From 6876d19129d09da521b20ee9153bb4fb17b83e21 Mon Sep 17 00:00:00 2001 From: Peter Wilson Date: Mon, 16 Oct 2023 23:51:24 +0000 Subject: [PATCH] Options, Meta APIs: Prevent saving of invalid timezones. Prevent the saving of invalid timezone string in to the database on the options pages. If an invalid timezone is submitted it is ignored and the setting remains unchanged. This prevents a warning or fatal (depending on the PHP version) from being thrown by an invalid timezone setting on the Settings > General page. Props ankit-k-gupta, costdev, huzaifaalmesbah, mrinal013, nicolefurlan, oglekler. Fixes #58814. Built from https://develop.svn.wordpress.org/trunk@56949 git-svn-id: http://core.svn.wordpress.org/trunk@56460 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/options.php | 17 +++++++++++++++++ wp-includes/version.php | 2 +- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/wp-admin/options.php b/wp-admin/options.php index a8c7497ed8..3e2e104214 100644 --- a/wp-admin/options.php +++ b/wp-admin/options.php @@ -279,6 +279,23 @@ if ( 'update' === $action ) { // We are saving settings sent from a settings pag $_POST['gmt_offset'] = $_POST['timezone_string']; $_POST['gmt_offset'] = preg_replace( '/UTC\+?/', '', $_POST['gmt_offset'] ); $_POST['timezone_string'] = ''; + } elseif ( isset( $_POST['timezone_string'] ) && ! in_array( $_POST['timezone_string'], timezone_identifiers_list( DateTimeZone::ALL_WITH_BC ), true ) ) { + // Reset to the current value. + $current_timezone_string = get_option( 'timezone_string' ); + + if ( ! empty( $current_timezone_string ) ) { + $_POST['timezone_string'] = $current_timezone_string; + } else { + $_POST['gmt_offset'] = get_option( 'gmt_offset' ); + $_POST['timezone_string'] = ''; + } + + add_settings_error( + 'general', + 'settings_updated', + __( 'The timezone you have entered is not valid. Please select a valid timezone.' ), + 'error' + ); } // Handle translation installation. diff --git a/wp-includes/version.php b/wp-includes/version.php index 38a1358369..f3d01e2706 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -16,7 +16,7 @@ * * @global string $wp_version */ -$wp_version = '6.4-beta4-56948'; +$wp_version = '6.4-beta4-56949'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.