From: Greg Sabino Mullane <greg@users.mediawiki.org>
Date: Wed, 29 Nov 2006 14:05:52 +0000 (+0000)
Subject: Check for valid timestamp input, thanks to Brion for pointing this out.
X-Git-Tag: 1.31.0-rc.0~55036
X-Git-Url: https://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/comptes/ajouter.php?a=commitdiff_plain;h=47666dd8ed8fafc5a9dffab4becab6e76902f67e;p=lhc%2Fweb%2Fwiklou.git

Check for valid timestamp input, thanks to Brion for pointing this out.
---

diff --git a/includes/SpecialContributions.php b/includes/SpecialContributions.php
index 090725642f..ba6b280d81 100644
--- a/includes/SpecialContributions.php
+++ b/includes/SpecialContributions.php
@@ -185,11 +185,18 @@ function wfSpecialContributions( $par = null ) {
 
 	list( $options['limit'], $options['offset']) = wfCheckLimits();
 	$options['offset'] = $wgRequest->getVal( 'offset' );
-	/* Offset must be an integral, unless the db is using timestamps */
-	$dbr =& wfGetDB( DB_SLAVE );
-	if ( !strlen( $options['offset'] ) ||
-		( !$dbr->realTimestamps() && !preg_match( '/^[0-9]+$/', $options['offset'] ) ) )
-	$options['offset'] = '';
+	/* Check that the offset is valid (e.g. integer or timestamp) */
+	if ( !strlen( $options['offset'] ) )
+		$options['offset'] = '';
+	else {
+		$dbr =& wfGetDB( DB_SLAVE );
+		if ( !$dbr->realTimestamps() ) {
+			if (!preg_match( '/^[0-9]+$/', $options['offset'] ) )
+				$options['offset'] = '';
+		}
+		else if ( !preg_match( '/^[0-9\-\+: ]+$/', $options['offset'] ) )
+			$options['offset'] = '';
+	}
 
 	$title = SpecialPage::getTitleFor( 'Contributions' );
 	$options['target'] = $target;