From 27f951fb41ce10ac14180c41a40e90a5fa1076bb Mon Sep 17 00:00:00 2001 From: mark_story Date: Sat, 3 Dec 2016 14:10:47 -0500 Subject: [PATCH 1/2] Don't emit errors when operating on corrupted cookie data. When deleting from corrupted cookie data, there shouldn't be any errors. Refs #9779 --- .../Controller/Component/CookieComponent.php | 9 ++++++--- .../Component/CookieComponentTest.php | 19 +++++++++++++++++++ 2 files changed, 25 insertions(+), 3 deletions(-) diff --git a/lib/Cake/Controller/Component/CookieComponent.php b/lib/Cake/Controller/Component/CookieComponent.php index 2bb75194d..9768d5a99 100644 --- a/lib/Cake/Controller/Component/CookieComponent.php +++ b/lib/Cake/Controller/Component/CookieComponent.php @@ -283,8 +283,11 @@ class CookieComponent extends Component { return null; } - if (!empty($names[1]) && is_array($this->_values[$this->name][$key])) { - return Hash::get($this->_values[$this->name][$key], $names[1]); + if (!empty($names[1])) { + if (is_array($this->_values[$this->name][$key])) { + return Hash::get($this->_values[$this->name][$key], $names[1]); + } + return null; } return $this->_values[$this->name][$key]; } @@ -336,7 +339,7 @@ class CookieComponent extends Component { return; } $names = explode('.', $key, 2); - if (isset($this->_values[$this->name][$names[0]])) { + if (isset($this->_values[$this->name][$names[0]]) && is_array($this->_values[$this->name][$names[0]])) { $this->_values[$this->name][$names[0]] = Hash::remove($this->_values[$this->name][$names[0]], $names[1]); } $this->_delete('[' . implode('][', $names) . ']'); diff --git a/lib/Cake/Test/Case/Controller/Component/CookieComponentTest.php b/lib/Cake/Test/Case/Controller/Component/CookieComponentTest.php index 7d9365c84..e3a8f0970 100644 --- a/lib/Cake/Test/Case/Controller/Component/CookieComponentTest.php +++ b/lib/Cake/Test/Case/Controller/Component/CookieComponentTest.php @@ -451,6 +451,25 @@ class CookieComponentTest extends CakeTestCase { $this->assertNull($data); } +/** + * test delete() on corrupted/truncated cookie data. + * + * @return void + */ + public function testDeleteCorruptedCookieData() { + $this->Cookie->type('aes'); + $this->Cookie->key = sha1('some bad key'); + + $data = $this->_implode(array('name' => 'jill', 'age' => 24)); + // Corrupt the cookie data by slicing some bytes off. + $_COOKIE['CakeTestCookie'] = array( + 'BadData' => substr(Security::encrypt($data, $this->Cookie->key), 0, -5) + ); + + $this->assertNull($this->Cookie->delete('BadData.name')); + $this->assertNull($this->Cookie->read('BadData.name')); + } + /** * testReadingCookieArray * From 934bb00b366cec6201e5f29138cca675e000a94d Mon Sep 17 00:00:00 2001 From: mark_story Date: Sat, 3 Dec 2016 14:14:57 -0500 Subject: [PATCH 2/2] Add tests showing recent changes fix #9784 --- .../Component/CookieComponentTest.php | 31 +++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/lib/Cake/Test/Case/Controller/Component/CookieComponentTest.php b/lib/Cake/Test/Case/Controller/Component/CookieComponentTest.php index e3a8f0970..467e7a225 100644 --- a/lib/Cake/Test/Case/Controller/Component/CookieComponentTest.php +++ b/lib/Cake/Test/Case/Controller/Component/CookieComponentTest.php @@ -153,6 +153,24 @@ class CookieComponentTest extends CakeTestCase { $this->assertEquals($expected, $data); } +/** + * test read operations on corrupted cookie data. + * + * @return void + */ + public function testReadCorruptedCookieData() { + $this->Cookie->type('aes'); + $this->Cookie->key = sha1('some bad key'); + + $data = $this->_implode(array('name' => 'jill', 'age' => 24)); + // Corrupt the cookie data by slicing some bytes off. + $_COOKIE['CakeTestCookie'] = array( + 'BadData' => substr(Security::encrypt($data, $this->Cookie->key), 0, -5) + ); + $this->assertFalse($this->Cookie->check('BadData.name'), 'Key does not exist'); + $this->assertNull($this->Cookie->read('BadData.name'), 'Key does not exist'); + } + /** * testReadPlainCookieData * @@ -169,6 +187,19 @@ class CookieComponentTest extends CakeTestCase { $this->assertEquals($expected, $data); } +/** + * test read array keys from string data. + * + * @return void + */ + public function testReadNestedDataFromStrings() { + $_COOKIE['CakeTestCookie'] = array( + 'User' => 'bad data' + ); + $this->assertFalse($this->Cookie->check('User.name'), 'No key'); + $this->assertNull($this->Cookie->read('User.name'), 'No key'); + } + /** * test read() after switching the cookie name. *