Skip to content

[HttpFoundation] allow additinal characters in not raw cookies #33646

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 28, 2019
Merged

[HttpFoundation] allow additinal characters in not raw cookies #33646

merged 1 commit into from
Sep 28, 2019

Conversation

marie
Copy link
Contributor

@marie marie commented Sep 20, 2019
edited
Loading

Q A
Branch? 4.3
Bug fix? yes
Tickets Fix #33619
License MIT

Description
When creating a non-raw Cookie, it is impossible to provide a name that contains characters matching the regex class [=,; \t\r\n\013\014]

Solution: Check with this regex only raw cookie

@nicolas-grekas nicolas-grekas added this to the 4.3 milestone Sep 20, 2019
terjebraten-certua
terjebraten-certua suggested changes Sep 20, 2019
View reviewed changes
Copy link
Contributor

@terjebraten-certua terjebraten-certua left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Failing tests need to be changed

@marie
Copy link
Contributor Author

marie commented Sep 21, 2019

Hello!
I have a question. In the fixtures expected values for sent cookies are:

    [3] => Set-Cookie: %3F%2A%28%29%3A%40%26%2B%24%2F%25%23%5B%5D=%3F%2A%28%29%3A%40%26%2B%24%2F%25%23%5B%5D; path=/
    [4] => Set-Cookie: ?*():@&+$/%#[]=%3F%2A%28%29%3A%40%26%2B%24%2F%25%23%5B%5D; path=/

number 3 is for Symfony's function $response->sendHeaders and number 4 is for php's native function setcookie. Thus the symfony's function have different behaviour from setcookie function. Do you think this is alright?

@trvrnrth
Copy link

trvrnrth commented Sep 23, 2019
edited
Loading

That looks like it could be problematic so I think it would be best to maintain full compatibility.

@marie I've PR'ed to your branch at marie#1 with a proposed solution to only encode the required characters. The general approach is borrowed from the Guzzle PSR-7 Uri implementation.

@marie
Copy link
Contributor Author

marie commented Sep 23, 2019

Does anybody know how to rebuild failed because of timeout pipeline? Probably I don't have rights

@fabpot
Copy link
Member

fabpot commented Sep 24, 2019

@marie I've just restarted the job for you.

@marie
Copy link
Contributor Author

marie commented Sep 24, 2019

@fabpot thank you!

nicolas-grekas
nicolas-grekas reviewed Sep 27, 2019
View reviewed changes
Copy link
Member

@nicolas-grekas nicolas-grekas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

some more nitpicking :)

@fabpot
Copy link
Member

fabpot commented Sep 28, 2019

@marie To help me merge this PR, can you squash the commits? Also, is it for 4.3 only, don't we have the same issue on 3.4?

@marie
Copy link
Contributor Author

marie commented Sep 28, 2019

@fabpot yes, we have to merge it to 3.4 too. Should I create a new PR instead of this one?

Do you know why one of builds failed with error -1073741819?

@nicolas-grekas
Copy link
Member

No worries, I'm going to take care of the rebase.

@nicolas-grekas nicolas-grekas changed the base branch from 4.3 to 3.4 September 28, 2019 15:06
@nicolas-grekas
Copy link
Member

Thank you @marie.

nicolas-grekas added a commit that referenced this pull request Sep 28, 2019
@nicolas-grekas
bug #33646 [HttpFoundation] allow additinal characters in not raw coo…
ca25396 
…kies (marie)

This PR was merged into the 3.4 branch.

Discussion
----------

[HttpFoundation] allow additinal characters in not raw cookies

| Q             | A
| ------------- | ---
| Branch?       | 4.3
| Bug fix?      | yes
| Tickets       | Fix #33619
| License     | MIT

> **Description**
> When creating a non-raw Cookie, it is impossible to provide a name that contains characters matching the regex class [=,; \t\r\n\013\014]

**Solution**: Check with this regex only raw cookie

Commits
-------

4db1402 [HttpFoundation] allow additinal characters in not raw cookies
@nicolas-grekas nicolas-grekas merged commit 4db1402 into symfony:3.4 Sep 28, 2019
This was referenced Oct 7, 2019
Merged
Merged
@dependabot dependabot bot mentioned this pull request Mar 17, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fabpot fabpot fabpot approved these changes

@nicolas-grekas nicolas-grekas nicolas-grekas approved these changes

@trvrnrth trvrnrth trvrnrth approved these changes

@terjebraten-certua terjebraten-certua terjebraten-certua approved these changes

Assignees
No one assigned
Labels
Bug HttpFoundation Status: Reviewed
Projects
None yet
Milestone
4.3
Development

Successfully merging this pull request may close these issues.
6 participants
@marie @trvrnrth @fabpot @nicolas-grekas @terjebraten-certua @carsonbot