Custom time/date formats

32OrtonEdge32dh · 2016-10-26 22:47:30

I have no idea at all if it's possible but if we could create our own using hh, mm, ss, dd, yyyy, etc. that'd be cool. Like "Mmm". "dd", "yyyy" at "hh":"mm":"ss" "tt" would be Oct. 26, 2016 at 5:47:35 PM

Or boxes like BBCode but with different month/day/time formats to mix and match like this:

Ratburntro44 · 2016-10-27 01:02:32

I don't have time to look through FluxBB itself right now but this is probably plenty doable with php's date function. Not sure about errors though so it might be necessary to add extra validation for this option. Good luck diff.

hummerz5 · 2016-10-27 01:04:45

Ratburntro44 wrote:

I don't have time to look through FluxBB itself right now but this is probably plenty doable with php's date function. Not sure about errors though so it might be necessary to add extra validation for this option. Good luck diff.

is it possible to do like try/catch for all potential errors and just set the user's custom datestring if they clean scot-free? Guess it becomes the user's fault if they do something incoherent

Ratburntro44 · 2016-10-27 01:06:53

perhaps, but when it comes to php the concerning errors tend to not work quite that conveniently

hummerz5

Kaslai · 2016-10-27 01:18:27

Supporting http://strftime.net/ would be nice

Ratburntro44

SirJosh3917 · 2016-10-27 01:22:30

but what if i use my date time format for shell injection

Ratburntro44 · 2016-10-27 01:36:01

fluxbb has a db escape function used for ****, so for database there's no reason for this to be more of a vulnerability than any other custom text unless diff messes up, the only worry should be an issue with the function itself unless I am messing up a lot by not thinking of something right now

hummerz5 · 2016-10-27 01:42:52

ninjasupeatsninja wrote:

but what if i use my date time format for shell injection

well I mean I'll be honest and say I've never heard of that. I'll further my honesty and say if it was or was not a thing, my expertise is not expansive enough to call you out on that. Google says that's not a thing, though.

but yeah. kinda like rat(burn(tro)) said... seems like diff would be apt for the task... something something seashells (thanks EB)

SirJosh3917 · 2016-10-27 01:56:20

hummerz5 wrote:

well I mean I'll be honest and say I've never heard of that.

shell -> leet php code to do whatever you want including destroy the pc of the server
( which happened to me yeay )

hummerz5 · 2016-10-27 01:56:55

no no I get that

what's the story about the Date function being the issue here?

SirJosh3917 · 2016-10-27 02:01:23

oh well i mean for date format if you just plain old have

date("blah blah blah $userinput");

or date("blah blah blah " . $userinput . ");

or something you could theoretically do

");

//INSERT SHELL
echo "shell";

echo date("aaaa

or something like

"x");

//INSERT SHELL
echo "shell";

echo date("a"

if website is not secure enough.
obv this won't be an issue as the forums havn't been hacked yet by these text boxes

hummerz5 · 2016-10-27 02:04:07

well, rest assured this list does not include the rather commonly-known "Date" function... nor does the PHP documentation warn against code injection

Different55 · 2016-10-27 04:01:14

Might be possible. IIRC the forums have a hardcoded array of time/date formats and each user has a number that matches up with an entry in that array, which is then fed into the date format probably. Don't see why we couldn't cut out the middle man there.

ninjasupeatsninja wrote:

oh well i mean for date format if you just plain old have
date("blah blah blah $userinput");
or date("blah blah blah " . $userinput . ");
or something you could theoretically do
");

//INSERT SHELL
echo "shell";

echo date("aaaa
or something like
"x");

//INSERT SHELL
echo "shell";

echo date("a"
if website is not secure enough.
obv this won't be an issue as the forums havn't been hacked yet by these text boxes

As long as I don't go full retard and try to grab the date from something like shell_exec('date +'.$dateformat); we should be good to go.

32OrtonEdge32dh, hummerz5, SirJosh3917

Official Everybody Edits Forums

#1 2016-10-26 22:47:30

Custom time/date formats

#2 2016-10-27 01:02:32

Re: Custom time/date formats

#3 2016-10-27 01:04:45

Re: Custom time/date formats

#4 2016-10-27 01:06:53

Re: Custom time/date formats

#5 2016-10-27 01:18:27

Re: Custom time/date formats

#6 2016-10-27 01:22:30

Re: Custom time/date formats

#7 2016-10-27 01:36:01

Re: Custom time/date formats

#8 2016-10-27 01:42:52, last edited by hummerz5 (2016-10-27 01:47:12)

Re: Custom time/date formats

#9 2016-10-27 01:56:20

Re: Custom time/date formats

#10 2016-10-27 01:56:55

Re: Custom time/date formats

#11 2016-10-27 02:01:23

Re: Custom time/date formats

#12 2016-10-27 02:04:07

Re: Custom time/date formats

#13 2016-10-27 04:01:14, last edited by Different55 (2016-10-27 04:03:59)

Re: Custom time/date formats

Board footer