fix cookie issues

taylorotwell · taylorotwell · commit bb9db21af137 · 2020-07-27T10:03:22.000-05:00
diff --git a/src/Illuminate/Cookie/Middleware/EncryptCookies.php b/src/Illuminate/Cookie/Middleware/EncryptCookies.php
@@ -83,7 +83,7 @@ protected function decrypt(Request $request)
                 $value = $this->decryptCookie($key, $cookie);
 
                 $request->cookies->set(
-                    $key, strpos($value, sha1($key).'|') !== 0 ? null : substr($value, 41)
+                    $key, strpos($value, sha1($key.'v2').'|') !== 0 ? null : substr($value, 41)
                 );
             } catch (DecryptException $e) {
                 $request->cookies->set($key, null);
@@ -142,7 +142,7 @@ protected function encrypt(Response $response)
             $response->headers->setCookie($this->duplicate(
                 $cookie,
                 $this->encrypter->encrypt(
-                    sha1($cookie->getName()).'|'.$cookie->getValue(),
+                    sha1($cookie->getName().'v2').'|'.$cookie->getValue(),
                     static::serialized($cookie->getName())
                 )
             ));
diff --git a/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php b/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php
@@ -151,7 +151,7 @@ protected function getTokenFromRequest($request)
         $token = $request->input('_token') ?: $request->header('X-CSRF-TOKEN');
 
         if (! $token && $header = $request->header('X-XSRF-TOKEN')) {
-            $token = $this->encrypter->decrypt($header, static::serialized());
+            $token = substr($this->encrypter->decrypt($header, static::serialized()), 41);
         }
 
         return $token;
diff --git a/src/Illuminate/Foundation/Testing/Concerns/MakesHttpRequests.php b/src/Illuminate/Foundation/Testing/Concerns/MakesHttpRequests.php
@@ -560,8 +560,8 @@ protected function prepareCookiesForRequest()
             return array_merge($this->defaultCookies, $this->unencryptedCookies);
         }
 
-        return collect($this->defaultCookies)->map(function ($value) {
-            return encrypt($value, false);
+        return collect($this->defaultCookies)->map(function ($value, $key) {
+            return encrypt(sha1($key.'v2').'|'.$value, false);
         })->merge($this->unencryptedCookies)->all();
     }
 

Original file line number	Diff line number	Diff line change
`@@ -151,7 +151,7 @@ protected function getTokenFromRequest($request)`
`151`	`151`	`$token = $request->input('_token') ?: $request->header('X-CSRF-TOKEN');`
`152`	`152`
`153`	`153`	`if (! $token && $header = $request->header('X-XSRF-TOKEN')) {`
`154`		`- $token = $this->encrypter->decrypt($header, static::serialized());`
	`154`	`+ $token = substr($this->encrypter->decrypt($header, static::serialized()), 41);`
`155`	`155`	`}`
`156`	`156`
`157`	`157`	`return $token;`
Original file line number	Diff line number	Diff line change
`@@ -560,8 +560,8 @@ protected function prepareCookiesForRequest()`
`560`	`560`	`return array_merge($this->defaultCookies, $this->unencryptedCookies);`
`561`	`561`	`}`
`562`	`562`
`563`		`- return collect($this->defaultCookies)->map(function ($value) {`
`564`		`- return encrypt($value, false);`
	`563`	`+ return collect($this->defaultCookies)->map(function ($value, $key) {`
	`564`	`+ return encrypt(sha1($key.'v2').'\|'.$value, false);`
`565`	`565`	`})->merge($this->unencryptedCookies)->all();`
`566`	`566`	`}`
`567`	`567`