From 8215dbdb314224e04bf1823a301cc12d1fdb2096 Mon Sep 17 00:00:00 2001 From: Roland Franssen Date: Wed, 14 Dec 2016 18:35:20 +0000 Subject: [PATCH] [HttpFoundation] Validate/cast cookie expire time --- .../Component/HttpFoundation/Cookie.php | 6 ++--- .../HttpFoundation/Tests/CookieTest.php | 22 +++++++++++++++---- 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/src/Symfony/Component/HttpFoundation/Cookie.php b/src/Symfony/Component/HttpFoundation/Cookie.php index 13d69f3bd2..91783a6ad2 100644 --- a/src/Symfony/Component/HttpFoundation/Cookie.php +++ b/src/Symfony/Component/HttpFoundation/Cookie.php @@ -56,7 +56,7 @@ class Cookie } elseif (!is_numeric($expire)) { $expire = strtotime($expire); - if (false === $expire || -1 === $expire) { + if (false === $expire) { throw new \InvalidArgumentException('The cookie expiration time is not valid.'); } } @@ -64,7 +64,7 @@ class Cookie $this->name = $name; $this->value = $value; $this->domain = $domain; - $this->expire = $expire; + $this->expire = 0 < $expire ? (int) $expire : 0; $this->path = empty($path) ? '/' : $path; $this->secure = (bool) $secure; $this->httpOnly = (bool) $httpOnly; @@ -84,7 +84,7 @@ class Cookie } else { $str .= urlencode($this->getValue()); - if ($this->getExpiresTime() !== 0) { + if (0 !== $this->getExpiresTime()) { $str .= '; expires='.gmdate('D, d-M-Y H:i:s T', $this->getExpiresTime()); } } diff --git a/src/Symfony/Component/HttpFoundation/Tests/CookieTest.php b/src/Symfony/Component/HttpFoundation/Tests/CookieTest.php index 222786533e..d9f2e2114d 100644 --- a/src/Symfony/Component/HttpFoundation/Tests/CookieTest.php +++ b/src/Symfony/Component/HttpFoundation/Tests/CookieTest.php @@ -52,7 +52,14 @@ class CookieTest extends \PHPUnit_Framework_TestCase */ public function testInvalidExpiration() { - $cookie = new Cookie('MyCookie', 'foo', 'bar'); + new Cookie('MyCookie', 'foo', 'bar'); + } + + public function testNegativeExpirationIsNotPossible() + { + $cookie = new Cookie('foo', 'bar', -100); + + $this->assertSame(0, $cookie->getExpiresTime()); } public function testGetValue() @@ -77,6 +84,13 @@ class CookieTest extends \PHPUnit_Framework_TestCase $this->assertEquals(3600, $cookie->getExpiresTime(), '->getExpiresTime() returns the expire date'); } + public function testGetExpiresTimeIsCastToInt() + { + $cookie = new Cookie('foo', 'bar', 3600.9); + + $this->assertSame(3600, $cookie->getExpiresTime(), '->getExpiresTime() returns the expire date as an integer'); + } + public function testConstructorWithDateTime() { $expire = new \DateTime(); @@ -143,12 +157,12 @@ class CookieTest extends \PHPUnit_Framework_TestCase public function testToString() { $cookie = new Cookie('foo', 'bar', strtotime('Fri, 20-May-2011 15:25:52 GMT'), '/', '.myfoodomain.com', true); - $this->assertEquals('foo=bar; expires=Fri, 20-May-2011 15:25:52 GMT; path=/; domain=.myfoodomain.com; secure; httponly', $cookie->__toString(), '->__toString() returns string representation of the cookie'); + $this->assertEquals('foo=bar; expires=Fri, 20-May-2011 15:25:52 GMT; path=/; domain=.myfoodomain.com; secure; httponly', (string) $cookie, '->__toString() returns string representation of the cookie'); $cookie = new Cookie('foo', null, 1, '/admin/', '.myfoodomain.com'); - $this->assertEquals('foo=deleted; expires='.gmdate('D, d-M-Y H:i:s T', time() - 31536001).'; path=/admin/; domain=.myfoodomain.com; httponly', $cookie->__toString(), '->__toString() returns string representation of a cleared cookie if value is NULL'); + $this->assertEquals('foo=deleted; expires='.gmdate('D, d-M-Y H:i:s T', time() - 31536001).'; path=/admin/; domain=.myfoodomain.com; httponly', (string) $cookie, '->__toString() returns string representation of a cleared cookie if value is NULL'); $cookie = new Cookie('foo', 'bar', 0, '/', ''); - $this->assertEquals('foo=bar; path=/; httponly', $cookie->__toString()); + $this->assertEquals('foo=bar; path=/; httponly', (string) $cookie); } }