clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-21 09:57:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed GH-9200: setcookie has an obsolete expires date format

Browse Source
This commit is contained in:
Derick Rethans 2022-08-11 14:41:22 +01:00
parent 9dc6ee995f
commit 15e3fcb468
4 changed files with 12 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
NEWS
View File

@ -25,6 +25,7 @@ PHP NEWS
- Standard:
. Fixed bug #65489 (glob() basedir check is inconsistent). (Jakub Zelenka)
. Fixed GH-9200 (setcookie has an obsolete expires date format). (Derick)
. Fixed GH-9244 (Segfault with array_multisort + array_shift). (cmb)
04 Aug 2022, PHP 8.2.0beta2

8
ext/standard/head.c
View File

@ -118,7 +118,7 @@ PHPAPI zend_result php_setcookie(zend_string *name, zend_string *value, time_t e
* so in order to force cookies to be deleted, even on MSIE, we
* pick an expiry date in the past
*/
dt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, d-M-Y H:i:s T")-1, 1, 0);
dt = php_format_date("D, d M Y H:i:s \\G\\M\\T", sizeof("D, d M Y H:i:s \\G\\M\\T")-1, 1, 0);
smart_str_appends(&buf, "Set-Cookie: ");
smart_str_append(&buf, name);
smart_str_appends(&buf, "=deleted; expires=");
@ -137,14 +137,12 @@ PHPAPI zend_result php_setcookie(zend_string *name, zend_string *value, time_t e
smart_str_append(&buf, value);
}
if (expires > 0) {
const char *p;
double diff;
smart_str_appends(&buf, COOKIE_EXPIRES);
dt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, d-M-Y H:i:s T")-1, expires, 0);
dt = php_format_date("D, d M Y H:i:s \\G\\M\\T", sizeof("D, d M Y H:i:s \\G\\M\\T")-1, expires, 0);
/* check to make sure that the year does not exceed 4 digits in length */
p = zend_memrchr(ZSTR_VAL(dt), '-', ZSTR_LEN(dt));
if (!p || *(p + 5) != ' ') {
if (php_idate('Y', expires, 0) > 9999) {
zend_string_free(dt);
smart_str_free(&buf);
zend_value_error("%s(): \"expires\" option cannot have a year greater than 9999",

2
ext/standard/tests/network/bug72071.phpt
View File

@ -11,4 +11,4 @@ setcookie("name", "value", $date);
?>
--EXPECT--
--EXPECTHEADERS--
Set-Cookie: name=value; expires=Sat, 01-Apr-2017 12:25:39 GMT; Max-Age=0
Set-Cookie: name=value; expires=Sat, 01 Apr 2017 12:25:39 GMT; Max-Age=0

14
ext/standard/tests/network/setcookie.phpt
View File

@ -21,20 +21,20 @@ setcookie('name', 'value', ['expires' => $tsp]);
setcookie('name', 'value', ['expires' => $tsn, 'path' => '/path/', 'domain' => 'domain.tld', 'secure' => true, 'httponly' => true, 'samesite' => 'Strict']);
$expected = array(
'Set-Cookie: name=deleted; expires='.date('D, d-M-Y H:i:s', 1).' GMT; Max-Age=0',
'Set-Cookie: name=deleted; expires='.date('D, d-M-Y H:i:s', 1).' GMT; Max-Age=0',
'Set-Cookie: name=deleted; expires='.date('D, d M Y H:i:s', 1).' GMT; Max-Age=0',
'Set-Cookie: name=deleted; expires='.date('D, d M Y H:i:s', 1).' GMT; Max-Age=0',
'Set-Cookie: name=value',
'Set-Cookie: name=space%20value',
'Set-Cookie: name=value',
'Set-Cookie: name=value; expires='.date('D, d-M-Y H:i:s', $tsp).' GMT; Max-Age=5',
'Set-Cookie: name=value; expires='.date('D, d-M-Y H:i:s', $tsn).' GMT; Max-Age=0',
'Set-Cookie: name=value; expires='.date('D, d-M-Y H:i:s', $tsc).' GMT; Max-Age=0',
'Set-Cookie: name=value; expires='.date('D, d M Y H:i:s', $tsp).' GMT; Max-Age=5',
'Set-Cookie: name=value; expires='.date('D, d M Y H:i:s', $tsn).' GMT; Max-Age=0',
'Set-Cookie: name=value; expires='.date('D, d M Y H:i:s', $tsc).' GMT; Max-Age=0',
'Set-Cookie: name=value; path=/path/',
'Set-Cookie: name=value; domain=domain.tld',
'Set-Cookie: name=value; secure',
'Set-Cookie: name=value; HttpOnly',
'Set-Cookie: name=value; expires='.date('D, d-M-Y H:i:s', $tsp).' GMT; Max-Age=5',
'Set-Cookie: name=value; expires='.date('D, d-M-Y H:i:s', $tsn).' GMT; Max-Age=0; path=/path/; domain=domain.tld; secure; HttpOnly; SameSite=Strict'
'Set-Cookie: name=value; expires='.date('D, d M Y H:i:s', $tsp).' GMT; Max-Age=5',
'Set-Cookie: name=value; expires='.date('D, d M Y H:i:s', $tsn).' GMT; Max-Age=0; path=/path/; domain=domain.tld; secure; HttpOnly; SameSite=Strict'
);
$headers = headers_list();