http://www.mediawiki.org/wiki/Special:Code/MediaWiki/62007
Revision: 62007 Author: mah Date: 2010-02-05 04:08:19 +0000 (Fri, 05 Feb 2010) Log Message: ----------- Add domain checking to HTTP cookie checking. Modified Paths: -------------- trunk/phase3/includes/HttpFunctions.php trunk/phase3/maintenance/tests/HttpTest.php Modified: trunk/phase3/includes/HttpFunctions.php =================================================================== --- trunk/phase3/includes/HttpFunctions.php 2010-02-05 04:01:15 UTC (rev 62006) +++ trunk/phase3/includes/HttpFunctions.php 2010-02-05 04:08:19 UTC (rev 62007) @@ -502,7 +502,7 @@ } class CookieJar { - private $cookie; + private $cookie = array(); /** * Set a cookie in the cookie jar. Make sure only one cookie per-name exists. @@ -538,30 +538,44 @@ * Parse the content of an Set-Cookie HTTP Response header. * @param $cookie string */ - public function parseCookieResponseHeader ( $cookie, $domain = null ) { + public function parseCookieResponseHeader ( $cookie, $domain ) { $len = strlen( "Set-Cookie:" ); if ( substr_compare( "Set-Cookie:", $cookie, 0, $len, TRUE ) === 0 ) { $cookie = substr( $cookie, $len ); } $bit = array_map( 'trim', explode( ";", $cookie ) ); - list($name, $value) = explode( "=", array_shift( $bit ), 2 ); - $attr = array(); - foreach( $bit as $piece ) { - $parts = explode( "=", $piece ); - if( count( $parts ) > 1 ) { - $attr[strtolower( $parts[0] )] = $parts[1]; + if ( count($bit) >= 1 ) { + list($name, $value) = explode( "=", array_shift( $bit ), 2 ); + $attr = array(); + foreach( $bit as $piece ) { + $parts = explode( "=", $piece ); + if( count( $parts ) > 1 ) { + $attr[strtolower( $parts[0] )] = $parts[1]; + } else { + $attr[strtolower( $parts[0] )] = true; + } + } + + if( !isset( $attr['domain'] ) ) { + $attr['domain'] = $domain; } else { - $attr[strtolower( $parts[0] )] = true; + /* If domain is given, it has to contain at least two dots */ + if ( strrpos( $attr['domain'], '.' ) === false + || strrpos( $attr['domain'], '.' ) === strpos( $attr['domain'], '.' ) ) { + return; + } + if ( substr( $attr['domain'], 0, 1 ) === '.' ) { + $attr['domain'] = substr( $attr['domain'], 1 ); + } + if ( strlen( $attr['domain'] ) < strlen( $domain ) + && substr_compare( $domain, $attr['domain'], -strlen( $attr['domain'] ), + strlen( $attr['domain'] ), TRUE ) != 0 ) { + return; /* silently reject a bad cookie */ + } } + $this->setCookie( $name, $value, $attr ); } - - if( !isset( $attr['domain'] ) ) { - $attr['domain'] = $domain; - } else { - /* FIXME: Check that domain is valid */ - } - $this->setCookie( $name, $value, $attr ); } } Modified: trunk/phase3/maintenance/tests/HttpTest.php =================================================================== --- trunk/phase3/maintenance/tests/HttpTest.php 2010-02-05 04:01:15 UTC (rev 62006) +++ trunk/phase3/maintenance/tests/HttpTest.php 2010-02-05 04:08:19 UTC (rev 62007) @@ -443,24 +443,28 @@ $cj = new CookieJar; $h[] = "Set-Cookie: name4=value; domain=.example.com; path=/; expires=Mon, 09-Dec-2999 13:46:00 GMT"; - $cj->parseCookieResponseHeader( $h[0] ); + $cj->parseCookieResponseHeader( $h[0], "www.example.com" ); $this->assertEquals("name4=value", $cj->serializeToHttpRequest("/", "www.example.com")); $h[] = "name4=value2; domain=.example.com; path=/path/; expires=Mon, 09-Dec-2999 13:46:00 GMT"; - $cj->parseCookieResponseHeader( $h[1] ); + $cj->parseCookieResponseHeader( $h[1], "www.example.com" ); $this->assertEquals("", $cj->serializeToHttpRequest("/", "www.example.com")); $this->assertEquals("name4=value2", $cj->serializeToHttpRequest("/path/", "www.example.com")); $h[] = "name5=value3; domain=.example.com; path=/path/; expires=Mon, 09-Dec-2999 13:46:00 GMT"; - $cj->parseCookieResponseHeader( $h[2] ); + $cj->parseCookieResponseHeader( $h[2], "www.example.com" ); $this->assertEquals("name4=value2; name5=value3", $cj->serializeToHttpRequest("/path/", "www.example.com")); - $h[] = "name6=value3; domain=.example.net; path=/path/; expires=Mon, 09-Dec-1999 13:46:00 GMT"; - $cj->parseCookieResponseHeader( $h[3] ); + $h[] = "name6=value3; domain=.example.net; path=/path/; expires=Mon, 09-Dec-2999 13:46:00 GMT"; + $cj->parseCookieResponseHeader( $h[3], "www.example.com" ); $this->assertEquals("", $cj->serializeToHttpRequest("/path/", "www.example.net")); + $h[] = "name6=value0; domain=.example.net; path=/path/; expires=Mon, 09-Dec-1999 13:46:00 GMT"; + $cj->parseCookieResponseHeader( $h[4], "www.example.net" ); + $this->assertEquals("", $cj->serializeToHttpRequest("/path/", "www.example.net")); + $h[] = "name6=value4; domain=.example.net; path=/path/; expires=Mon, 09-Dec-2999 13:46:00 GMT"; - $cj->parseCookieResponseHeader( $h[4] ); + $cj->parseCookieResponseHeader( $h[5], "www.example.net" ); $this->assertEquals("name6=value4", $cj->serializeToHttpRequest("/path/", "www.example.net")); } _______________________________________________ MediaWiki-CVS mailing list MediaWiki-CVS@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs