PHP :: Bug #82016 :: usage of +- in strtotime results in unexpected output with PHP8.2

Bug #82016	usage of +- in strtotime results in unexpected output with PHP8.2
Submitted:	2023-07-27 08:26 UTC	Modified:	2023-07-27 11:14 UTC
From:	hallo at davidgreiner dot de	Assigned:
Status:	Not a bug	Package:	Date/time related
PHP Version:	8.2.8	OS:
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	hallo at davidgreiner dot de
New email:
PHP Version:		OS:

New Comment:

[2023-07-27 08:26 UTC] hallo at davidgreiner dot de

Description:
------------
Hello!

In case of strtotime is used with '+- <date/time-string>' the output differs with PHP8.2 compared to PHP8.1 

In my opionion - depending on the usage and codebase - this COULD be a security risk, thats why i am posting this here and not in the public bug tracker in github. 

Test script:
---------------
<?php

$foo = strtotime('+-2 hours');
$bar = strtotime('-2 hours');

echo '+-2 hours equals -2 hours = ' . ($foo === $bar ? 'yes' : 'no') . PHP_EOL;



Expected result:
----------------
OUTPUT with PHP8.1: +-2 hours equals -2 hours = yes

Actual result:
--------------
OUTPUT with PHP8.2: +-2 hours equals -2 hours = no

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2023-07-27 11:13 UTC] derick@php.net

-Status: Open +Status: Not a bug -Type: Security +Type: Bug -Package: *General Issues +Package: Date/time related

[2023-07-27 11:13 UTC] derick@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

This issue comes nowhere close to the requirements for this being classed as a security. As a matter of fact, this change is documented in the PHP 8.2 migration guide: https://www.php.net/manual/en/migration82.incompatible.php

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 16:01:28 2024 UTC