From 6b7da88b0b21b6e69fa0d1c9f70b2e32e101195f Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Wed, 4 Jan 2023 17:52:02 +0100
Subject: [PATCH] Validate user timezone given from login data before saving it

Follow-up to #36000

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 lib/private/Authentication/Login/SetUserTimezoneCommand.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/private/Authentication/Login/SetUserTimezoneCommand.php b/lib/private/Authentication/Login/SetUserTimezoneCommand.php
index b18851e61fa..57859b032b6 100644
--- a/lib/private/Authentication/Login/SetUserTimezoneCommand.php
+++ b/lib/private/Authentication/Login/SetUserTimezoneCommand.php
@@ -43,7 +43,7 @@ class SetUserTimezoneCommand extends ALoginCommand {
 	}
 
 	public function process(LoginData $loginData): LoginResult {
-		if ($loginData->getTimeZoneOffset() !== '') {
+		if ($loginData->getTimeZoneOffset() !== '' && $this->isValidTimezone($loginData->getTimeZone())) {
 			$this->config->setUserValue(
 				$loginData->getUser()->getUID(),
 				'core',
@@ -58,4 +58,8 @@ class SetUserTimezoneCommand extends ALoginCommand {
 
 		return $this->processNextOrFinishSuccessfully($loginData);
 	}
+
+	private function isValidTimezone(?string $value): bool {
+		return $value && in_array($value, \DateTimeZone::listIdentifiers());
+	}
 }