Make WordPress Core

Opened 5 years ago

Last modified 3 months ago

#48935 new enhancement

Need to Remove strtotime() usage from core

Reported by: rarst's profile Rarst Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 6.2
Component: Date/Time Keywords: has-patch dev-feedback
Focuses: Cc:

Description

strtotime() is routinely used in core for processing timezone-ambiguous input. Since it is affected by default PHP time zone setting (set by core to UTC on boot) it is also vulnerable to this setting being changed by third party code.

Related change of date() to gmdate() in 5.3 release caused some new issues, because in some places while changing default time zone broke things combination of strtotime() and date() meant things got broken by the same amount and outputs were "correct" (ignoring the fact they would be implied in absolutely different time zone from intended).

Dropping use of strtotime() in favor of date parsing with explicit time zone handling (such as DateTimeImmutable objects) is logical next step to make core insensitive to PHP time zone context.

Change History (5)

#1 @Rarst
5 years ago

#49120 was marked as a duplicate.

This ticket was mentioned in PR #1737 on WordPress/wordpress-develop by thijsoo.


3 years ago
#2

  • Keywords has-patch added; needs-patch removed

#3 @rajanpanchal2028
22 months ago

  • Keywords needs-patch added; has-patch removed
  • Summary changed from Remove strtotime() usage from core to Need to Remove strtotime() usage from core
  • Version set to 6.2

Yes @Rarst ,
The function strtotime() is commonly utilized in the core of PHP for handling input that is ambiguous with regards to time zones. However, this function is susceptible to the default PHP time zone setting, which is initially set to UTC by the core upon boot. As a result, if third-party code modifies this setting, it can affect the behavior of strtotime().

In the 5.3 release, a switch from date() to gmdate() caused new issues because changing the default time zone caused problems with the combination of strtotime() and date(). Although the output appeared to be correct, it was actually in a completely different time zone than intended.

To mitigate this issue, it is recommended to replace the use of strtotime() with explicit time zone handling through date parsing, such as by using DateTimeImmutable objects. By doing so, the core of PHP can become less reliant on the PHP time zone context and therefore more resilient to changes in the default time zone setting.

This ticket was mentioned in PR #7724 on WordPress/wordpress-develop by @pbearne.


3 months ago
#4

  • Keywords has-patch added; needs-patch removed

Replaced all instances of strtotime with DateTimeImmutable to handle date and time conversions more accurately and consistently. This change improves reliability and modernizes the date handling approach across various parts of the WordPress codebase.

#5 @pbearne
3 months ago

  • Keywords dev-feedback added; needs-unit-tests removed

refreshed patch

Note: See TracTickets for help on using tickets.