Skip to:
Content

bbPress.org


Ignore:
Timestamp:
09/05/2018 05:14:48 PM (6 years ago)
Author:
johnjamesjacoby
Message:

Formatting: update bbp_get_time_since() to accept MySQL formatted string in older & newer dates.

Also cast values to int using intval() to ensure math always works, without notices or errors.

This change adds a bit more validation on potentially untrusted values.

See #3216.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/includes/common/formatting.php

    r6784 r6861  
    640640        );
    641641
     642        // Attempt to parse non-numeric older date
    642643        if ( ! empty( $older_date ) && ! is_numeric( $older_date ) ) {
    643644            $time_chunks = explode( ':', str_replace( ' ', ':', $older_date ) );
     
    646647        }
    647648
    648         // $newer_date will equal false if we want to know the time elapsed
    649         // between a date and the current time. $newer_date will have a value if
    650         // we want to work out time elapsed between two known dates.
    651         $newer_date = ( ! $newer_date ) ? strtotime( current_time( 'mysql', $gmt ) ) : $newer_date;
     649        // Attempt to parse non-numeric newer date
     650        if ( ! empty( $newer_date ) && ! is_numeric( $newer_date ) ) {
     651            $time_chunks = explode( ':', str_replace( ' ', ':', $newer_date ) );
     652            $date_chunks = explode( '-', str_replace( ' ', '-', $newer_date ) );
     653            $newer_date  = gmmktime( (int) $time_chunks[1], (int) $time_chunks[2], (int) $time_chunks[3], (int) $date_chunks[1], (int) $date_chunks[2], (int) $date_chunks[0] );
     654        }
     655
     656        // Set newer date to current time
     657        if ( empty( $newer_date ) ) {
     658            $newer_date = strtotime( current_time( 'mysql', $gmt ) );
     659        }
     660
     661        // Cast both dates to ints to avoid notices & errors with invalid values
     662        $newer_date = intval( $newer_date );
     663        $older_date = intval( $older_date );
    652664
    653665        // Difference in seconds
    654         $since = $newer_date - $older_date;
     666        $since = intval( $newer_date - $older_date );
    655667
    656668        // Something went wrong with date calculation and we ended up with a negative date.
Note: See TracChangeset for help on using the changeset viewer.