From 000fc1fbf5f979a9ee7dc0b60fa5da24fb6f005d Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Thu, 6 Jul 2006 17:28:57 +0000 Subject: [PATCH] * (bug 6566) Improve input validation on timestamp conversion $ matches trailing newline without D set. gmdate whines more about the value passed to it, so for Unix-timestamp-y things it would dump out a notice. Added D to regexes to be a little more anal about valid input. --- RELEASE-NOTES | 1 + includes/GlobalFunctions.php | 10 +++++----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 2a129dc0ed..3d7146c03b 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -651,6 +651,7 @@ Some default configuration options have changed: * Update to Catalan translation (ca) * (bug 6560) Avoid PHP notice when trimming ISBN whitespace * Added namespace translation to Kannada (ka) +* (bug 6566) Improve input validation on timestamp conversion == Compatibility == diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php index 8b8d57a8e3..e2033486cc 100644 --- a/includes/GlobalFunctions.php +++ b/includes/GlobalFunctions.php @@ -1306,21 +1306,21 @@ function wfTimestamp($outputtype=TS_UNIX,$ts=0) { $da = array(); if ($ts==0) { $uts=time(); - } elseif (preg_match("/^(\d{4})\-(\d\d)\-(\d\d) (\d\d):(\d\d):(\d\d)$/",$ts,$da)) { + } elseif (preg_match("/^(\d{4})\-(\d\d)\-(\d\d) (\d\d):(\d\d):(\d\d)$/D",$ts,$da)) { # TS_DB $uts=gmmktime((int)$da[4],(int)$da[5],(int)$da[6], (int)$da[2],(int)$da[3],(int)$da[1]); - } elseif (preg_match("/^(\d{4}):(\d\d):(\d\d) (\d\d):(\d\d):(\d\d)$/",$ts,$da)) { + } elseif (preg_match("/^(\d{4}):(\d\d):(\d\d) (\d\d):(\d\d):(\d\d)$/D",$ts,$da)) { # TS_EXIF $uts=gmmktime((int)$da[4],(int)$da[5],(int)$da[6], (int)$da[2],(int)$da[3],(int)$da[1]); - } elseif (preg_match("/^(\d{4})(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)$/",$ts,$da)) { + } elseif (preg_match("/^(\d{4})(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)$/D",$ts,$da)) { # TS_MW $uts=gmmktime((int)$da[4],(int)$da[5],(int)$da[6], (int)$da[2],(int)$da[3],(int)$da[1]); - } elseif (preg_match("/^(\d{1,13})$/",$ts,$datearray)) { + } elseif (preg_match("/^(\d{1,13})$/D",$ts,$datearray)) { # TS_UNIX - $uts=$ts; + $uts = $ts; } elseif (preg_match('/^(\d{1,2})-(...)-(\d\d(\d\d)?) (\d\d)\.(\d\d)\.(\d\d)/', $ts, $da)) { # TS_ORACLE $uts = strtotime(preg_replace('/(\d\d)\.(\d\d)\.(\d\d)(\.(\d+))?/', "$1:$2:$3", -- 2.20.1