Options, Meta APIs: Prevent saving of invalid timezones.

Prevent the saving of invalid timezone string in to the database on the options pages. If an invalid timezone is submitted it is ignored and the setting remains unchanged. This prevents a warning or fatal (depending on the PHP version) from being thrown by an invalid timezone setting on the Settings > General page. Props ankit-k-gupta, costdev, huzaifaalmesbah, mrinal013, nicolefurlan, oglekler. Fixes #58814. git-svn-id: https://develop.svn.wordpress.org/trunk@56949 602fd350-edb4-49c9-b593-d223f7449a82
costdev · Oct 16, 2023 · c626e63 · c626e63
1 parent 6802179
commit c626e63
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 0 deletions.
diff --git a/src/wp-admin/options.php b/src/wp-admin/options.php
@@ -279,6 +279,23 @@
 			$_POST['gmt_offset']      = $_POST['timezone_string'];
 			$_POST['gmt_offset']      = preg_replace( '/UTC\+?/', '', $_POST['gmt_offset'] );
 			$_POST['timezone_string'] = '';
+		} elseif ( isset( $_POST['timezone_string'] ) && ! in_array( $_POST['timezone_string'], timezone_identifiers_list( DateTimeZone::ALL_WITH_BC ), true ) ) {
+			// Reset to the current value.
+			$current_timezone_string = get_option( 'timezone_string' );
+
+			if ( ! empty( $current_timezone_string ) ) {
+				$_POST['timezone_string'] = $current_timezone_string;
+			} else {
+				$_POST['gmt_offset']      = get_option( 'gmt_offset' );
+				$_POST['timezone_string'] = '';
+			}
+
+			add_settings_error(
+				'general',
+				'settings_updated',
+				__( 'The timezone you have entered is not valid. Please select a valid timezone.' ),
+				'error'
+			);
 		}
 
 		// Handle translation installation.

diff --git a/tests/e2e/specs/general-settings-invalid-timezone.test.js b/tests/e2e/specs/general-settings-invalid-timezone.test.js
@@ -0,0 +1,28 @@
+import { test, expect } from '@wordpress/e2e-test-utils-playwright';
+
+test.describe( 'Settings -> General', () => {
+	const invalidTimezones = [ '', '0', 'Barry/Gary' ];
+
+	for ( const invalidTimezone of invalidTimezones ) {
+		test( `Does not allow saving an invalid timezone string with "${invalidTimezone}"`, async ( { admin, page } ) => {
+			await admin.visitAdminPage( '/options-general.php' );
+
+			// Set the timezone to a valid value.
+			await page.locator( '#timezone_string' ).evaluate( timezone => timezone.value = 'Europe/Lisbon' );
+
+			// Save changes.
+			await page.locator( '#submit' ).click();
+
+			// Set the timezone to an invalid value.
+			await page.locator( '#timezone_string' ).evaluate( ( timezone, invalidTimezone ) => {
+				timezone.options[0].value = invalidTimezone;
+				timezone.value = invalidTimezone;
+			}, invalidTimezone );
+
+			// Save changes.
+			await page.locator( '#submit' ).click();
+
+			await expect( page.locator( '#timezone_string' ) ).toHaveValue( 'Europe/Lisbon' );
+		} );
+	}
+} );