Skip to content
Permalink
Browse files

Ignore invalid expires attributes in cookies.

Refs #12269
  • Loading branch information...
markstory committed Jun 26, 2018
1 parent 2341c3c commit 427929566577189007a9e2b61f03477a8ce85207
Showing with 31 additions and 5 deletions.
  1. +10 −5 src/Http/Cookie/CookieCollection.php
  2. +21 −0 tests/TestCase/Http/Cookie/CookieCollectionTest.php
@@ -17,6 +17,7 @@
use Countable;
use DateTimeImmutable;
use DateTimeZone;
use Exception;
use InvalidArgumentException;
use IteratorAggregate;
use Psr\Http\Message\RequestInterface;
@@ -369,11 +370,15 @@ protected static function parseSetCookieHeader($values)
$cookie[$key] = $value;
}
}
$expires = null;
if ($cookie['max-age'] !== null) {
$expires = new DateTimeImmutable('@' . (time() + $cookie['max-age']));
} elseif ($cookie['expires']) {
$expires = new DateTimeImmutable('@' . strtotime($cookie['expires']));
try {
$expires = null;
if ($cookie['max-age'] !== null) {
$expires = new DateTimeImmutable('@' . (time() + $cookie['max-age']));
} elseif ($cookie['expires']) {
$expires = new DateTimeImmutable('@' . strtotime($cookie['expires']));
}
} catch (Exception $e) {
$expires = null;
}
$cookies[] = new Cookie(
@@ -305,6 +305,27 @@ public function testAddFromResponseRemoveExpired()
$this->assertFalse($new->has('expired'), 'Should drop expired cookies');
}
/**
* Test adding cookies from a response with bad expires values
*
* @return void
*/
public function testAddFromResponseInvalidExpires()
{
$collection = new CookieCollection();
$request = new ServerRequest([
'url' => '/app'
]);
$response = (new Response())
->withAddedHeader('Set-Cookie', 'test=value')
->withAddedHeader('Set-Cookie', 'expired=no; Expires=1w; Path=/; HttpOnly; Secure;');
$new = $collection->addFromResponse($response, $request);
$this->assertTrue($new->has('test'));
$this->assertTrue($new->has('expired'));
$expired = $new->get('expired');
$this->assertNull($expired->getExpiry());
}
/**
* Test adding cookies from responses updates cookie values.
*

0 comments on commit 4279295

Please sign in to comment.
You can’t perform that action at this time.