Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
bug #20925 [HttpFoundation] Validate/cast cookie expire time (ro0NL)
This PR was merged into the 2.7 branch.

Discussion
----------

[HttpFoundation] Validate/cast cookie expire time

| Q             | A
| ------------- | ---
| Branch?       | 2.7
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License       | MIT
| Doc PR        | symfony/symfony-docs#... <!--highly recommended for new features-->

Commits
-------

8215dbd [HttpFoundation] Validate/cast cookie expire time
  • Loading branch information
fabpot committed Jan 3, 2017
2 parents 9879c81 + 8215dbd commit 5fdf0e9
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 7 deletions.
6 changes: 3 additions & 3 deletions src/Symfony/Component/HttpFoundation/Cookie.php
Expand Up @@ -56,15 +56,15 @@ public function __construct($name, $value = null, $expire = 0, $path = '/', $dom
} elseif (!is_numeric($expire)) {
$expire = strtotime($expire);

if (false === $expire || -1 === $expire) {
if (false === $expire) {
throw new \InvalidArgumentException('The cookie expiration time is not valid.');
}
}

$this->name = $name;
$this->value = $value;
$this->domain = $domain;
$this->expire = $expire;
$this->expire = 0 < $expire ? (int) $expire : 0;
$this->path = empty($path) ? '/' : $path;
$this->secure = (bool) $secure;
$this->httpOnly = (bool) $httpOnly;
Expand All @@ -84,7 +84,7 @@ public function __toString()
} else {
$str .= urlencode($this->getValue());

if ($this->getExpiresTime() !== 0) {
if (0 !== $this->getExpiresTime()) {
$str .= '; expires='.gmdate('D, d-M-Y H:i:s T', $this->getExpiresTime());
}
}
Expand Down
22 changes: 18 additions & 4 deletions src/Symfony/Component/HttpFoundation/Tests/CookieTest.php
Expand Up @@ -52,7 +52,14 @@ public function testInstantiationThrowsExceptionIfCookieNameContainsInvalidChara
*/
public function testInvalidExpiration()
{
$cookie = new Cookie('MyCookie', 'foo', 'bar');
new Cookie('MyCookie', 'foo', 'bar');
}

public function testNegativeExpirationIsNotPossible()
{
$cookie = new Cookie('foo', 'bar', -100);

$this->assertSame(0, $cookie->getExpiresTime());
}

public function testGetValue()
Expand All @@ -77,6 +84,13 @@ public function testGetExpiresTime()
$this->assertEquals(3600, $cookie->getExpiresTime(), '->getExpiresTime() returns the expire date');
}

public function testGetExpiresTimeIsCastToInt()
{
$cookie = new Cookie('foo', 'bar', 3600.9);

$this->assertSame(3600, $cookie->getExpiresTime(), '->getExpiresTime() returns the expire date as an integer');
}

public function testConstructorWithDateTime()
{
$expire = new \DateTime();
Expand Down Expand Up @@ -143,12 +157,12 @@ public function testCookieIsCleared()
public function testToString()
{
$cookie = new Cookie('foo', 'bar', strtotime('Fri, 20-May-2011 15:25:52 GMT'), '/', '.myfoodomain.com', true);
$this->assertEquals('foo=bar; expires=Fri, 20-May-2011 15:25:52 GMT; path=/; domain=.myfoodomain.com; secure; httponly', $cookie->__toString(), '->__toString() returns string representation of the cookie');
$this->assertEquals('foo=bar; expires=Fri, 20-May-2011 15:25:52 GMT; path=/; domain=.myfoodomain.com; secure; httponly', (string) $cookie, '->__toString() returns string representation of the cookie');

$cookie = new Cookie('foo', null, 1, '/admin/', '.myfoodomain.com');
$this->assertEquals('foo=deleted; expires='.gmdate('D, d-M-Y H:i:s T', time() - 31536001).'; path=/admin/; domain=.myfoodomain.com; httponly', $cookie->__toString(), '->__toString() returns string representation of a cleared cookie if value is NULL');
$this->assertEquals('foo=deleted; expires='.gmdate('D, d-M-Y H:i:s T', time() - 31536001).'; path=/admin/; domain=.myfoodomain.com; httponly', (string) $cookie, '->__toString() returns string representation of a cleared cookie if value is NULL');

$cookie = new Cookie('foo', 'bar', 0, '/', '');
$this->assertEquals('foo=bar; path=/; httponly', $cookie->__toString());
$this->assertEquals('foo=bar; path=/; httponly', (string) $cookie);
}
}

0 comments on commit 5fdf0e9

Please sign in to comment.