PHP :: Bug #78984 :: DateTimeZone accepting invalid UTC timezones

Bug #78984

DateTimeZone accepting invalid UTC timezones

Submitted:

2019-12-17 19:14 UTC

Modified:

2021-08-19 15:08 UTC

Votes:	1
Avg. Score:	3.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

eu+php at redrat dot com dot br

Assigned:

derick (profile)

Status:

Closed

Package:

Date/time related

PHP Version:

7.4.0

OS:

Linux

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	eu+php at redrat dot com dot br
New email:
PHP Version:		OS:

New Comment:

[2019-12-17 19:14 UTC] eu+php at redrat dot com dot br

Description:
------------
Today, object \DateTimeZone accepts various timezone format in your construct. One option to instantiate this is using UTC formats like "-3" or "+5", but today UTC have only timezone between -12 and +12 and construct is accepting any number, like in test script.

Expected result if you define invalid UTC timezone is fatal error, like when you set other unknown or bad timezone, as described in php_date.c#L3484, but today this object is accepting any integer value and causes mistakes in date time operations.

Test script:
---------------
<?php

var_dump(
    new \DateTimeZone('-3'),
    new \DateTimeZone('+3'),
    new \DateTimeZone('+30157')
);

Expected result:
----------------
Fatal error: Uncaught Exception: DateTimeZone::__construct(): Unknown or bad timezone (+30157) in %script%

Actual result:
--------------
object(DateTimeZone)#1 (2) {
  ["timezone_type"]=>
  int(1)
  ["timezone"]=>
  string(6) "-03:00"
}
object(DateTimeZone)#2 (2) {
  ["timezone_type"]=>
  int(1)
  ["timezone"]=>
  string(6) "+03:00"
}
object(DateTimeZone)#3 (2) {
  ["timezone_type"]=>
  int(1)
  ["timezone"]=>
  string(9) "+30157eZ"
}

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2019-12-17 20:24 UTC] geekcom@php.net

-Assigned To: +Assigned To: geekcom

[2019-12-17 20:24 UTC] geekcom@php.net

-Assigned To: geekcom +Assigned To:

[2019-12-17 23:12 UTC] carusogabriel@php.net

Looks like this was a feature request: #45528

Introduced via https://github.com/php/php-src/commit/d676396435.

[2020-01-20 17:09 UTC] girgias@php.net

-Assigned To: +Assigned To: derick

[2020-02-20 08:06 UTC] a at b dot c dot de

"but today UTC have only timezone between -12 and +12 and construct is accepting any number"

In fixing this, remember that '+1345' is a legitimate UTC offset that is in actual use (Chatham Islands Daylight Saving).

[2021-08-18 19:31 UTC] derick@php.net

This is fixed for PHP 8 and later.

[2021-08-19 15:08 UTC] derick@php.net

-Status: Assigned +Status: Closed

[2021-08-19 15:08 UTC] derick@php.net

The fix for this bug has been committed.
If you are still experiencing this bug, try to check out latest source from https://github.com/php/php-src and re-test.
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 18 09:01:27 2024 UTC