From 47666dd8ed8fafc5a9dffab4becab6e76902f67e Mon Sep 17 00:00:00 2001
From: Greg Sabino Mullane <greg@users.mediawiki.org>
Date: Wed, 29 Nov 2006 14:05:52 +0000
Subject: [PATCH] Check for valid timestamp input, thanks to Brion for pointing
 this out.

---
 includes/SpecialContributions.php | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/includes/SpecialContributions.php b/includes/SpecialContributions.php
index 090725642f..ba6b280d81 100644
--- a/includes/SpecialContributions.php
+++ b/includes/SpecialContributions.php
@@ -185,11 +185,18 @@ function wfSpecialContributions( $par = null ) {
 
 	list( $options['limit'], $options['offset']) = wfCheckLimits();
 	$options['offset'] = $wgRequest->getVal( 'offset' );
-	/* Offset must be an integral, unless the db is using timestamps */
-	$dbr =& wfGetDB( DB_SLAVE );
-	if ( !strlen( $options['offset'] ) ||
-		( !$dbr->realTimestamps() && !preg_match( '/^[0-9]+$/', $options['offset'] ) ) )
-	$options['offset'] = '';
+	/* Check that the offset is valid (e.g. integer or timestamp) */
+	if ( !strlen( $options['offset'] ) )
+		$options['offset'] = '';
+	else {
+		$dbr =& wfGetDB( DB_SLAVE );
+		if ( !$dbr->realTimestamps() ) {
+			if (!preg_match( '/^[0-9]+$/', $options['offset'] ) )
+				$options['offset'] = '';
+		}
+		else if ( !preg_match( '/^[0-9\-\+: ]+$/', $options['offset'] ) )
+			$options['offset'] = '';
+	}
 
 	$title = SpecialPage::getTitleFor( 'Contributions' );
 	$options['target'] = $target;
-- 
2.20.1