Opened 6 years ago
Last modified 8 months ago
#48935 new enhancement
Need to Remove strtotime() usage from core
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | normal |
| Severity: | normal | Version: | 6.2 |
| Component: | Date/Time | Keywords: | has-patch dev-feedback |
| Focuses: | Cc: |
Description
strtotime() is routinely used in core for processing timezone-ambiguous input. Since it is affected by default PHP time zone setting (set by core to UTC on boot) it is also vulnerable to this setting being changed by third party code.
Related change of date() to gmdate() in 5.3 release caused some new issues, because in some places while changing default time zone broke things combination of strtotime() and date() meant things got broken by the same amount and outputs were "correct" (ignoring the fact they would be implied in absolutely different time zone from intended).
Dropping use of strtotime() in favor of date parsing with explicit time zone handling (such as DateTimeImmutable objects) is logical next step to make core insensitive to PHP time zone context.
Change History (5)
This ticket was mentioned in PR #1737 on WordPress/wordpress-develop by thijsoo.
4 years ago
#2
- Keywords has-patch added; needs-patch removed
Trac ticket: https://core.trac.wordpress.org/ticket/48935
#3
@
2 years ago
- Keywords needs-patch added; has-patch removed
- Summary changed from Remove strtotime() usage from core to Need to Remove strtotime() usage from core
- Version set to 6.2
Yes @Rarst ,
The function strtotime() is commonly utilized in the core of PHP for handling input that is ambiguous with regards to time zones. However, this function is susceptible to the default PHP time zone setting, which is initially set to UTC by the core upon boot. As a result, if third-party code modifies this setting, it can affect the behavior of strtotime().
In the 5.3 release, a switch from date() to gmdate() caused new issues because changing the default time zone caused problems with the combination of strtotime() and date(). Although the output appeared to be correct, it was actually in a completely different time zone than intended.
To mitigate this issue, it is recommended to replace the use of strtotime() with explicit time zone handling through date parsing, such as by using DateTimeImmutable objects. By doing so, the core of PHP can become less reliant on the PHP time zone context and therefore more resilient to changes in the default time zone setting.
This ticket was mentioned in PR #7724 on WordPress/wordpress-develop by @pbearne.
8 months ago
#4
- Keywords has-patch added; needs-patch removed
Replaced all instances of strtotime with DateTimeImmutable to handle date and time conversions more accurately and consistently. This change improves reliability and modernizes the date handling approach across various parts of the WordPress codebase.
#49120 was marked as a duplicate.