Skip to content
This repository has been archived by the owner on Jan 30, 2020. It is now read-only.

Commit

Permalink
Add CRLF attack test for SetCookie::setValue
Browse files Browse the repository at this point in the history
  • Loading branch information
@zerocrates
zerocrates committed Sep 12, 2015
1 parent 83ec382 commit 0a3911c
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions test/Header/SetCookieTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -435,6 +435,13 @@ public function testPreventsCRLFAttackViaConstructor()
$this->assertEquals('Set-Cookie: leo_auth_token=example%0D%0A%0D%0AevilContent', $header->toString());
}

public function testPreventsCRLFAttackViaSetValue()
{
$header = new SetCookie("leo_auth_token");
$header->setValue("example\r\n\r\nevilContent");
$this->assertEquals('Set-Cookie: leo_auth_token=example%0D%0A%0D%0AevilContent', $header->toString());
}

public function setterInjections()
{
return [
Expand Down

0 comments on commit 0a3911c

Please sign in to comment.