Improve handling of invalid input in time zone abbreviation to TZID route

Created on 13 June 2015, over 9 years ago
Updated 31 July 2024, 5 months ago

Problem/Motivation

When passing a non-integer as the third parameter on system.timezone route, sites running PHP5 will WOSD with a PHP warning.

Steps to reproduce:

  1. Install Drupal 8 with PHP5.5+.
  2. In a browser, visit the path /system/timezone/CET/1/x

Or run this code, e.g on 3v4l.org:

timezone_name_from_abbr('AWST', 28800, 'x');

Warning is shown:

Warning: timezone_name_from_abbr() expects parameter 3 to be long, string given in Drupal\system\Controller\TimezoneController->getTimezone() (line 34 of core/modules/system/src/Controller/TimezoneController.php).

Third argument of \Drupal\system\Controller\TimezoneController::getTimezone comes directly from URL and is not checked for type.

An opportunity to fix documentation and handle requests differently if invalid data is passed in.

Vastly improve test coverage as there is very little at this point in time.

Proposed resolution

Validate input and handle errors better.

Remaining tasks

Write a patch, tests.

User interface changes

None.

API changes

Invalid requests typically won't be requested via existing Javascript (timezone.es6.js). This prevents errors with manual requests.

Data model changes

None.

🐛 Bug report
Status

Fixed

Version

9.5

Component
System 

Last updated 6 days ago

No maintainer
Created by

🇷🇺Russia Chi

Live updates comments and jobs are added and updated live.

Missing content requested by

🇦🇺Australia dpi
3 months ago
Sign in to follow issues

Comments & Activities

Production build 0.71.5 2024