- Timestamp:
- Jan 26, 2019 4:36:27 AM (5 years ago)
- Location:
- trunk/lib
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/App.inc.php
r656 r657 372 372 // If the 'timezone' parameter is not set, check for a tz cookie. 373 373 if (!$this->getParam('timezone') && isset($_COOKIE['tz']) && '' != $_COOKIE['tz']) { 374 if (preg_match('! [A-Z]{3,}|\w+/\w+!', $_COOKIE['tz'])) {374 if (preg_match('!^[A-Z_/-]{3,}$!/i', $_COOKIE['tz'])) { 375 375 // Valid: tz cookie has a timezone name, like "UTC" or "America/Mexico_City". 376 376 $this->setParam(array('timezone' => $_COOKIE['tz'])); … … 378 378 // tz cookie has a timezone offset, like "-6" (assume UTC). 379 379 $tz = timezone_name_from_abbr('', $_COOKIE['tz'] * 3600, 0); 380 if ($tz && preg_match('! [A-Z]{3,}|\w+/\w+!', $tz)) {380 if ($tz && preg_match('!^[A-Z_/-]{3,}$!/i', $tz)) { 381 381 // Valid. 382 382 $this->setParam(array('timezone' => $tz)); -
trunk/lib/DB.inc.php
r654 r657 204 204 $tz = date_default_timezone_get(); 205 205 // Check that PHP is configured with a valid timezone name, e.g., "UTC" or "America/Chicago". 206 if ($app->getParam('timezone') && $app->getParam('timezone') == $tz && preg_match('! [A-Z]{3,}|\w+/\w+!', $tz)) {206 if ($app->getParam('timezone') && $app->getParam('timezone') == $tz && preg_match('!^([A-Z_/-]{3,}|[-\d:]+)$!/i' '/[A-Z_\+-]{3,}|[-\d:]+/i', $tz)) { 207 207 $this->query(sprintf("SET SESSION time_zone = '%s'", $tz)); 208 208 }
Note: See TracChangeset
for help on using the changeset viewer.