Skip to content
Permalink
Browse files

Session: validates configuration option names

  • Loading branch information...
dg committed Mar 9, 2019
1 parent 45849ba commit ae60d63489fc1523c1536ae186c7f977f8a07e8c
Showing with 38 additions and 1 deletion.
  1. +9 −1 src/Http/Session.php
  2. +29 −0 tests/Http/Session.setOptions.error.phpt
@@ -373,9 +373,17 @@ private function configure(array $config): void
{
$special = ['cache_expire' => 1, 'cache_limiter' => 1, 'save_path' => 1, 'name' => 1];
$cookie = $origCookie = session_get_cookie_params();
$allowed = ini_get_all('session', false) + ['session.cookie_samesite' => 1]; // for PHP < 7.3
foreach ($config as $key => $value) {
if ($value === null || ini_get("session.$key") == $value) { // intentionally ==
if (!isset($allowed["session.$key"])) {
$hint = substr((string) Nette\Utils\ObjectHelpers::getSuggestion(array_keys($allowed), "session.$key"), 8);
[$altKey, $altHint] = array_map(function ($s) {
return preg_replace_callback('#_(.)#', function ($m) { return strtoupper($m[1]); }, $s); // snake_case -> camelCase
}, [$key, (string) $hint]);
throw new Nette\InvalidStateException("Invalid session configuration option '$key' or '$altKey'" . ($hint ? ", did you mean '$hint' or '$altHint'?" : '.'));
} elseif ($value === null || ini_get("session.$key") == $value) { // intentionally ==
continue;
} elseif (strncmp($key, 'cookie_', 7) === 0) {
@@ -0,0 +1,29 @@
<?php
/**
* Test: Nette\Http\Session setOptions error.
*/
declare(strict_types=1);
use Tester\Assert;
require __DIR__ . '/../bootstrap.php';
$factory = new Nette\Http\RequestFactory;
$session = new Nette\Http\Session($factory->createHttpRequest(), new Nette\Http\Response);
$session->start();
Assert::exception(function () use ($session) {
$session->setOptions([
'gc_malifetime' => 123,
]);
}, Nette\InvalidStateException::class, "Invalid session configuration option 'gc_malifetime' or 'gcMalifetime', did you mean 'gc_maxlifetime' or 'gcMaxlifetime'?");
Assert::exception(function () use ($session) {
$session->setOptions([
'cookieDoman' => '.domain.com',
]);
}, Nette\InvalidStateException::class, "Invalid session configuration option 'cookie_doman' or 'cookieDoman', did you mean 'cookie_domain' or 'cookieDomain'?");

0 comments on commit ae60d63

Please sign in to comment.
You can’t perform that action at this time.