Admin: Security: Fix issue when date field is not complete (unknown historical reason) - refs BT#21146 #4960

ywarnier · ywarnier · commit 79856c329d3d · 2023-11-14T17:11:14.000+01:00
diff --git a/main/inc/lib/usermanager.lib.php b/main/inc/lib/usermanager.lib.php
@@ -7736,19 +7736,20 @@ public static function redirectToResetPassword($userId)
             );
 
             if (empty($lastUpdate) or empty($lastUpdate['password_updated_at'])) {
-                error_log('No password_updated_at');
                 $userObj = api_get_user_entity($userId);
                 $registrationDate = $userObj->getRegistrationDate();
                 $now = new \DateTime(null, new DateTimeZone('UTC'));
                 $interval = $now->diff($registrationDate);
                 $daysSince = $interval->format('%a');
-                error_log('Days since registration: '.$daysSince);
                 if ($daysSince > $forceRotateDays) {
-                    error_log('We need to force reset');
                     $forceRotate = true;
                 }
             } else {
                 $now = new \DateTime(null, new DateTimeZone('UTC'));
+                // In some cases, old records might contain an incomplete Y-m-d H:i:s format
+                if (strlen($lastUpdate['password_updated_at']) == 16) {
+                    $lastUpdate['password_updated_at'] .= ':00';
+                }
                 $date = \DateTime::createFromFormat('Y-m-d H:i:s', $lastUpdate['password_updated_at'], new DateTimeZone('UTC'));
                 $interval = $now->diff($date);
                 $daysSince = $interval->format('%a');
