Skip to content

[BrowserKit] ignore invalid cookies expires date format #21462

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 30, 2017
Merged

[BrowserKit] ignore invalid cookies expires date format #21462

merged 1 commit into from
Jan 30, 2017

Conversation

xabbuh
Copy link
Member

@xabbuh xabbuh commented Jan 30, 2017

Q A
Branch? 2.7
Bug fix? yes
New feature? no
BC breaks? no
Deprecations? no
Tests pass? yes
Fixed tickets #15656
License MIT
Doc PR

@xabbuh xabbuh mentioned this pull request Jan 30, 2017
Closed
@stof
Copy link
Member

stof commented Jan 30, 2017

This looks weird to me. The issue says to ignore the cookie, not to ignore only its date

@xabbuh
Copy link
Member Author

xabbuh commented Jan 30, 2017

Not sure what you mean. The issue description contains this quote from the RFC:

If the attribute-value failed to parse as a cookie date, ignore the cookie-av.

Maybe I misinterpret that part, but IIUC cookie-av means cookie argument value, but the entire cookie.

@stof
Copy link
Member

stof commented Jan 30, 2017

ah sorry, I misread it

javiereguiluz
javiereguiluz requested changes Jan 30, 2017
View reviewed changes
Copy link
Member

@javiereguiluz javiereguiluz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess we should also update the constructor of this class, where you can find:

if (null !== $expires) {
    $timestampAsDateTime = \DateTime::createFromFormat('U', $expires);
    if (false === $timestampAsDateTime) {
        throw new \UnexpectedValueException(sprintf('The cookie expiration time "%s" is not valid.', $expires));
    }

    $this->expires = $timestampAsDateTime->format('U');
}

@xabbuh
Copy link
Member Author

xabbuh commented Jan 30, 2017

@javiereguiluz I don't think so. Let me quote myself from #15656 (comment):

Actually, after thinking of this again I do not think that we need to change the constructor. It is documented that the expected value must be a string containing the expires timestamp.

The constructor will be used by some code that already had to parse the Set-Cookie header. So this part should be responsible to deal with invalid values instead of magically treating them as anything else.

javiereguiluz
javiereguiluz approved these changes Jan 30, 2017
View reviewed changes
Copy link
Member

@javiereguiluz javiereguiluz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@xabbuh you are right! I missed your comment.

👍

Status: reviewed

@fabpot
Copy link
Member

fabpot commented Jan 30, 2017

Thank you @xabbuh.

@fabpot fabpot merged commit f19788d into symfony:2.7 Jan 30, 2017
fabpot added a commit that referenced this pull request Jan 30, 2017
@fabpot
bug #21462 [BrowserKit] ignore invalid cookies expires date format (x…
a6c05e5 
…abbuh)

This PR was merged into the 2.7 branch.

Discussion
----------

[BrowserKit] ignore invalid cookies expires date format

| Q             | A
| ------------- | ---
| Branch?       | 2.7
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #15656
| License       | MIT
| Doc PR        |

Commits
-------

f19788d ignore invalid cookies expires date format
@xabbuh xabbuh deleted the issue-15656 branch January 30, 2017 15:33
This was referenced Feb 6, 2017
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@javiereguiluz javiereguiluz javiereguiluz approved these changes

Assignees
No one assigned
Labels
BrowserKit Bug Status: Reviewed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@xabbuh @stof @fabpot @javiereguiluz @carsonbot