Improve handling of invalid input in time zone abbreviation to TZID route

Created on 13 June 2015, about 9 years ago
Updated 30 March 2023, about 1 year ago

Problem/Motivation

When passing a non-integer as the third parameter on system.timezone route, sites running PHP5 will WOSD with a PHP warning.

Steps to reproduce:

  1. Install Drupal 8 with PHP5.5+.
  2. In a browser, visit the path /system/timezone/CET/1/x

Or run this code, e.g on 3v4l.org:

timezone_name_from_abbr('AWST', 28800, 'x');

Warning is shown:

Warning: timezone_name_from_abbr() expects parameter 3 to be long, string given in Drupal\system\Controller\TimezoneController->getTimezone() (line 34 of core/modules/system/src/Controller/TimezoneController.php).

Third argument of \Drupal\system\Controller\TimezoneController::getTimezone comes directly from URL and is not checked for type.

An opportunity to fix documentation and handle requests differently if invalid data is passed in.

Vastly improve test coverage as there is very little at this point in time.

Proposed resolution

Validate input and handle errors better.

Remaining tasks

Write a patch, tests.

User interface changes

None.

API changes

Invalid requests typically won't be requested via existing Javascript (timezone.es6.js). This prevents errors with manual requests.

Data model changes

None.

πŸ› Bug report
Status

Fixed

Version

9.5

Component
SystemΒ  β†’

Last updated 2 days ago

No maintainer
Created by

πŸ‡·πŸ‡ΊRussia Chi

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.69.0 2024