From 85470f11ca579bda756859fa518b77b8b341eddf Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Thu, 25 Feb 2021 10:04:04 +0100
Subject: [eventlog/main] Fix possible overflow in query

This would break on clock skew where timestamps in
the DB lie in the future.
---
 modules-available/eventlog/hooks/cron.inc.php | 4 ++--
 modules-available/main/hooks/cron.inc.php     | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules-available/eventlog/hooks/cron.inc.php b/modules-available/eventlog/hooks/cron.inc.php
index 027acf87..180bafd3 100644
--- a/modules-available/eventlog/hooks/cron.inc.php
+++ b/modules-available/eventlog/hooks/cron.inc.php
@@ -1,5 +1,5 @@
 <?php
 
 if (mt_rand(1, 10) === 1) {
-	Database::exec("DELETE FROM eventlog WHERE (UNIX_TIMESTAMP() - dateline) > 86400 * 190");
-}
\ No newline at end of file
+	Database::exec("DELETE FROM eventlog WHERE (UNIX_TIMESTAMP() - 86400 * 190) > dateline");
+}
diff --git a/modules-available/main/hooks/cron.inc.php b/modules-available/main/hooks/cron.inc.php
index bab27287..89c91fcc 100644
--- a/modules-available/main/hooks/cron.inc.php
+++ b/modules-available/main/hooks/cron.inc.php
@@ -8,7 +8,7 @@ case 3:
 	Database::exec("DELETE FROM property WHERE dateline <> 0 AND dateline < UNIX_TIMESTAMP()");
 	break;
 case 4:
-	Database::exec("DELETE FROM callback WHERE (UNIX_TIMESTAMP() - dateline) > 86400");
+	Database::exec("DELETE FROM callback WHERE (UNIX_TIMESTAMP() - 86400) > dateline");
 	break;
 }
 
-- 
cgit v1.2.3-55-g7522