getDateTime() giving wrong date for invalid H (hour)
#119
Comments
|
Hi @ThomasLandauer -- That's very interesting, and their response is interesting too -- I would've expected the overflow to be like you expected but I guess it's just down to their parsing. I think for my part though my take has been to focus on parsing an email rather than validating an email, and that goes for headers too. I've taken the approach of trying to silently ignore problems and give a result, and do my best to support bad implementations (within reason, I can't support every bad implementation some random person wrote for one website for example)... but even supporting an erroneous implementation, I've taken as being preferable to giving nothing or erroring out. To me this approach makes sense: if I'm using a library for something like email parsing, I rarely care if the email is invalid... if it is I'd rather see what the library can show me rather than tell me nothing. I can't say this is the definite correct way to go about this, or that it makes sense for everyone. This does mean two things though:
Also for date headers which is relying on PHP's date parsing for example, if you want the DateTime object I'm not really doing much beyond just parsing the header and passing it to php's parser. This seems to work for the most part, over the years #116 is probably the first report of a potential issue where parsing a date failed -- I wasn't able to find it happening myself, and hadn't heard of it happening otherwise... so I'm not sure how widespread that is, and if it warrants code to handle it. I'd be interested in hearing your perspective on this approach if you feel differently, for sure 👍 One thing I definitely seem to have failed as is creating a community around this... for what it's worth I'm happy to take other people's comments/work/suggestions for where this goes. I know that's not enough to make a community magically pop up, but finding the time to work on "community" always seemed secondary to me to just working on it, and I haven't had much time for a while to really do much on it in general. |
|
Since the main (only?) use case of this library is to parse incoming emails, I agree 100% with your approach! Telling me all the errors somebody else has made, doesn't help anybody ;-) Back to the Answering your question from the other issue:
In this case, it was just a poorly programmed spam bot ;-) But I think your question is incomplete - you should also ask:
Why? Looking at Murphy's law, it's quite probable that sooner or later even some "commonly-used mail client" will produce the same errors as the "erroneous system". So fixing today's erroneous system's bugs is the best "preparation" for dealing with tomorrow's commonly-used system's bugs ;-) So in this case I'd say: It's easy, so let's fix it! For my (internal) app to investigate this, I used this regexp: preg_match('/^(\w\w\w,\s+)?\d\d?\s+\w\w\w\s+\d\d\d\d\s+(\d\d)\:/', $date, $matches)
if (((int) $matches[2]) >= 24) |
|
Excellent, that's encouraging to hear 👍
It's what I meant by forgiving in goal number 2 in the readme, namely:
I could explain what I mean more by those goals somewhere I suppose, hehe. To be honest I humbly disagree with adding code to support every erroneous implementation, because:
In addition, each additional regex requires processing as well, although on their own each one may not add much, but given an infinite possibility of issues, we'd eventually end up with a huge number of regexes handling errors only caused by one or two very uncommon systems, slowing down parsing for the 99.999999% of emails that don't have that problem. I.e., does it make sense to add that regex check to every single email, when so many will not have that problem? I think Murphy's law in IT should be considered more in terms of your coding style -- if something can go wrong with what you've coded, it eventually will. For instance if I had a condition that for some reason failed to parse emails at 1:15am if your server is set to the GMT+6 timezone (I'm pretty bad at thinking of realistic examples I guess 😝 ), then yes, given that the code you made becomes more widely used and distributed, that may happen. Therefore, given that, my approach is:
Note that I wouldn't always take these as gospel either, for instance in this case for the dates, even if another parser handles it differently/better, I don't think I'd code that -- php has it's own DateTime parser, and I'd only be interested in number 1, because I'm not interested in parsing dates. Does that make sense to you too, and if not, what do you propose as an approach to address that, while also addressing the concerns I have? 😁 |
I see what you mean: feedback leads to improvement. But for email, this is an illusion! Look at the communication flow: And see it from another perspective: I you were looking for an email parsing library, how would you proceed? You'd probably take a sample of (real?) emails and run tests on it (that's what I'm doing right now, BTW). But on which emails would you decide which parser is the "best"? On those 99.9% "perfect" emails any parser can deal with? Or on those 0.1% edge cases where all others are failing?
Yeah, that's certainly a point! 2 lines for 99.9%, then 50 more lines for the remaining 0.1% ;-) But what about separating the code? There could be a "core" parser (which you maintain). And in all cases where your parser gives up (i.e. in this case something like
If you'd set up a "framework" for it, those community classes could do something like
Yeah, but the |
|
Just another example (spambot too):
|
|
One more point: Once you do have such "community classes", and there's another error popping up: It's less work to just add another |
|
haha, sorry, but I remain unconvinced.
That's true, there's no direct communication flow... but say you were testing your new outgoing email system which had a silly error in it, you sent it to mail-mime-parser for testing, and it worked, you're seeing the result you expect even though there's a problem, and you don't bother fixing it. You then send out to everyone based on that, but Thunderbird doesn't display your email, and you're baffled -- you tested it in mail-mime-parser. My library has a much, much, much smaller user-base than say Thunderbird, which is why I have a mix of judgment based on how widespread I perceive a bad implementation to be, and what they decided (if anything) to do about it. For my library adding these cases:
I also disagree that the email you found is 1 in 100 emails... if I had to guess it would probably be in the 1 in 1,000,000,000 or less -- consider there's an estimated 293.6 billion emails going in a single day, spam is 107 billion, and the vast, vast majority of them won't have this specific problem. Not only that, but it may be 1 in 1,000,000,000 emails sent out today for example assuming it's an issue happening right now from some spambot somewhere, but when the maker of that spambot discovers their emails aren't showing up in Outlook/Thunderbird/whatever correctly because of their weird date header, or are easily identified as spam because of it, they'll fix it... I'll still have the code checking though indefinitely, even though it's potentially 0 of 293.6 billion emails going out on a daily basis.
That also won't always work, as you've observed with this issue, the $outcome is in fact an instance of DateTime -- I'd still have to add (in this case) date validation code to check if the date is valid according to some standard first, which I'm not sure I care to do (validation is different from parsing in my view), and then on failure, check if we handle a handful of bad cases. That means the onus of handling this bad case for this one email falls on you as a unique user who wants this very specialized and rare handling, and so you can add that check in your code, where I feel it belongs. if (preg_match('blah', $themessage->getHeader('date')->getRawValue()) {
// handle it differently
}
I'd not be against this if someone were to write and submit a wonderful PR for it :) it would have to maintain my first goal of being well written (and designed) for inclusion, but apart from that could be done, and would welcome discussion/ideas on how to approach it nicely. |
|
On this specific Date issue:
Oops, you're right - I forgot that in the heat of the moment ;-) But something else just occurred to me: Why do you use
|
|
Oof, sorry my memory's not that good -- it's possible if you take those out and run the tests you will (hopefully) find some failing test-cases, or otherwise the git log would have to be dug through. I see for instance in comments that one reason is documented there: // First check as RFC822 which allows only 2-digit years I think very old versions of outlook used to send emails with 2-digits (again, bad memory so I could be very wrong about the sender, haha). The final 'attempt' with the constructor is just a catch-all, I'm not sure I had specific cases for it -- vague memory of the opposite not being true though (that I did it with createFromFormat to catch something specific). |
|
I've never done this before, so I'll rather ask you: ./vendor/bin/phpunit tests --configuration tests/phpunit.xmlIs this really the easiest way? Now for the good news: try {
$date = new DateTime($dateToken);
} catch (Exception $e) {
return false;
}
return $date;there's just one failure: So PR? |
Yup, you got it :) you can shorten Unfortunately that probably just means either I didn't add relevant tests or it could be failing in a specific PHP version... sure a PR would help (which will get travis to test in all versions also). If you have time looking at the commits that would be very helpful, otherwise I shall in due course. |
|
Hi @ThomasLandauer -- I'm not seeing what you see. On PHP7.4, removing all calls to From what I can tell, RFC(2)822 aren't specifically supported by the DateTime constructor: https://www.php.net/manual/en/datetime.formats.compound.php |
|
As far as I can tell I have tests covering every line in those functions, commenting any line out results in an error or failure running tests. |
See zbateson#119 (comment) Quick and dirty, just to see if the tests pass ;-)
|
Looks like all tests are passing: #129 (the PR is just a quick proof of concept, no final solution) For the PHP docs I just filed a bug: https://bugs.php.net/bug.php?id=79939 |
|
Hmmmm, nicely done. Thanks for persisting, and also for the bug report... I guess my bad testing produced bad results, haha. It may also just be a misunderstanding, perhaps the 'compound formats' page is meant to imply that the 'date' formats, the 'time' formats, and also 'these additional formats' are supported? I dunno -- will be interesting to see what they say. Having said that, it doesn't look to me like it's even a supported format here though: https://www.php.net/manual/en/datetime.formats.date.php quick glance and I don't see a date starting with a day of week. I wonder if it's just the locale that's handling it and maybe it won't work for everyone. Anyway, let's see what they say :) |
|
Answer at the PHP bug:
...which probably means something like: "It's so natural that we support those RFCs that there's no need to mention it somewhere" ;-) So what's next? Do you want to keep |
|
Hmmm, that is a weird answer though in a way, you'd think they'd document it... at least one line "RFC date formats are supported" or something. I'm also wondering if I originally did that for hhvm support. Anyway, based on that I'm happy to drop parseDateToken completely (remove the function, there's no need for it, and keep the existing exceptions... I'm okay with your regex to check if the year is only 2 characters, maybe use createFromFormat for that one case with the RFC822 format?) |
Which regex? This one? https://github.com/zbateson/mail-mime-parser/pull/129/files#diff-a82427206217fd4cf35fb32cd2a2a051R47 Special check for 2-digit year is not necessary - that works out of the box. |
|
Aah, right that's for the timezone, haha. DateTime() ftw then! |
|
I'd like to try to finish this, but please help me with Git(Hub)! I forked the repository and then cloned it to my local machine. But I need |
|
Haha, for sure -- You should be good to go if you You shouldn't need to worry about your commits being off, you should still be able to create a pull request from your patch-4 branch... so long as the files you've changed and the files changed here don't conflict, that should be an easy merge. If they do conflict it means I'd have to see what the differences are first and do a manual merge, but I wouldn't worry about that, that's normal process :) |
|
Generally I find it easier to keep my changes in separate branches on a fork, that way I can update my 'master' more easily and create new branches off it... you can then add the original repo as a secondary 'remote'... at least this is my favourite way of doing it (there may be better ways, hehe).
Then if you want to update it with whatever changes happened 'upstream', you can (on your master branch): This will work so long as your local master branch hasn't 'diverged' with your own commits. Edit: as-in will work without any additional 'merging'... which is fine if it happens, you just might have to resolve conflicts if there are any. |
|
Thanks - I guess it worked - see #129 |
If the email contains this header (notice the invalid hour)
then
gives "2018-09-24 04:59:30.0 +06:00" (notice that the day "jumped" from 17 to 24).
I just observed this behavior in the wild (on spam emails, I have to admit :-)
The reason is that your
DatePart::parseDateToken()uses PHP's\DateTime::createFromFormat– for which I've just filed a PHP bug: https://bugs.php.net/bug.php?id=79926Just wanted to let you know. Maybe you want to add your own validity check for the hour? IMO it's OK to return
nullin this case (since it's invalid), or return the next day (which seems to be the expected behavior of PHP). But returning the next week just doesn't make any sense ;-)The text was updated successfully, but these errors were encountered: