From 317b4aea7b9835c5c2442f73d01b11b14c2ab5c5 Mon Sep 17 00:00:00 2001 From: JocelynDelalande Date: Sat, 17 Jan 2015 11:39:55 +0100 Subject: [PATCH] Sanitize `trim($year)` input. To avoid php warning that may lead, depending on php configuration, to tainting of the served page/request output with a php warning. --- sources/libs/icalcreator/iCalcreator.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources/libs/icalcreator/iCalcreator.class.php b/sources/libs/icalcreator/iCalcreator.class.php index 9d49f12..3f84d33 100644 --- a/sources/libs/icalcreator/iCalcreator.class.php +++ b/sources/libs/icalcreator/iCalcreator.class.php @@ -8635,7 +8635,7 @@ class iCalUtilityFunctions { $parno = iCalUtilityFunctions::_existRem( $input['params'], 'VALUE', 'DATE-TIME', $hitval, $parno ); $input['value'] = iCalUtilityFunctions::_timestamp2date( $year, $parno ); } - elseif( 8 <= strlen( trim( $year ))) { // ex. 2006-08-03 10:12:18 + elseif( is_string( $year ) && ( 8 <= strlen( trim( $year )))) { // ex. 2006-08-03 10:12:18 if( $localtime ) unset ( $month['VALUE'], $month['TZID'] ); $input['params'] = iCalUtilityFunctions::_setParams( $month, array( 'VALUE' => 'DATE-TIME' )); if( isset( $input['params']['TZID'] )) {