Add timezone validation when reading ClientTimeZoneId (#857)

claudiamurialdo · web-flow · commit bc32f1c453d4 · 2023-08-08T21:19:12.000-03:00
* Add validation of timezone when reading ClientTimeZoneId from headers and cookies.

* When reading cookie, try reading from undecoded cookie, otherwise, timezone "Etc/GMT+3" cookie value is read as "Etc/GMT 3"
diff --git a/dotnet/src/dotnetframework/GxClasses/Core/GXApplication.cs b/dotnet/src/dotnetframework/GxClasses/Core/GXApplication.cs
@@ -2319,6 +2319,20 @@ public string GetCookie(string name)
 			}
 			return cookieVal;
 		}
+		internal string GetUndecodedCookie(string name)
+		{
+			string cookieVal = string.Empty;
+			HttpCookie cookie = TryGetCookie(localCookies, name);
+			if (cookie == null && _HttpContext != null)
+			{
+				cookie = TryGetCookie(_HttpContext.Request.GetCookies(), name);
+			}
+			if (cookie != null && cookie.Value != null)
+			{
+				cookieVal = cookie.Value;
+			}
+			return cookieVal;
+		}
 
 		private HttpCookie TryGetCookie(HttpCookieCollection cookieColl, string name)
 		{
@@ -3595,9 +3609,15 @@ internal string ClientTimeZoneId
 					sTZ = (string)GetCookie(GX_REQUEST_TIMEZONE);
 					GXLogging.Debug(log, "ClientTimeZone GX_REQUEST_TIMEZONE cookie:", sTZ);
 				}
+				if (!DateTimeUtil.ValidTimeZone(sTZ))
+				{
+					sTZ = (string)GetUndecodedCookie(GX_REQUEST_TIMEZONE);
+					GXLogging.Debug(log, "Try reading undecoded ClientTimeZone GX_REQUEST_TIMEZONE cookie:", sTZ);
+				}
 				try
 				{
-					_currentTimeZoneId = String.IsNullOrEmpty(sTZ) ? DateTimeZoneProviders.Tzdb.GetSystemDefault().Id : sTZ;
+					_currentTimeZoneId = !DateTimeUtil.ValidTimeZone(sTZ) ? DateTimeZoneProviders.Tzdb.GetSystemDefault().Id : sTZ;
+
 				}
 				catch (Exception e1)
 				{
@@ -3642,14 +3662,15 @@ public String GetTimeZone()
 		public Boolean SetTimeZone(String sTZ)
 		{
 			sTZ = StringUtil.RTrim(sTZ);
-			Boolean ret = false;
+			bool ret = false;
 #if NODATIME
 			string tzId;
 			try
 			{
-				if (DateTimeZoneProviders.Tzdb[sTZ] != null)
+				DateTimeZone zone = DateTimeZoneProviders.Tzdb.GetZoneOrNull(sTZ);
+				if (zone != null)
 				{
-					tzId = DateTimeZoneProviders.Tzdb[sTZ].Id;
+					tzId = zone.Id;
 				}
 				else
 				{
diff --git a/dotnet/src/dotnetframework/GxClasses/Core/GXUtilsCommon.cs b/dotnet/src/dotnetframework/GxClasses/Core/GXUtilsCommon.cs
@@ -2430,9 +2430,9 @@ static public short CurrentOffset(IGxContext context)
 
 		static private TimeSpan CurrentOffset(string clientTimeZone)
 		{
-			DateTimeZone clientTimeZoneObj = DateTimeZoneProviders.Tzdb[clientTimeZone];
+			DateTimeZone clientTimeZoneObj = DateTimeZoneProviders.Tzdb.GetZoneOrNull(clientTimeZone);
 			if (clientTimeZoneObj == null)
-				clientTimeZoneObj = DateTimeZoneProviders.Tzdb[LocalTimeZoneId];
+				clientTimeZoneObj = DateTimeZoneProviders.Tzdb.GetZoneOrNull(LocalTimeZoneId);
 			Instant now = SystemClock.Instance.GetCurrentInstant();
 
 			try
@@ -3246,7 +3246,7 @@ private static DateTime ConvertDateTime(DateTime dt, string fromTimezone, string
 			DateTime ret = toUniversalTime(dt, fromTimezone);
 
 
-			if (string.IsNullOrEmpty(toTimezone) || DateTimeZoneProviders.Tzdb[toTimezone]==null)
+			if (!ValidTimeZone(toTimezone))
 				toTimezone = DateTimeZoneProviders.Tzdb.GetSystemDefault().Id;
 
 			if (ret < OlsonMinTime)
@@ -3260,6 +3260,11 @@ private static DateTime ConvertDateTime(DateTime dt, string fromTimezone, string
 			}
 			return dtconverted.AddMilliseconds(milliSeconds);
 		}
+		internal static bool ValidTimeZone(string timeZone)
+		{
+			return !string.IsNullOrEmpty(timeZone) && DateTimeZoneProviders.Tzdb.GetZoneOrNull(timeZone) != null;
+		}
+
 		internal static DateTime Local2DBserver(DateTime dt, string clientTimezone)
 		{
 			try
@@ -3562,7 +3567,10 @@ static public DateTime toUniversalTime(DateTime dt, IGxContext context)
 		static public DateTime FromTimeZone(DateTime dt, String sTZ, IGxContext context)
 		{
 #if NODATIME
-			return ConvertDateTime(dt, sTZ, context.GetTimeZone());
+			if (ValidTimeZone(sTZ))
+				return ConvertDateTime(dt, sTZ, context.GetTimeZone());
+			else
+				return dt;
 #else
 			OlsonTimeZone fromTimeZone = TimeZoneUtil.GetInstanceFromOlsonName(sTZ);
 			if (fromTimeZone != null)
diff --git a/dotnet/test/DotNetUnitTest/Domain/TimeZoneTest.cs b/dotnet/test/DotNetUnitTest/Domain/TimeZoneTest.cs
@@ -1,4 +1,5 @@
 using System;
+using GeneXus.Application;
 using GeneXus.Utils;
 using TZ4Net;
 using Xunit;

Original file line number	Diff line number	Diff line change
`@@ -2319,6 +2319,20 @@ public string GetCookie(string name)`
`2319`	`2319`	`}`
`2320`	`2320`	`return cookieVal;`
`2321`	`2321`	`}`
	`2322`	`+ internal string GetUndecodedCookie(string name)`
	`2323`	`+ {`
	`2324`	`+ string cookieVal = string.Empty;`
	`2325`	`+ HttpCookie cookie = TryGetCookie(localCookies, name);`
	`2326`	`+ if (cookie == null && _HttpContext != null)`
	`2327`	`+ {`
	`2328`	`+ cookie = TryGetCookie(_HttpContext.Request.GetCookies(), name);`
	`2329`	`+ }`
	`2330`	`+ if (cookie != null && cookie.Value != null)`
	`2331`	`+ {`
	`2332`	`+ cookieVal = cookie.Value;`
	`2333`	`+ }`
	`2334`	`+ return cookieVal;`
	`2335`	`+ }`
`2322`	`2336`
`2323`	`2337`	`private HttpCookie TryGetCookie(HttpCookieCollection cookieColl, string name)`
`2324`	`2338`	`{`
`@@ -3595,9 +3609,15 @@ internal string ClientTimeZoneId`
`3595`	`3609`	`sTZ = (string)GetCookie(GX_REQUEST_TIMEZONE);`
`3596`	`3610`	`GXLogging.Debug(log, "ClientTimeZone GX_REQUEST_TIMEZONE cookie:", sTZ);`
`3597`	`3611`	`}`
	`3612`	`+ if (!DateTimeUtil.ValidTimeZone(sTZ))`
	`3613`	`+ {`
	`3614`	`+ sTZ = (string)GetUndecodedCookie(GX_REQUEST_TIMEZONE);`
	`3615`	`+ GXLogging.Debug(log, "Try reading undecoded ClientTimeZone GX_REQUEST_TIMEZONE cookie:", sTZ);`
	`3616`	`+ }`
`3598`	`3617`	`try`
`3599`	`3618`	`{`
`3600`		`- _currentTimeZoneId = String.IsNullOrEmpty(sTZ) ? DateTimeZoneProviders.Tzdb.GetSystemDefault().Id : sTZ;`
	`3619`	`+ _currentTimeZoneId = !DateTimeUtil.ValidTimeZone(sTZ) ? DateTimeZoneProviders.Tzdb.GetSystemDefault().Id : sTZ;`
	`3620`	`+`
`3601`	`3621`	`}`
`3602`	`3622`	`catch (Exception e1)`
`3603`	`3623`	`{`
`@@ -3642,14 +3662,15 @@ public String GetTimeZone()`
`3642`	`3662`	`public Boolean SetTimeZone(String sTZ)`
`3643`	`3663`	`{`
`3644`	`3664`	`sTZ = StringUtil.RTrim(sTZ);`
`3645`		`- Boolean ret = false;`
	`3665`	`+ bool ret = false;`
`3646`	`3666`	`#if NODATIME`
`3647`	`3667`	`string tzId;`
`3648`	`3668`	`try`
`3649`	`3669`	`{`
`3650`		`- if (DateTimeZoneProviders.Tzdb[sTZ] != null)`
	`3670`	`+ DateTimeZone zone = DateTimeZoneProviders.Tzdb.GetZoneOrNull(sTZ);`
	`3671`	`+ if (zone != null)`
`3651`	`3672`	`{`
`3652`		`- tzId = DateTimeZoneProviders.Tzdb[sTZ].Id;`
	`3673`	`+ tzId = zone.Id;`
`3653`	`3674`	`}`
`3654`	`3675`	`else`
`3655`	`3676`	`{`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`using System;`
	`2`	`+using GeneXus.Application;`
`2`	`3`	`using GeneXus.Utils;`
`3`	`4`	`using TZ4Net;`
`4`	`5`	`using Xunit;`