Skip to content

Commit a5a6098

Browse files
ro0NLro0NL
committed
[HttpFoundation] Validate/cast cookie expire time
1 parent 690907a commit a5a6098

File tree

2 files changed

+21
-7
lines changed

2 files changed

+21
-7
lines changed

Cookie.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -56,15 +56,15 @@ public function __construct($name, $value = null, $expire = 0, $path = '/', $dom
5656
} elseif (!is_numeric($expire)) {
5757
$expire = strtotime($expire);
5858

59-
if (false === $expire || -1 === $expire) {
59+
if (false === $expire) {
6060
throw new \InvalidArgumentException('The cookie expiration time is not valid.');
6161
}
6262
}
6363

6464
$this->name = $name;
6565
$this->value = $value;
6666
$this->domain = $domain;
67-
$this->expire = $expire;
67+
$this->expire = 0 < $expire ? (int) $expire : 0;
6868
$this->path = empty($path) ? '/' : $path;
6969
$this->secure = (bool) $secure;
7070
$this->httpOnly = (bool) $httpOnly;
@@ -84,7 +84,7 @@ public function __toString()
8484
} else {
8585
$str .= urlencode($this->getValue());
8686

87-
if ($this->getExpiresTime() !== 0) {
87+
if (0 !== $this->getExpiresTime()) {
8888
$str .= '; expires='.gmdate('D, d-M-Y H:i:s T', $this->getExpiresTime());
8989
}
9090
}

Tests/CookieTest.php

Lines changed: 18 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,14 @@ public function testInstantiationThrowsExceptionIfCookieNameContainsInvalidChara
5252
*/
5353
public function testInvalidExpiration()
5454
{
55-
$cookie = new Cookie('MyCookie', 'foo', 'bar');
55+
new Cookie('MyCookie', 'foo', 'bar');
56+
}
57+
58+
public function testNegativeExpirationIsNotPossible()
59+
{
60+
$cookie = new Cookie('foo', 'bar', -100);
61+
62+
$this->assertSame(0, $cookie->getExpiresTime());
5663
}
5764

5865
public function testGetValue()
@@ -77,6 +84,13 @@ public function testGetExpiresTime()
7784
$this->assertEquals(3600, $cookie->getExpiresTime(), '->getExpiresTime() returns the expire date');
7885
}
7986

87+
public function testGetExpiresTimeIsCastToInt()
88+
{
89+
$cookie = new Cookie('foo', 'bar', 3600.9);
90+
91+
$this->assertSame(3600, $cookie->getExpiresTime(), '->getExpiresTime() returns the expire date as an integer');
92+
}
93+
8094
public function testConstructorWithDateTime()
8195
{
8296
$expire = new \DateTime();
@@ -143,12 +157,12 @@ public function testCookieIsCleared()
143157
public function testToString()
144158
{
145159
$cookie = new Cookie('foo', 'bar', strtotime('Fri, 20-May-2011 15:25:52 GMT'), '/', '.myfoodomain.com', true);
146-
$this->assertEquals('foo=bar; expires=Fri, 20-May-2011 15:25:52 GMT; path=/; domain=.myfoodomain.com; secure; httponly', $cookie->__toString(), '->__toString() returns string representation of the cookie');
160+
$this->assertEquals('foo=bar; expires=Fri, 20-May-2011 15:25:52 GMT; path=/; domain=.myfoodomain.com; secure; httponly', (string) $cookie, '->__toString() returns string representation of the cookie');
147161

148162
$cookie = new Cookie('foo', null, 1, '/admin/', '.myfoodomain.com');
149-
$this->assertEquals('foo=deleted; expires='.gmdate('D, d-M-Y H:i:s T', time() - 31536001).'; path=/admin/; domain=.myfoodomain.com; httponly', $cookie->__toString(), '->__toString() returns string representation of a cleared cookie if value is NULL');
163+
$this->assertEquals('foo=deleted; expires='.gmdate('D, d-M-Y H:i:s T', time() - 31536001).'; path=/admin/; domain=.myfoodomain.com; httponly', (string) $cookie, '->__toString() returns string representation of a cleared cookie if value is NULL');
150164

151165
$cookie = new Cookie('foo', 'bar', 0, '/', '');
152-
$this->assertEquals('foo=bar; path=/; httponly', $cookie->__toString());
166+
$this->assertEquals('foo=bar; path=/; httponly', (string) $cookie);
153167
}
154168
}

0 commit comments

Comments
 (0)