From f12bec530a86c38c707648f0201fda265f78e440 Mon Sep 17 00:00:00 2001
From: Daniel Friesel <derf@finalrewind.org>
Date: Mon, 26 Dec 2022 15:35:33 +0100
Subject: yearly/monthly history: return 404 for invalid dates

---
 lib/Travelynx/Controller/Traveling.pm | 98 ++++++++++++++++-------------------
 1 file changed, 45 insertions(+), 53 deletions(-)

(limited to 'lib/Travelynx/Controller/Traveling.pm')

diff --git a/lib/Travelynx/Controller/Traveling.pm b/lib/Travelynx/Controller/Traveling.pm
index 1517a7b..dee6c1f 100755
--- a/lib/Travelynx/Controller/Traveling.pm
+++ b/lib/Travelynx/Controller/Traveling.pm
@@ -1454,33 +1454,29 @@ sub yearly_history {
 	# -> Limit time range to avoid accidental DoS.
 	if ( not( $year =~ m{ ^ [0-9]{4} $ }x and $year > 1990 and $year < 2100 ) )
 	{
-		@journeys = $self->journeys->get(
-			uid           => $self->current_user->{id},
-			with_datetime => 1
-		);
-	}
-	else {
-		my $interval_start = DateTime->new(
-			time_zone => 'Europe/Berlin',
-			year      => $year,
-			month     => 1,
-			day       => 1,
-			hour      => 0,
-			minute    => 0,
-			second    => 0,
-		);
-		my $interval_end = $interval_start->clone->add( years => 1 );
-		@journeys = $self->journeys->get(
-			uid           => $self->current_user->{id},
-			after         => $interval_start,
-			before        => $interval_end,
-			with_datetime => 1
-		);
-		$stats = $self->journeys->get_stats(
-			uid  => $self->current_user->{id},
-			year => $year
-		);
+		$self->render('not_found');
+		return;
 	}
+	my $interval_start = DateTime->new(
+		time_zone => 'Europe/Berlin',
+		year      => $year,
+		month     => 1,
+		day       => 1,
+		hour      => 0,
+		minute    => 0,
+		second    => 0,
+	);
+	my $interval_end = $interval_start->clone->add( years => 1 );
+	@journeys = $self->journeys->get(
+		uid           => $self->current_user->{id},
+		after         => $interval_start,
+		before        => $interval_end,
+		with_datetime => 1
+	);
+	$stats = $self->journeys->get_stats(
+		uid  => $self->current_user->{id},
+		year => $year
+	);
 
 	$self->respond_to(
 		json => {
@@ -1519,34 +1515,30 @@ sub monthly_history {
 			and $month < 13 )
 	  )
 	{
-		@journeys = $self->journeys->get(
-			uid           => $self->current_user->{id},
-			with_datetime => 1
-		);
-	}
-	else {
-		my $interval_start = DateTime->new(
-			time_zone => 'Europe/Berlin',
-			year      => $year,
-			month     => $month,
-			day       => 1,
-			hour      => 0,
-			minute    => 0,
-			second    => 0,
-		);
-		my $interval_end = $interval_start->clone->add( months => 1 );
-		@journeys = $self->journeys->get(
-			uid           => $self->current_user->{id},
-			after         => $interval_start,
-			before        => $interval_end,
-			with_datetime => 1
-		);
-		$stats = $self->journeys->get_stats(
-			uid   => $self->current_user->{id},
-			year  => $year,
-			month => $month
-		);
+		$self->render('not_found');
+		return;
 	}
+	my $interval_start = DateTime->new(
+		time_zone => 'Europe/Berlin',
+		year      => $year,
+		month     => $month,
+		day       => 1,
+		hour      => 0,
+		minute    => 0,
+		second    => 0,
+	);
+	my $interval_end = $interval_start->clone->add( months => 1 );
+	@journeys = $self->journeys->get(
+		uid           => $self->current_user->{id},
+		after         => $interval_start,
+		before        => $interval_end,
+		with_datetime => 1
+	);
+	$stats = $self->journeys->get_stats(
+		uid   => $self->current_user->{id},
+		year  => $year,
+		month => $month
+	);
 
 	$self->respond_to(
 		json => {
-- 
cgit v1.2.3