Skip to:
Content

BuddyPress.org

Changeset 13444


Ignore:
Timestamp:
04/01/2023 08:19:01 AM (20 months ago)
Author:
imath
Message:

Add stricter argument format check to bp_core_time_diff()

bp_core_time_diff() calculates the time difference between 2 dates formatted as a MySql datetime string or a timestamp. To avoid PHP errors due to a plugin misusing this function, we're now making sure these 2 kinds of format are used before calculating the time difference.

Props lenasterg

Fixes #8860

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-core/bp-core-functions.php

    r13442 r13444  
    12911291    foreach ( array( 'older_date', 'newer_date' ) as $date ) {
    12921292        if ( ! $r[ $date ] ) {
     1293            $r[ $date ] = 0;
    12931294            continue;
    12941295        }
    12951296
    1296         if ( ! is_numeric( $r[ $date ] ) ) {
     1297        if ( preg_match( '/^\d{4}-\d{2}-\d{2}[ ]\d{2}:\d{2}:\d{2}$/', $r[ $date ] ) ) {
    12971298            $time_chunks = explode( ':', str_replace( ' ', ':', $r[ $date ] ) );
    12981299            $date_chunks = explode( '-', str_replace( ' ', '-', $r[ $date ] ) );
     
    13051306                (int) $date_chunks[0]
    13061307            );
     1308        } elseif ( ! is_int( $r[ $date ] ) ) {
     1309            $r[ $date ] = 0;
    13071310        }
    13081311    }
Note: See TracChangeset for help on using the changeset viewer.