Merge pull request #11514 from annando/issue-11508

Issue 11508: Sanitizing date fields for events and polls
This commit is contained in:
Tobias Diekershoff 2022-05-15 20:07:52 +02:00 committed by GitHub
commit 6f70d21e07
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -170,7 +170,7 @@ class Processor
} }
if (!empty($activity['question']['end-time'])) { if (!empty($activity['question']['end-time'])) {
$question['end-time'] = $activity['question']['end-time']; $question['end-time'] = DateTimeFormat::utc($activity['question']['end-time']);
} }
Post\Question::update($item['uri-id'], $question); Post\Question::update($item['uri-id'], $question);
@ -238,8 +238,12 @@ class Processor
$event['edited'] = DateTimeFormat::utc($activity['updated']); $event['edited'] = DateTimeFormat::utc($activity['updated']);
$event['summary'] = HTML::toBBCode($activity['name']); $event['summary'] = HTML::toBBCode($activity['name']);
$event['desc'] = HTML::toBBCode($activity['content']); $event['desc'] = HTML::toBBCode($activity['content']);
$event['start'] = $activity['start-time']; if (!empty($activity['start-time'])) {
$event['finish'] = $activity['end-time']; $event['start'] = DateTimeFormat::utc($activity['start-time']);
}
if (!empty($activity['end-time'])) {
$event['finish'] = DateTimeFormat::utc($activity['end-time']);
}
$event['nofinish'] = empty($event['finish']); $event['nofinish'] = empty($event['finish']);
$event['location'] = $activity['location']; $event['location'] = $activity['location'];
@ -558,8 +562,12 @@ class Processor
{ {
$event['summary'] = HTML::toBBCode($activity['name'] ?: $activity['summary']); $event['summary'] = HTML::toBBCode($activity['name'] ?: $activity['summary']);
$event['desc'] = HTML::toBBCode($activity['content']); $event['desc'] = HTML::toBBCode($activity['content']);
$event['start'] = $activity['start-time']; if (!empty($activity['start-time'])) {
$event['finish'] = $activity['end-time']; $event['start'] = DateTimeFormat::utc($activity['start-time']);
}
if (!empty($activity['end-time'])) {
$event['finish'] = DateTimeFormat::utc($activity['end-time']);
}
$event['nofinish'] = empty($event['finish']); $event['nofinish'] = empty($event['finish']);
$event['location'] = $activity['location']; $event['location'] = $activity['location'];
$event['cid'] = $item['contact-id']; $event['cid'] = $item['contact-id'];