Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Certain servers may not set a whitespace after a colon (Set-Cookie: header) #3699

Closed
wants to merge 2 commits into from

3 participants

Ville Mattila Matthew Weier O'Phinney ClemensSahs
Ville Mattila

If there is no whitespace after a colon, PHP Notice Undefined offset: 1 in \Zend\Http\Header\SetCookie.php:135 is raised. This PR fixes also the issue #2946 .

Matthew Weier O'Phinney

Can you add a test for this, please -- so that we don't introduce a regression later?

Ville Mattila vmattila * Added two incomplete, but valid "Set-Cookie:" and "Set-Cookie: " he…
…aders to the test dataprovider

* Modified behaviour of SetCookie::getFieldValue() in case of empty header
a6ee873
Ville Mattila

Tests added. It seems that SetCookie::setFieldValue() does not survive from this kind of empty headers but throws an error. Fixed it too to return an empty string in such a case.

Matthew Weier O'Phinney weierophinney referenced this pull request from a commit
Matthew Weier O'Phinney weierophinney Merge branch 'hotfix/3699' into develop
Forward port #3699
78520fe
Matthew Weier O'Phinney weierophinney was assigned
Deleted user Unknown referenced this pull request from a commit
Matthew Weier O'Phinney weierophinney Merge branch 'hotfix/3699'
Close #3699
e1f0e25
Deleted user Unknown referenced this pull request from a commit
Matthew Weier O'Phinney weierophinney Merge branch 'hotfix/3699' into develop
Forward port #3699
9fcc1c1
ClemensSahs

Why we have to incomplete data sets? I one not enough?

I see this in the file and my first idea was "clean one of them... now!!!"

These two "incomplete" cookie datasets are syntatically valid Set-Cookie headers and there just to avoid regression with another modification.

@vmattila
yes, I know that both a valid. My question was "will be one of them enough or not?"
In my mind dataprovider will call in front off test setup, with that behavior we will have tow similar tests.

...
oh sorry... I see now at the first time, that we have a whitespace after the second "Set-Cookie:"
this is my fail... yes so we have tow different test.

regards

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Feb 7, 2013
  1. Ville Mattila

    Certain servers may not set a whitespace after colon (in Set-Cookie),…

    vmattila authored
    … causing a PHP notice to be thrown.
Commits on Feb 8, 2013
  1. Ville Mattila

    * Added two incomplete, but valid "Set-Cookie:" and "Set-Cookie: " he…

    vmattila authored
    …aders to the test dataprovider
    
    * Modified behaviour of SetCookie::getFieldValue() in case of empty header
This page is out of date. Refresh to see the latest.
5 library/Zend/Http/Header/SetCookie.php
View
@@ -132,7 +132,8 @@ public static function fromString($headerLine, $bypassHeaderFieldName = false)
};
}
- list($name, $value) = explode(': ', $headerLine, 2);
+ list($name, $value) = explode(':', $headerLine, 2);
+ $value = ltrim($value);
// some sites return set-cookie::value, this is to get rid of the second :
$name = (strtolower($name) =='set-cookie:') ? 'set-cookie' : $name;
@@ -227,7 +228,7 @@ public function getFieldName()
public function getFieldValue()
{
if ($this->getName() == '') {
- throw new Exception\RuntimeException('A cookie name is required to generate a field value for this cookie');
+ return '';
}
$value = $this->getValue();
11 tests/ZendTest/Http/Header/SetCookieTest.php
View
@@ -334,7 +334,16 @@ public static function validCookieWithInfoProvider()
),
'myname=myvalue; Expires=Wed, 13-Jan-2021 22:23:01 GMT; Domain=docs.foo.com; Path=/accounts; Secure; HttpOnly'
),
+ array(
+ 'Set-Cookie:',
+ array(),
+ ''
+ ),
+ array(
+ 'Set-Cookie: ',
+ array(),
+ ''
+ ),
);
}
-
}
Something went wrong with that request. Please try again.