Skip to content
This repository was archived by the owner on Jan 30, 2020. It is now read-only.

Commit 3c463f1

Browse files
weierophinneyweierophinney
committed
Merge branch 'hotfix/ZF2-169' of https://github.com/adamlundrigan/zf2 into hotfix/zf2-169
7 parents e0ca271 + 0daebbf + d562686 + 67b42b2 + bdb1dae + 9809630 + eb11c0d commit 3c463f1

File tree

2 files changed

+20
-4
lines changed

2 files changed

+20
-4
lines changed

src/Header/SetCookie.php

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -96,6 +96,14 @@ public static function fromString($headerLine, $bypassHeaderFieldName = false)
9696
$headerValue = null;
9797
}
9898

99+
// First K=V pair is always the cookie name and value
100+
if ($header->getName() === NULL) {
101+
$header->setName($headerKey);
102+
$header->setValue($headerValue);
103+
continue;
104+
}
105+
106+
// Process the remanining elements
99107
switch (str_replace(array('-', '_'), '', strtolower($headerKey))) {
100108
case 'expires' : $header->setExpires($headerValue); break;
101109
case 'domain' : $header->setDomain($headerValue); break;
@@ -105,8 +113,7 @@ public static function fromString($headerLine, $bypassHeaderFieldName = false)
105113
case 'version' : $header->setVersion((int) $headerValue); break;
106114
case 'maxage' : $header->setMaxAge((int) $headerValue); break;
107115
default:
108-
$header->setName($headerKey);
109-
$header->setValue($headerValue);
116+
// Intentionally omitted
110117
}
111118
}
112119

test/Header/SetCookieTest.php

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -129,8 +129,7 @@ public function testSetCookieCanAppendOtherHeadersInWhenCreatingString()
129129
/** Implmentation specific tests here */
130130

131131
/**
132-
* ZF2-169
133-
*
132+
* @group ZF2-169
134133
* @see http://framework.zend.com/issues/browse/ZF2-169
135134
*/
136135
public function testZF2_169()
@@ -139,5 +138,15 @@ public function testZF2_169()
139138
$setCookieHeader = SetCookie::fromString($cookie);
140139
$this->assertEquals($cookie, $setCookieHeader->toString());
141140
}
141+
142+
/**
143+
* @group ZF2-169
144+
*/
145+
public function testDoesNotAcceptCookieNameFromArbitraryLocationInHeaderValue()
146+
{
147+
$cookie = 'Set-Cookie: Version=1; Max-Age=1799; Expires=Mon, 20-Feb-2012 02:49:57 GMT; Path=/; leo_auth_token="example"';
148+
$setCookieHeader = SetCookie::fromString($cookie);
149+
$this->assertNotEquals('leo_auth_token', $setCookieHeader->getName());
150+
}
142151
}
143152

0 commit comments

Comments
 (0)