From ae422bb7482824f07315e13b8bad3b938a4e5772 Mon Sep 17 00:00:00 2001
From: Peter Rotich <peter@osticket.com>
Date: Fri, 4 Mar 2016 00:43:15 +0000
Subject: [PATCH] reports: Convert user time to database time

'strtotime' uses local timezone without taking into consideration the user's
timezone. This pull requests simply makes sure user's entered timeframe
range is converted to db time before it's used in a query.
---
 include/class.report.php        | 16 +++++++++++-----
 include/staff/dashboard.inc.php |  6 ++++--
 2 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/include/class.report.php b/include/class.report.php
index efa078001..49ee202b5 100644
--- a/include/class.report.php
+++ b/include/class.report.php
@@ -35,13 +35,19 @@ class OverviewReport {
         $start = $this->start ?: 'last month';
         $stop = $this->end ?: 'now';
 
-        $start = strtotime($start);
-
-        if (substr($stop, 0, 1) == '+')
-            $stop = strftime('%Y-%m-%d ', $start) . $stop;
+        // Convert user time to db time
+        $start = Misc::dbtime($start);
+        // Stop time can be relative.
+        if ($stop[0] == '+') {
+            // $start time + time(X days)
+            $now = time();
+            $stop = $start + (strtotime($stop, $now)-$now);
+        } else {
+            $stop = Misc::dbtime($stop);
+        }
 
         $start = 'FROM_UNIXTIME('.$start.')';
-        $stop = 'FROM_UNIXTIME('.strtotime($stop).')';
+        $stop = 'FROM_UNIXTIME('.$stop.')';
 
         return array($start, $stop);
     }
diff --git a/include/staff/dashboard.inc.php b/include/staff/dashboard.inc.php
index d75ee3ef9..0feb3f9d9 100644
--- a/include/staff/dashboard.inc.php
+++ b/include/staff/dashboard.inc.php
@@ -18,8 +18,10 @@ $plots = $report->getPlotData();
             <?php echo csrf_token(); ?>
             <label>
                 <?php echo __( 'Report timeframe'); ?>:
-                <input type="text" class="dp input-medium search-query" name="start" placeholder="<?php echo __('Last month');?>"i
-                    value="<?php echo Format::htmlchars($_POST['start']); ?>" />
+                <input type="text" class="dp input-medium search-query"
+                    name="start" placeholder="<?php echo __('Last month');?>"i
+                    value="<?php echo $_POST['start'] ?
+                    Format::htmlchars($_POST['start']) : ''; ?>" />
             </label>
             <label>
                 <?php echo __( 'period');?>:
-- 
GitLab