Skip to content

Warning to error promotion for set(raw)cookie() #5819

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 3 commits into from
Closed

Warning to error promotion for set(raw)cookie() #5819

wants to merge 3 commits into from

Conversation

Girgias
Copy link
Member

@Girgias Girgias commented Jul 7, 2020

I've merged setcookie() and setrawcookie() into a common implementation at the same time

@Girgias Girgias force-pushed the setcookie-warning-to-error branch 2 times, most recently from c1691bf to 987ca60 Compare July 11, 2020 18:00
@Girgias
Copy link
Member Author

Girgias commented Jul 20, 2020

If there are no objections I'll merge this at the end of the week.

nikic
nikic reviewed Jul 23, 2020
View reviewed changes
ext/standard/head.c Outdated
}
php_head_parse_cookie_options_array(expires_or_options, &expires, &path, &domain, &secure, &httponly, &samesite);
if (path && strpbrk(ZSTR_VAL(path), ",; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
zend_value_error("%s(): Argument #3 ($expires_or_options[\"path\"]) cannot contain "
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cc @kocsismate, but I don't think this format makes sense. $expires_or_options["path"] is not the parameter name.

Copy link
Member

@nikic nikic Jul 23, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW, I don't think we should try too hard to get the argument error formatting everywhere. If it's inconvenient from the implementation POV, don't do it. Here, it would be more elegant to keep checks inside php_setcookie.

Copy link
Member

@kocsismate kocsismate Jul 23, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we used unserialize(): "max_depth" option must be of type int, %s given in a similar situation :)

nikic
nikic reviewed Jul 23, 2020
View reviewed changes
ext/standard/head.c Outdated
zend_value_error("%s(): Argument #3 ($expires_or_options[\"path\"]) cannot contain "
ILLEGAL_COOKIE_CHARACTER, get_active_function_name());
goto cleanup;
RETURN_THROWS();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This RETURN_THROWS() doesn't make much sense, as it cannot be executed after the goto cleanup.

@Girgias Girgias force-pushed the setcookie-warning-to-error branch 2 times, most recently from 399ee62 to 39d24b4 Compare July 27, 2020 21:12
@Girgias Girgias mentioned this pull request Aug 13, 2020
Closed
71 tasks
@Girgias Girgias force-pushed the setcookie-warning-to-error branch from 39d24b4 to 59e239c Compare September 2, 2020 15:35
@Girgias Girgias force-pushed the setcookie-warning-to-error branch from 59e239c to 6521060 Compare September 4, 2020 14:34
nikic
nikic approved these changes Sep 8, 2020
View reviewed changes
ext/standard/head.c
@@ -76,36 +76,41 @@ PHPAPI int php_header(void)
}
}

PHPAPI int php_setcookie(zend_string *name, zend_string *value, time_t expires, zend_string *path, zend_string *domain, int secure, int httponly, zend_string *samesite, int url_encode)
#define ILLEGAL_COOKIE_CHARACTER "\",\", \";\", \" \", \"\\t\", \"\\r\", \"\\n\", \"\\013\", and \"\\014\""
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
#define ILLEGAL_COOKIE_CHARACTER "\",\", \";\", \" \", \"\\t\", \"\\r\", \"\\n\", \"\\013\", and \"\\014\""
#define ILLEGAL_COOKIE_CHARACTER "\",\", \";\", \" \", \"\\t\", \"\\r\", \"\\n\", \"\\013\", or \"\\014\""

I think...

ext/standard/tests/network/setrawcookie_error.phpt
}
// To go above year 9999: 60 * 60 * 24 * 365 * 9999
try {
setcookie('name', 'value', 315328464000);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
setcookie('name', 'value', 315328464000);
setrawcookie('name', 'value', 315328464000);

@php-pulls php-pulls closed this in 7222315 Sep 8, 2020
@Girgias Girgias deleted the setcookie-warning-to-error branch September 8, 2020 12:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kocsismate kocsismate kocsismate left review comments

@nikic nikic nikic approved these changes

Assignees
No one assigned
Labels
Warning promotion
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Girgias @nikic @kocsismate @carusogabriel