:00 2010',
+            'Wed Oct 32 10:26:00 2010',
+            'Wed, 0 Oct 2010 10:26:00 GMT',
+            'Wed, 32 Oct 2010 10:26:00 GMT',
+            'Wednesday, 32-Oct-10 10:26:00 GMT',
+            // Invalid hour
+            'Wed, 13 Oct 2010 24:26:00 GMT',
+            'Wednesday, 13-Oct-10 24:26:00 GMT',
+            'Wed Oct 13 24:26:00 2010',
         );
 
         foreach($times as $time) {