diogo
/
symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bug #20925 [HttpFoundation] Validate/cast cookie expire time (ro0NL) 

This PR was merged into the 2.7 branch.

Discussion
----------

[HttpFoundation] Validate/cast cookie expire time

| Q             | A
| ------------- | ---
| Branch?       | 2.7
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License       | MIT
| Doc PR        | symfony/symfony-docs#... <!--highly recommended for new features-->

Commits
-------

8215dbdb31 [HttpFoundation] Validate/cast cookie expire time
This commit is contained in:
Fabien Potencier 2017-01-02 19:24:33 -08:00
parent 9879c8193f 8215dbdb31
commit 5fdf0e9a60
2 changed files with 21 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/Symfony/Component/HttpFoundation/Cookie.php
View File

@ -56,7 +56,7 @@ class Cookie
} elseif (!is_numeric($expire)) { } elseif (!is_numeric($expire)) {
$expire = strtotime($expire); $expire = strtotime($expire);
if (false === $expire || -1 === $expire) { if (false === $expire) {
throw new \InvalidArgumentException('The cookie expiration time is not valid.'); throw new \InvalidArgumentException('The cookie expiration time is not valid.');
} }
} }
@ -64,7 +64,7 @@ class Cookie
$this->name = $name; $this->name = $name;
$this->value = $value; $this->value = $value;
$this->domain = $domain; $this->domain = $domain;
$this->expire = $expire; $this->expire = 0 < $expire ? (int) $expire : 0;
$this->path = empty($path) ? '/' : $path; $this->path = empty($path) ? '/' : $path;
$this->secure = (bool) $secure; $this->secure = (bool) $secure;
$this->httpOnly = (bool) $httpOnly; $this->httpOnly = (bool) $httpOnly;
@ -84,7 +84,7 @@ class Cookie
} else { } else {
$str .= urlencode($this->getValue()); $str .= urlencode($this->getValue());
if ($this->getExpiresTime() !== 0) { if (0 !== $this->getExpiresTime()) {
$str .= '; expires='.gmdate('D, d-M-Y H:i:s T', $this->getExpiresTime()); $str .= '; expires='.gmdate('D, d-M-Y H:i:s T', $this->getExpiresTime());
} }
} }

22
src/Symfony/Component/HttpFoundation/Tests/CookieTest.php
View File

@ -52,7 +52,14 @@ class CookieTest extends \PHPUnit_Framework_TestCase
*/ */
public function testInvalidExpiration() public function testInvalidExpiration()
{ {
$cookie = new Cookie('MyCookie', 'foo', 'bar'); new Cookie('MyCookie', 'foo', 'bar');
}
public function testNegativeExpirationIsNotPossible()
{
$cookie = new Cookie('foo', 'bar', -100);
$this->assertSame(0, $cookie->getExpiresTime());
} }
public function testGetValue() public function testGetValue()
@ -77,6 +84,13 @@ class CookieTest extends \PHPUnit_Framework_TestCase
$this->assertEquals(3600, $cookie->getExpiresTime(), '->getExpiresTime() returns the expire date'); $this->assertEquals(3600, $cookie->getExpiresTime(), '->getExpiresTime() returns the expire date');
} }
public function testGetExpiresTimeIsCastToInt()
{
$cookie = new Cookie('foo', 'bar', 3600.9);
$this->assertSame(3600, $cookie->getExpiresTime(), '->getExpiresTime() returns the expire date as an integer');
}
public function testConstructorWithDateTime() public function testConstructorWithDateTime()
{ {
$expire = new \DateTime(); $expire = new \DateTime();
@ -143,12 +157,12 @@ class CookieTest extends \PHPUnit_Framework_TestCase
public function testToString() public function testToString()
{ {
$cookie = new Cookie('foo', 'bar', strtotime('Fri, 20-May-2011 15:25:52 GMT'), '/', '.myfoodomain.com', true); $cookie = new Cookie('foo', 'bar', strtotime('Fri, 20-May-2011 15:25:52 GMT'), '/', '.myfoodomain.com', true);
$this->assertEquals('foo=bar; expires=Fri, 20-May-2011 15:25:52 GMT; path=/; domain=.myfoodomain.com; secure; httponly', $cookie->__toString(), '->__toString() returns string representation of the cookie'); $this->assertEquals('foo=bar; expires=Fri, 20-May-2011 15:25:52 GMT; path=/; domain=.myfoodomain.com; secure; httponly', (string) $cookie, '->__toString() returns string representation of the cookie');
$cookie = new Cookie('foo', null, 1, '/admin/', '.myfoodomain.com'); $cookie = new Cookie('foo', null, 1, '/admin/', '.myfoodomain.com');
$this->assertEquals('foo=deleted; expires='.gmdate('D, d-M-Y H:i:s T', time() - 31536001).'; path=/admin/; domain=.myfoodomain.com; httponly', $cookie->__toString(), '->__toString() returns string representation of a cleared cookie if value is NULL'); $this->assertEquals('foo=deleted; expires='.gmdate('D, d-M-Y H:i:s T', time() - 31536001).'; path=/admin/; domain=.myfoodomain.com; httponly', (string) $cookie, '->__toString() returns string representation of a cleared cookie if value is NULL');
$cookie = new Cookie('foo', 'bar', 0, '/', ''); $cookie = new Cookie('foo', 'bar', 0, '/', '');
$this->assertEquals('foo=bar; path=/; httponly', $cookie->__toString()); $this->assertEquals('foo=bar; path=/; httponly', (string) $cookie);
} }
} }