adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2024-11-15 03:18:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #9838 from cakephp/issue-9779

Browse source 
Fix CookieComponent erroring on corrupted data.
This commit is contained in:
Mark Story 2016-12-05 16:44:24 -05:00 committed by GitHub
commit 9e6e08704e
2 changed files with 56 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
lib/Cake/Controller/Component/CookieComponent.php
View file

@ -283,8 +283,11 @@ class CookieComponent extends Component {
return null; return null;
} }
if (!empty($names[1]) && is_array($this->_values[$this->name][$key])) { if (!empty($names[1])) {
return Hash::get($this->_values[$this->name][$key], $names[1]); if (is_array($this->_values[$this->name][$key])) {
return Hash::get($this->_values[$this->name][$key], $names[1]);
}
return null;
} }
return $this->_values[$this->name][$key]; return $this->_values[$this->name][$key];
} }
@ -336,7 +339,7 @@ class CookieComponent extends Component {
return; return;
} }
$names = explode('.', $key, 2); $names = explode('.', $key, 2);
if (isset($this->_values[$this->name][$names[0]])) { if (isset($this->_values[$this->name][$names[0]]) && is_array($this->_values[$this->name][$names[0]])) {
$this->_values[$this->name][$names[0]] = Hash::remove($this->_values[$this->name][$names[0]], $names[1]); $this->_values[$this->name][$names[0]] = Hash::remove($this->_values[$this->name][$names[0]], $names[1]);
} }
$this->_delete('[' . implode('][', $names) . ']'); $this->_delete('[' . implode('][', $names) . ']');

50
lib/Cake/Test/Case/Controller/Component/CookieComponentTest.php
View file

@ -153,6 +153,24 @@ class CookieComponentTest extends CakeTestCase {
$this->assertEquals($expected, $data); $this->assertEquals($expected, $data);
} }
/**
* test read operations on corrupted cookie data.
*
* @return void
*/
public function testReadCorruptedCookieData() {
$this->Cookie->type('aes');
$this->Cookie->key = sha1('some bad key');
$data = $this->_implode(array('name' => 'jill', 'age' => 24));
// Corrupt the cookie data by slicing some bytes off.
$_COOKIE['CakeTestCookie'] = array(
'BadData' => substr(Security::encrypt($data, $this->Cookie->key), 0, -5)
);
$this->assertFalse($this->Cookie->check('BadData.name'), 'Key does not exist');
$this->assertNull($this->Cookie->read('BadData.name'), 'Key does not exist');
}
/** /**
* testReadPlainCookieData * testReadPlainCookieData
* *
@ -169,6 +187,19 @@ class CookieComponentTest extends CakeTestCase {
$this->assertEquals($expected, $data); $this->assertEquals($expected, $data);
} }
/**
* test read array keys from string data.
*
* @return void
*/
public function testReadNestedDataFromStrings() {
$_COOKIE['CakeTestCookie'] = array(
'User' => 'bad data'
);
$this->assertFalse($this->Cookie->check('User.name'), 'No key');
$this->assertNull($this->Cookie->read('User.name'), 'No key');
}
/** /**
* test read() after switching the cookie name. * test read() after switching the cookie name.
* *
@ -451,6 +482,25 @@ class CookieComponentTest extends CakeTestCase {
$this->assertNull($data); $this->assertNull($data);
} }
/**
* test delete() on corrupted/truncated cookie data.
*
* @return void
*/
public function testDeleteCorruptedCookieData() {
$this->Cookie->type('aes');
$this->Cookie->key = sha1('some bad key');
$data = $this->_implode(array('name' => 'jill', 'age' => 24));
// Corrupt the cookie data by slicing some bytes off.
$_COOKIE['CakeTestCookie'] = array(
'BadData' => substr(Security::encrypt($data, $this->Cookie->key), 0, -5)
);
$this->assertNull($this->Cookie->delete('BadData.name'));
$this->assertNull($this->Cookie->read('BadData.name'));
}
/** /**
* testReadingCookieArray * testReadingCookieArray
* *