adjust cookie serialization

laravel · Aug 7, 2018 · 240d904 · 240d904
1 parent d1fc8eb
commit 240d904
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 5 deletions.
diff --git a/src/Illuminate/Cookie/Middleware/EncryptCookies.php b/src/Illuminate/Cookie/Middleware/EncryptCookies.php
@@ -30,7 +30,7 @@ class EncryptCookies
      *
      * @var bool
      */
-    protected $serialize = false;
+    protected static $serialize = false;
 
     /**
      * Create a new CookieGuard instance.
@@ -100,7 +100,7 @@ protected function decryptCookie($name, $cookie)
     {
         return is_array($cookie)
                         ? $this->decryptArray($cookie)
-                        : $this->encrypter->decrypt($cookie, $this->serialize);
+                        : $this->encrypter->decrypt($cookie, static::serialized($name));
     }
 
     /**
@@ -115,7 +115,7 @@ protected function decryptArray(array $cookie)
 
         foreach ($cookie as $key => $value) {
             if (is_string($value)) {
-                $decrypted[$key] = $this->encrypter->decrypt($value, $this->serialize);
+                $decrypted[$key] = $this->encrypter->decrypt($value, static::serialized($key));
             }
         }
 
@@ -136,7 +136,7 @@ protected function encrypt(Response $response)
             }
 
             $response->headers->setCookie($this->duplicate(
-                $cookie, $this->encrypter->encrypt($cookie->getValue(), $this->serialize)
+                $cookie, $this->encrypter->encrypt($cookie->getValue(), static::serialized($cookie->getName()))
             ));
         }
 
@@ -169,4 +169,15 @@ public function isDisabled($name)
     {
         return in_array($name, $this->except);
     }
+
+    /**
+     * Determine if the cookie contents should be serialized.
+     *
+     * @param  string  $name
+     * @return bool
+     */
+    public static function serialized($name)
+    {
+        return static::$serialize;
+    }
 }
diff --git a/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php b/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php
@@ -8,6 +8,7 @@
 use Symfony\Component\HttpFoundation\Cookie;
 use Illuminate\Contracts\Encryption\Encrypter;
 use Illuminate\Session\TokenMismatchException;
+use Illuminate\Cookie\Middleware\EncryptCookies;
 
 class VerifyCsrfToken
 {
@@ -138,7 +139,7 @@ protected function getTokenFromRequest($request)
         $token = $request->input('_token') ?: $request->header('X-CSRF-TOKEN');
 
         if (! $token && $header = $request->header('X-XSRF-TOKEN')) {
-            $token = $this->encrypter->decrypt($header, false);
+            $token = $this->encrypter->decrypt($header, static::serialized());
         }
 
         return $token;
@@ -164,4 +165,14 @@ protected function addCookieToResponse($request, $response)
 
         return $response;
     }
+
+    /**
+     * Determine if the cookie contents should be serialized.
+     *
+     * @return bool
+     */
+    public static function serialized()
+    {
+        return EncryptCookies::serialized('XSRF-TOKEN');
+    }
 }