Changeset 657 for trunk/lib

Timestamp:

Jan 26, 2019 4:36:27 AM (5 years ago)

Author:

anonymous

Message:

Update timezone test regex to support edge cases

Location:

trunk/lib

Files:

• App.inc.php (modified) (2 diffs)
• DB.inc.php (modified) (1 diff)

trunk/lib/App.inc.php

@@ -372 +372 @@
         // If the 'timezone' parameter is not set, check for a tz cookie.
         if (!$this->getParam('timezone') && isset($_COOKIE['tz']) && '' != $_COOKIE['tz']) {
-            if (preg_match('![A-Z]{3,}|\w+/\w+!', $_COOKIE['tz'])) {
+            if (preg_match('!^[A-Z_/-]{3,}$!/i', $_COOKIE['tz'])) {
                 // Valid: tz cookie has a timezone name, like "UTC" or "America/Mexico_City".
                 $this->setParam(array('timezone' => $_COOKIE['tz']));
@@ -378 +378 @@
                 // tz cookie has a timezone offset, like "-6" (assume UTC).
                 $tz = timezone_name_from_abbr('', $_COOKIE['tz'] * 3600, 0);
-                if ($tz && preg_match('![A-Z]{3,}|\w+/\w+!', $tz)) {
+                if ($tz && preg_match('!^[A-Z_/-]{3,}$!/i', $tz)) {
                     // Valid.
                     $this->setParam(array('timezone' => $tz));

trunk/lib/DB.inc.php

@@ -204 +204 @@
         $tz = date_default_timezone_get();
         // Check that PHP is configured with a valid timezone name, e.g., "UTC" or "America/Chicago".
-        if ($app->getParam('timezone') && $app->getParam('timezone') == $tz && preg_match('![A-Z]{3,}|\w+/\w+!', $tz)) {
+        if ($app->getParam('timezone') && $app->getParam('timezone') == $tz && preg_match('!^([A-Z_/-]{3,}|[-\d:]+)$!/i' '/[A-Z_\+-]{3,}|[-\d:]+/i', $tz)) {
             $this->query(sprintf("SET SESSION time_zone = '%s'", $tz));
         }