Make WordPress Core

Changeset 18323


Ignore:
Timestamp:
06/20/2011 02:58:50 PM (13 years ago)
Author:
westi
Message:

Ensure we have a valid timezone identifier before trying to use it.
Validate the new timezone identifier during option update.
Fixes #17840.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/options-general.php

    r17748 r18323  
    163163</select>
    164164
    165     <span id="utc-time"><?php printf(__('<abbr title="Coordinated Universal Time">UTC</abbr> time is <code>%s</code>'), date_i18n($timezone_format, false, 'gmt')); ?></span>
     165    <span id="utc-time"><?php printf(__('<abbr title="Coordinated Universal Time">UTC</abbr> time is <code>%s</code>'), date_i18n($timezone_format, false, 'gmt')); ?></span>
    166166<?php if ( get_option('timezone_string') || !empty($current_offset) ) : ?>
    167167    <span id="local-time"><?php printf(__('Local time is <code>%1$s</code>'), date_i18n($timezone_format)); ?></span>
     
    183183    <br />
    184184    <?php
    185     if ( function_exists('timezone_transitions_get') ) {
     185    $allowed_zones = timezone_identifiers_list();
     186   
     187    if ( in_array( $tzstring, $allowed_zones) ) {
    186188        $found = false;
    187189        $date_time_zone_selected = new DateTimeZone($tzstring);
  • trunk/wp-includes/formatting.php

    r18159 r18323  
    25222522            break;
    25232523
     2524        case 'timezone_string':
     2525            $allowed_zones = timezone_identifiers_list();
     2526            if ( ! in_array( $value, $allowed_zones ) && ! empty( $value ) ) {
     2527                $value = get_option( $option ); // Resets option to stored value in the case of failed sanitization
     2528                if ( function_exists('add_settings_error') )
     2529                    add_settings_error('timezone_string', 'invalid_timezone_string', __('The timezone you have entered is not valid. Please select a valid timezone.') );
     2530            }
     2531            break;
     2532
    25242533        default :
    25252534            $value = apply_filters("sanitize_option_{$option}", $value, $option);
Note: See TracChangeset for help on using the changeset viewer.