Ticket #2149: 2149-post.php.patch

File 2149-post.php.patch, 1.6 kB (added by pishmishy, 8 months ago)
Extra validation of date input

wp-admin/includes/post.php

old	new
81	81	$hh = $_POST['hh'];
82	82	$mn = $_POST['mn'];
83	83	$ss = $_POST['ss'];
	84	// Adjust year for limits of MySQL's DATETIME type
	85	// (http://dev.mysql.com/doc/refman/4.1/en/datetime.html)
	86	$aa = ($aa < 1000) ? 1000 : $aa;
	87	$aa = ($aa > 9999) ? 9999 : $aa;
	88	// Further adjustments, to make sure that adjustments
	89	// with time offset don't push date's outside of MySQL's
	90	// DATETIME type.
	91	if ($aa == 1000 && $jj == 1 && $mm ==1 && $hh < 12) {
	92	$hh = 12;
	93	$mn = 00;
	94	$ss = 00;
	95	}
	96	if ($aa == 9999 && $jj == 31 && $mm ==12 && $hh >= 12) {
	97	$hh = 12;
	98	$mn = 00;
	99	$ss = 00;
	100	}
84	101	$jj = ($jj > 31 ) ? 31 : $jj;
85	102	$hh = ($hh > 23 ) ? $hh -24 : $hh;
86	103	$mn = ($mn > 59 ) ? $mn -60 : $mn;
…	…
288	305	$hh = $_POST['hh'];
289	306	$mn = $_POST['mn'];
290	307	$ss = $_POST['ss'];
	308	// Adjust year for limits of MySQL's DATETIME type
	309	// (http://dev.mysql.com/doc/refman/4.1/en/datetime.html)
	310	$aa = ($aa < 1000) ? 1000 : $aa;
	311	$aa = ($aa > 9999) ? 9999 : $aa;
	312	// Further adjustments, to make sure that adjustments
	313	// with time offset don't push date's outside of MySQL's
	314	// DATETIME type.
	315	if ($aa == 1000 && $jj == 1 && $mm ==1 && $hh < 12) {
	316	$hh = 12;
	317	$mn = 00;
	318	$ss = 00;
	319	}
	320	if ($aa == 9999 && $jj == 31 && $mm ==12 && $hh >= 12) {
	321	$hh = 12;
	322	$mn = 00;
	323	$ss = 00;
	324	}
291	325	$jj = ($jj > 31 ) ? 31 : $jj;
292	326	$hh = ($hh > 23 ) ? $hh -24 : $hh;
293	327	$mn = ($mn > 59 ) ? $mn -60 : $mn;