| Index: trunk/phase3/maintenance/tests/HttpTest.php |
| — | — | @@ -443,24 +443,28 @@ |
| 444 | 444 | $cj = new CookieJar; |
| 445 | 445 | |
| 446 | 446 | $h[] = "Set-Cookie: name4=value; domain=.example.com; path=/; expires=Mon, 09-Dec-2999 13:46:00 GMT"; |
| 447 | | - $cj->parseCookieResponseHeader( $h[0] ); |
| | 447 | + $cj->parseCookieResponseHeader( $h[0], "www.example.com" ); |
| 448 | 448 | $this->assertEquals("name4=value", $cj->serializeToHttpRequest("/", "www.example.com")); |
| 449 | 449 | |
| 450 | 450 | $h[] = "name4=value2; domain=.example.com; path=/path/; expires=Mon, 09-Dec-2999 13:46:00 GMT"; |
| 451 | | - $cj->parseCookieResponseHeader( $h[1] ); |
| | 451 | + $cj->parseCookieResponseHeader( $h[1], "www.example.com" ); |
| 452 | 452 | $this->assertEquals("", $cj->serializeToHttpRequest("/", "www.example.com")); |
| 453 | 453 | $this->assertEquals("name4=value2", $cj->serializeToHttpRequest("/path/", "www.example.com")); |
| 454 | 454 | |
| 455 | 455 | $h[] = "name5=value3; domain=.example.com; path=/path/; expires=Mon, 09-Dec-2999 13:46:00 GMT"; |
| 456 | | - $cj->parseCookieResponseHeader( $h[2] ); |
| | 456 | + $cj->parseCookieResponseHeader( $h[2], "www.example.com" ); |
| 457 | 457 | $this->assertEquals("name4=value2; name5=value3", $cj->serializeToHttpRequest("/path/", "www.example.com")); |
| 458 | 458 | |
| 459 | | - $h[] = "name6=value3; domain=.example.net; path=/path/; expires=Mon, 09-Dec-1999 13:46:00 GMT"; |
| 460 | | - $cj->parseCookieResponseHeader( $h[3] ); |
| | 459 | + $h[] = "name6=value3; domain=.example.net; path=/path/; expires=Mon, 09-Dec-2999 13:46:00 GMT"; |
| | 460 | + $cj->parseCookieResponseHeader( $h[3], "www.example.com" ); |
| 461 | 461 | $this->assertEquals("", $cj->serializeToHttpRequest("/path/", "www.example.net")); |
| 462 | 462 | |
| | 463 | + $h[] = "name6=value0; domain=.example.net; path=/path/; expires=Mon, 09-Dec-1999 13:46:00 GMT"; |
| | 464 | + $cj->parseCookieResponseHeader( $h[4], "www.example.net" ); |
| | 465 | + $this->assertEquals("", $cj->serializeToHttpRequest("/path/", "www.example.net")); |
| | 466 | + |
| 463 | 467 | $h[] = "name6=value4; domain=.example.net; path=/path/; expires=Mon, 09-Dec-2999 13:46:00 GMT"; |
| 464 | | - $cj->parseCookieResponseHeader( $h[4] ); |
| | 468 | + $cj->parseCookieResponseHeader( $h[5], "www.example.net" ); |
| 465 | 469 | $this->assertEquals("name6=value4", $cj->serializeToHttpRequest("/path/", "www.example.net")); |
| 466 | 470 | } |
| 467 | 471 | |
| Index: trunk/phase3/includes/HttpFunctions.php |
| — | — | @@ -502,7 +502,7 @@ |
| 503 | 503 | } |
| 504 | 504 | |
| 505 | 505 | class CookieJar { |
| 506 | | - private $cookie; |
| | 506 | + private $cookie = array(); |
| 507 | 507 | |
| 508 | 508 | /** |
| 509 | 509 | * Set a cookie in the cookie jar. Make sure only one cookie per-name exists. |
| — | — | @@ -538,30 +538,44 @@ |
| 539 | 539 | * Parse the content of an Set-Cookie HTTP Response header. |
| 540 | 540 | * @param $cookie string |
| 541 | 541 | */ |
| 542 | | - public function parseCookieResponseHeader ( $cookie, $domain = null ) { |
| | 542 | + public function parseCookieResponseHeader ( $cookie, $domain ) { |
| 543 | 543 | $len = strlen( "Set-Cookie:" ); |
| 544 | 544 | if ( substr_compare( "Set-Cookie:", $cookie, 0, $len, TRUE ) === 0 ) { |
| 545 | 545 | $cookie = substr( $cookie, $len ); |
| 546 | 546 | } |
| 547 | 547 | |
| 548 | 548 | $bit = array_map( 'trim', explode( ";", $cookie ) ); |
| 549 | | - list($name, $value) = explode( "=", array_shift( $bit ), 2 ); |
| 550 | | - $attr = array(); |
| 551 | | - foreach( $bit as $piece ) { |
| 552 | | - $parts = explode( "=", $piece ); |
| 553 | | - if( count( $parts ) > 1 ) { |
| 554 | | - $attr[strtolower( $parts[0] )] = $parts[1]; |
| | 549 | + if ( count($bit) >= 1 ) { |
| | 550 | + list($name, $value) = explode( "=", array_shift( $bit ), 2 ); |
| | 551 | + $attr = array(); |
| | 552 | + foreach( $bit as $piece ) { |
| | 553 | + $parts = explode( "=", $piece ); |
| | 554 | + if( count( $parts ) > 1 ) { |
| | 555 | + $attr[strtolower( $parts[0] )] = $parts[1]; |
| | 556 | + } else { |
| | 557 | + $attr[strtolower( $parts[0] )] = true; |
| | 558 | + } |
| | 559 | + } |
| | 560 | + |
| | 561 | + if( !isset( $attr['domain'] ) ) { |
| | 562 | + $attr['domain'] = $domain; |
| 555 | 563 | } else { |
| 556 | | - $attr[strtolower( $parts[0] )] = true; |
| | 564 | + /* If domain is given, it has to contain at least two dots */ |
| | 565 | + if ( strrpos( $attr['domain'], '.' ) === false |
| | 566 | + || strrpos( $attr['domain'], '.' ) === strpos( $attr['domain'], '.' ) ) { |
| | 567 | + return; |
| | 568 | + } |
| | 569 | + if ( substr( $attr['domain'], 0, 1 ) === '.' ) { |
| | 570 | + $attr['domain'] = substr( $attr['domain'], 1 ); |
| | 571 | + } |
| | 572 | + if ( strlen( $attr['domain'] ) < strlen( $domain ) |
| | 573 | + && substr_compare( $domain, $attr['domain'], -strlen( $attr['domain'] ), |
| | 574 | + strlen( $attr['domain'] ), TRUE ) != 0 ) { |
| | 575 | + return; /* silently reject a bad cookie */ |
| | 576 | + } |
| 557 | 577 | } |
| | 578 | + $this->setCookie( $name, $value, $attr ); |
| 558 | 579 | } |
| 559 | | - |
| 560 | | - if( !isset( $attr['domain'] ) ) { |
| 561 | | - $attr['domain'] = $domain; |
| 562 | | - } else { |
| 563 | | - /* FIXME: Check that domain is valid */ |
| 564 | | - } |
| 565 | | - $this->setCookie( $name, $value, $attr ); |
| 566 | 580 | } |
| 567 | 581 | } |
| 568 | 582 | |