diff options
author | Craig Duncan <git@duncanc.co.uk> | 2017-04-03 12:31:26 +0100 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2017-04-09 13:14:40 +0200 |
commit | ba6561d3cc5ef8c2d5a698622586e7aa28e76f5a (patch) | |
tree | 0f2668837ce47d0e1cf9bb45ed994ad858e9b4d5 | |
parent | 948ad747d7fa3894fa3ff13cfa4436e0cf442096 (diff) | |
download | php-git-ba6561d3cc5ef8c2d5a698622586e7aa28e76f5a.tar.gz |
Fixed bug #72071: Prevent Max-Age from being negative
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | ext/standard/head.c | 8 | ||||
-rw-r--r-- | ext/standard/tests/network/bug72071.phpt | 14 | ||||
-rw-r--r-- | ext/standard/tests/network/setcookie.phpt | 2 |
4 files changed, 25 insertions, 2 deletions
@@ -11,6 +11,9 @@ PHP NEWS seconds). (Moritz Fain) . Add OpenSSL 1.1.0 support. (Jakub Zelenka) +- Standard: + . Fixed bug #72071 (setcookie allows max-age to be negative). (Craig Duncan) + 13 Apr 2017 PHP 7.0.18 - Core: diff --git a/ext/standard/head.c b/ext/standard/head.c index 5c2da97bb1..13c1c7b0d2 100644 --- a/ext/standard/head.c +++ b/ext/standard/head.c @@ -134,6 +134,8 @@ PHPAPI int php_setcookie(zend_string *name, zend_string *value, time_t expires, if (expires > 0) { const char *p; char tsdelta[13]; + double diff; + strlcat(cookie, COOKIE_EXPIRES, len + 100); dt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, d-M-Y H:i:s T")-1, expires, 0); /* check to make sure that the year does not exceed 4 digits in length */ @@ -148,7 +150,11 @@ PHPAPI int php_setcookie(zend_string *name, zend_string *value, time_t expires, strlcat(cookie, ZSTR_VAL(dt), len + 100); zend_string_free(dt); - snprintf(tsdelta, sizeof(tsdelta), ZEND_LONG_FMT, (zend_long) difftime(expires, time(NULL))); + diff = difftime(expires, time(NULL)); + if (diff < 0) { + diff = 0; + } + snprintf(tsdelta, sizeof(tsdelta), ZEND_LONG_FMT, (zend_long) diff); strlcat(cookie, COOKIE_MAX_AGE, len + 100); strlcat(cookie, tsdelta, len + 100); } diff --git a/ext/standard/tests/network/bug72071.phpt b/ext/standard/tests/network/bug72071.phpt new file mode 100644 index 0000000000..6d19ab46e3 --- /dev/null +++ b/ext/standard/tests/network/bug72071.phpt @@ -0,0 +1,14 @@ +--TEST-- +Bug #72071 setcookie allows max-age to be negative +--INI-- +date.timezone=UTC +--FILE-- +<?php + +$date = mktime(12, 25, 39, 4, 1, 2017); +setcookie("name", "value", $date); + +?> +--EXPECT-- +--EXPECTHEADERS-- +Set-Cookie: name=value; expires=Sat, 01-Apr-2017 12:25:39 GMT; Max-Age=0 diff --git a/ext/standard/tests/network/setcookie.phpt b/ext/standard/tests/network/setcookie.phpt index 68c929997d..3582d341a7 100644 --- a/ext/standard/tests/network/setcookie.phpt +++ b/ext/standard/tests/network/setcookie.phpt @@ -26,7 +26,7 @@ $expected = array( 'Set-Cookie: name=space+value', 'Set-Cookie: name=value', 'Set-Cookie: name=value; expires='.date('D, d-M-Y H:i:s', $tsp).' GMT; Max-Age=5', - 'Set-Cookie: name=value; expires='.date('D, d-M-Y H:i:s', $tsn).' GMT; Max-Age=-6', + 'Set-Cookie: name=value; expires='.date('D, d-M-Y H:i:s', $tsn).' GMT; Max-Age=0', 'Set-Cookie: name=value; expires='.date('D, d-M-Y H:i:s', $tsc).' GMT; Max-Age=0', 'Set-Cookie: name=value; path=/path/', 'Set-Cookie: name=value; domain=domain.tld', |