Ignore invalid expires attributes in cookies.

Refs #12269
cakephp · Jun 26, 2018 · 4279295 · 4279295
1 parent 2341c3c
commit 4279295
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 5 deletions.
diff --git a/src/Http/Cookie/CookieCollection.php b/src/Http/Cookie/CookieCollection.php
@@ -17,6 +17,7 @@
 use Countable;
 use DateTimeImmutable;
 use DateTimeZone;
+use Exception;
 use InvalidArgumentException;
 use IteratorAggregate;
 use Psr\Http\Message\RequestInterface;
@@ -369,11 +370,15 @@ protected static function parseSetCookieHeader($values)
                     $cookie[$key] = $value;
                 }
             }
-            $expires = null;
-            if ($cookie['max-age'] !== null) {
-                $expires = new DateTimeImmutable('@' . (time() + $cookie['max-age']));
-            } elseif ($cookie['expires']) {
-                $expires = new DateTimeImmutable('@' . strtotime($cookie['expires']));
+            try {
+                $expires = null;
+                if ($cookie['max-age'] !== null) {
+                    $expires = new DateTimeImmutable('@' . (time() + $cookie['max-age']));
+                } elseif ($cookie['expires']) {
+                    $expires = new DateTimeImmutable('@' . strtotime($cookie['expires']));
+                }
+            } catch (Exception $e) {
+                $expires = null;
             }
 
             $cookies[] = new Cookie(

diff --git a/tests/TestCase/Http/Cookie/CookieCollectionTest.php b/tests/TestCase/Http/Cookie/CookieCollectionTest.php
@@ -305,6 +305,27 @@ public function testAddFromResponseRemoveExpired()
         $this->assertFalse($new->has('expired'), 'Should drop expired cookies');
     }
 
+    /**
+     * Test adding cookies from a response with bad expires values
+     *
+     * @return void
+     */
+    public function testAddFromResponseInvalidExpires()
+    {
+        $collection = new CookieCollection();
+        $request = new ServerRequest([
+            'url' => '/app'
+        ]);
+        $response = (new Response())
+            ->withAddedHeader('Set-Cookie', 'test=value')
+            ->withAddedHeader('Set-Cookie', 'expired=no; Expires=1w; Path=/; HttpOnly; Secure;');
+        $new = $collection->addFromResponse($response, $request);
+        $this->assertTrue($new->has('test'));
+        $this->assertTrue($new->has('expired'));
+        $expired = $new->get('expired');
+        $this->assertNull($expired->getExpiry());
+    }
+
     /**
      * Test adding cookies from responses updates cookie values.
      *