Skip to content
Permalink
Browse files

Don't blow up client operations when we get invalid cookies.

The internet is a dangerous place for http clients. Ignore more
varieties of invlaid cookies.

Refs #12311
  • Loading branch information...
markstory committed Jul 2, 2018
1 parent d997562 commit 1c899b5d8fc562a0874f1ea408cb46246f3f86ee
Showing with 30 additions and 9 deletions.
  1. +13 −9 src/Http/Cookie/CookieCollection.php
  2. +17 −0 tests/TestCase/Http/Cookie/CookieCollectionTest.php
@@ -381,15 +381,19 @@ protected static function parseSetCookieHeader($values)
$expires = null;
}
$cookies[] = new Cookie(
$name,
$cookie['value'],
$expires,
$cookie['path'],
$cookie['domain'],
$cookie['secure'],
$cookie['httponly']
);
try {
$cookies[] = new Cookie(
$name,
$cookie['value'],
$expires,
$cookie['path'],
$cookie['domain'],
$cookie['secure'],
$cookie['httponly']
);
} catch (Exception $e) {
// Don't blow up on invalid cookies
}
}
return $cookies;
@@ -263,6 +263,23 @@ public function testAddFromResponseValueUrldecodeData()
$this->assertSame('/example', $test->getPath());
}
/**
* Test adding cookies from a response ignores empty headers
*
* @return void
*/
public function testAddFromResponseIgnoreEmpty()
{
$collection = new CookieCollection();
$request = new ServerRequest([
'url' => '/app'
]);
$response = (new Response())
->withAddedHeader('Set-Cookie', '');
$new = $collection->addFromResponse($response, $request);
$this->assertCount(0, $new, 'no cookies parsed');
}
/**
* Test adding cookies from a response ignores expired cookies
*

0 comments on commit 1c899b5

Please sign in to comment.
You can’t perform that action at this time.