Make WordPress Core

Changeset 56949


Ignore:
Timestamp:
10/16/2023 11:49:10 PM (14 months ago)
Author:
peterwilsoncc
Message:

Options, Meta APIs: Prevent saving of invalid timezones.

Prevent the saving of invalid timezone string in to the database on the options pages. If an invalid timezone is submitted it is ignored and the setting remains unchanged.

This prevents a warning or fatal (depending on the PHP version) from being thrown by an invalid timezone setting on the Settings > General page.

Props ankit-k-gupta, costdev, huzaifaalmesbah, mrinal013, nicolefurlan, oglekler.
Fixes #58814.

Location:
trunk
Files:
1 added
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/options.php

    r56570 r56949  
    280280            $_POST['gmt_offset']      = preg_replace( '/UTC\+?/', '', $_POST['gmt_offset'] );
    281281            $_POST['timezone_string'] = '';
     282        } elseif ( isset( $_POST['timezone_string'] ) && ! in_array( $_POST['timezone_string'], timezone_identifiers_list( DateTimeZone::ALL_WITH_BC ), true ) ) {
     283            // Reset to the current value.
     284            $current_timezone_string = get_option( 'timezone_string' );
     285
     286            if ( ! empty( $current_timezone_string ) ) {
     287                $_POST['timezone_string'] = $current_timezone_string;
     288            } else {
     289                $_POST['gmt_offset']      = get_option( 'gmt_offset' );
     290                $_POST['timezone_string'] = '';
     291            }
     292
     293            add_settings_error(
     294                'general',
     295                'settings_updated',
     296                __( 'The timezone you have entered is not valid. Please select a valid timezone.' ),
     297                'error'
     298            );
    282299        }
    283300
Note: See TracChangeset for help on using the changeset viewer.