Review

Girgias · Girgias · commit 39d24b450dc6 · 2020-07-27T22:12:27.000+01:00
diff --git a/ext/standard/head.c b/ext/standard/head.c
@@ -76,13 +76,46 @@ PHPAPI int php_header(void)
 	}
 }
 
-PHPAPI int php_setcookie(zend_string *name, zend_string *value, time_t expires, zend_string *path, zend_string *domain, int secure, int httponly, zend_string *samesite, int url_encode)
+#define ILLEGAL_COOKIE_CHARACTER "\",\", \";\", \" \", \"\\t\", \"\\r\", \"\\n\", \"\\013\", and \"\\014\""
+PHPAPI int php_setcookie(zend_string *name, zend_string *value, time_t expires, zend_string *path, zend_string *domain,
+	bool secure, bool httponly, zend_string *samesite, bool is_raw)
 {
 	zend_string *dt;
 	sapi_header_line ctr = {0};
 	int result;
 	smart_str buf = {0};
 
+	if (ZSTR_LEN(name) == 0) {
+		zend_argument_value_error(1, "cannot be empty");
+		return FAILURE;
+	}
+	if (strpbrk(ZSTR_VAL(name), "=,; \t\r\n\013\014") != NULL) {   /* man isspace for \013 and \014 */
+		zend_argument_value_error(1, "cannot contain \"=\", " ILLEGAL_COOKIE_CHARACTER);
+		return FAILURE;
+	}
+	if (is_raw && value &&
+		strpbrk(ZSTR_VAL(value), ",; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
+		zend_argument_value_error(2, "cannot contain " ILLEGAL_COOKIE_CHARACTER);
+		return FAILURE;
+	}
+	/* check to make sure that the year does not exceed 4 digits in length */
+	/* Epoch timestamp: 253402300799 corresponds to 31 December 9999 23:59:59 GMT */
+	if (expires >= 253402300800) {
+		zend_value_error("%s(): \"expire\" option must be less than 253402300800", get_active_function_name());
+		return FAILURE;
+	}
+	if (path && strpbrk(ZSTR_VAL(path), ",; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
+		zend_value_error("%s(): \"path\" option cannot contain "
+			ILLEGAL_COOKIE_CHARACTER, get_active_function_name());
+		return FAILURE;
+	}
+	if (domain && strpbrk(ZSTR_VAL(domain), ",; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
+		zend_value_error("%s(): \"domain\" option cannot contain " ILLEGAL_COOKIE_CHARACTER,
+			get_active_function_name());
+		return FAILURE;
+	}
+	/* Should check value of SameSite? */
+
 	if (value == NULL || ZSTR_LEN(value) == 0) {
 		/*
 		 * MSIE doesn't delete a cookie when you set it to a null value
@@ -100,28 +133,19 @@ PHPAPI int php_setcookie(zend_string *name, zend_string *value, time_t expires,
 		smart_str_appends(&buf, "Set-Cookie: ");
 		smart_str_append(&buf, name);
 		smart_str_appendc(&buf, '=');
-		if (url_encode) {
+		/* URL encode when we don't want the raw header */
+		if (!is_raw) {
 			zend_string *encoded_value = php_raw_url_encode(ZSTR_VAL(value), ZSTR_LEN(value));
 			smart_str_append(&buf, encoded_value);
 			zend_string_release_ex(encoded_value, 0);
 		} else {
 			smart_str_append(&buf, value);
 		}
 		if (expires > 0) {
-			const char *p;
 			double diff;
 
 			smart_str_appends(&buf, COOKIE_EXPIRES);
 			dt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, d-M-Y H:i:s T")-1, expires, 0);
-			/* check to make sure that the year does not exceed 4 digits in length */
-			p = zend_memrchr(ZSTR_VAL(dt), '-', ZSTR_LEN(dt));
-			if (!p || *(p + 5) != ' ') {
-				zend_string_free(dt);
-				smart_str_free(&buf);
-				zend_error(E_WARNING, "Expiry date cannot have a year greater than 9999");
-				return FAILURE;
-			}
-
 			smart_str_append(&buf, dt);
 			zend_string_free(dt);
 
@@ -201,7 +225,6 @@ static void php_head_parse_cookie_options_array(zval *options, zend_long *expire
 	}
 }
 
-#define ILLEGAL_COOKIE_CHARACTER "\",\", \";\", \" \", \"\\t\", \"\\r\", \"\\n\", \"\\013\", and \"\\014\""
 static void php_setcookie_common(INTERNAL_FUNCTION_PARAMETERS, bool is_raw)
 {
 	/* to handle overloaded function array|int */
@@ -215,6 +238,7 @@ static void php_setcookie_common(INTERNAL_FUNCTION_PARAMETERS, bool is_raw)
 		Z_PARAM_OPTIONAL
 		Z_PARAM_STR(value)
 		Z_PARAM_ZVAL(expires_or_options)
+		// Use path ZPP check?
 		Z_PARAM_STR(path)
 		Z_PARAM_STR(domain)
 		Z_PARAM_BOOL(secure)
@@ -229,56 +253,19 @@ static void php_setcookie_common(INTERNAL_FUNCTION_PARAMETERS, bool is_raw)
 				RETURN_THROWS();
 			}
 			php_head_parse_cookie_options_array(expires_or_options, &expires, &path, &domain, &secure, &httponly, &samesite);
-			if (path && strpbrk(ZSTR_VAL(path), ",; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
-				zend_value_error("%s(): Argument #3 ($expires_or_options[\"path\"]) cannot contain "
-					ILLEGAL_COOKIE_CHARACTER, get_active_function_name());
-				goto cleanup;
-				RETURN_THROWS();
-			}
-			if (domain && strpbrk(ZSTR_VAL(domain), ",; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
-				zend_value_error("%s(): Argument #3 ($expires_or_options[\"domain\"]) cannot contain "
-					ILLEGAL_COOKIE_CHARACTER, get_active_function_name());
-				goto cleanup;
-				RETURN_THROWS();
-			}
-			/* Should check value of SameSite? */
 		} else {
 			expires = zval_get_long(expires_or_options);
-			if (path && strpbrk(ZSTR_VAL(path), ",; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
-				zend_argument_value_error(4, "cannot contain " ILLEGAL_COOKIE_CHARACTER);
-				RETURN_THROWS();
-			}
-			if (domain && strpbrk(ZSTR_VAL(domain), ",; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
-				zend_argument_value_error(5, "cannot contain " ILLEGAL_COOKIE_CHARACTER);
-				RETURN_THROWS();
-			}
 		}
 	}
-
-	if (!ZSTR_LEN(name)) {
-		zend_argument_value_error(1, "cannot be empty");
-		RETURN_THROWS();
-	}
-	if (strpbrk(ZSTR_VAL(name), "=,; \t\r\n\013\014") != NULL) {   /* man isspace for \013 and \014 */
-		zend_argument_value_error(1, "cannot contain \"=\", " ILLEGAL_COOKIE_CHARACTER);
-		RETURN_THROWS();
-	}
-	if (is_raw && value &&
-		strpbrk(ZSTR_VAL(value), ",; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
-		zend_argument_value_error(2, "cannot contain " ILLEGAL_COOKIE_CHARACTER);
-		RETURN_THROWS();
-	}
-
 	if (!EG(exception)) {
-		if (php_setcookie(name, value, expires, path, domain, secure, httponly, samesite, !is_raw) == SUCCESS) {
+		if (php_setcookie(name, value, expires, path, domain, secure, httponly, samesite, is_raw) == SUCCESS) {
 			RETVAL_TRUE;
 		} else {
 			RETVAL_FALSE;
 		}
 	}
 
 	if (expires_or_options && Z_TYPE_P(expires_or_options) == IS_ARRAY) {
-		cleanup:
 		if (path) {
 			zend_string_release(path);
 		}
diff --git a/ext/standard/head.h b/ext/standard/head.h
@@ -28,6 +28,7 @@
 extern PHP_RINIT_FUNCTION(head);
 
 PHPAPI int php_header(void);
-PHPAPI int php_setcookie(zend_string *name, zend_string *value, time_t expires, zend_string *path, zend_string *domain, int secure, int httponly, zend_string *samesite, int url_encode);
+PHPAPI int php_setcookie(zend_string *name, zend_string *value, time_t expires, zend_string *path, zend_string *domain,
+	bool secure, bool httponly, zend_string *samesite, bool url_encode);
 
 #endif
diff --git a/ext/standard/tests/network/bug69948.phpt b/ext/standard/tests/network/bug69948.phpt
@@ -17,6 +17,6 @@ try {
 ===DONE===
 --EXPECTHEADERS--
 --EXPECT--
-setcookie(): Argument #4 ($path) cannot contain ",", ";", " ", "\t", "\r", "\n", "\013", and "\014"
-setcookie(): Argument #5 ($domain) cannot contain ",", ";", " ", "\t", "\r", "\n", "\013", and "\014"
+setcookie(): "path" option cannot contain ",", ";", " ", "\t", "\r", "\n", "\013", and "\014"
+setcookie(): "domain" option cannot contain ",", ";", " ", "\t", "\r", "\n", "\013", and "\014"
 ===DONE===
diff --git a/ext/standard/tests/network/setcookie_array_option_error.phpt b/ext/standard/tests/network/setcookie_array_option_error.phpt
@@ -46,8 +46,8 @@ Warning: setcookie(): Numeric key found in the options array in %s
 Warning: setcookie(): No valid options were found in the given array in %s
 
 Warning: setcookie(): Unrecognized key 'foo' found in the options array in %s
-setcookie(): Argument #3 ($expires_or_options["path"]) cannot contain ",", ";", " ", "\t", "\r", "\n", "\013", and "\014"
-setcookie(): Argument #3 ($expires_or_options["domain"]) cannot contain ",", ";", " ", "\t", "\r", "\n", "\013", and "\014"
+setcookie(): "path" option cannot contain ",", ";", " ", "\t", "\r", "\n", "\013", and "\014"
+setcookie(): "domain" option cannot contain ",", ";", " ", "\t", "\r", "\n", "\013", and "\014"
 setcookie(): Expects exactly 3 arguments when argument #3 ($expires_or_options) is an array
 array(4) {
   [0]=>
diff --git a/ext/standard/tests/network/setcookie_error.phpt b/ext/standard/tests/network/setcookie_error.phpt
@@ -22,6 +22,11 @@ try {
 } catch (\ValueError $e) {
     echo $e->getMessage() . "\n";
 }
+try {
+    setcookie('name', 'value', 253402300800);
+} catch (\ValueError $e) {
+    echo $e->getMessage() . "\n";
+}
 try {
     setcookie('name', 'value', 100, 'invalid;');
 } catch (\ValueError $e) {
@@ -39,8 +44,9 @@ var_dump(headers_list());
 --EXPECTF--
 setcookie(): Argument #1 ($name) cannot be empty
 setcookie(): Argument #1 ($name) cannot contain "=", ",", ";", " ", "\t", "\r", "\n", "\013", and "\014"
-setcookie(): Argument #4 ($path) cannot contain ",", ";", " ", "\t", "\r", "\n", "\013", and "\014"
-setcookie(): Argument #5 ($domain) cannot contain ",", ";", " ", "\t", "\r", "\n", "\013", and "\014"
+setcookie(): "expire" option must be less than 253402300800
+setcookie(): "path" option cannot contain ",", ";", " ", "\t", "\r", "\n", "\013", and "\014"
+setcookie(): "domain" option cannot contain ",", ";", " ", "\t", "\r", "\n", "\013", and "\014"
 array(2) {
   [0]=>
   string(%d) "X-Powered-By: PHP/%s"
diff --git a/ext/standard/tests/network/setrawcookie_error.phpt b/ext/standard/tests/network/setrawcookie_error.phpt
@@ -22,6 +22,11 @@ try {
 } catch (\ValueError $e) {
     echo $e->getMessage() . "\n";
 }
+try {
+    setrawcookie('name', 'value', 253402300800);
+} catch (\ValueError $e) {
+    echo $e->getMessage() . "\n";
+}
 try {
     setrawcookie('name', 'value', 100, 'invalid;');
 } catch (\ValueError $e) {
@@ -40,8 +45,9 @@ var_dump(headers_list());
 setrawcookie(): Argument #1 ($name) cannot be empty
 setrawcookie(): Argument #1 ($name) cannot contain "=", ",", ";", " ", "\t", "\r", "\n", "\013", and "\014"
 setrawcookie(): Argument #2 ($value) cannot contain ",", ";", " ", "\t", "\r", "\n", "\013", and "\014"
-setrawcookie(): Argument #4 ($path) cannot contain ",", ";", " ", "\t", "\r", "\n", "\013", and "\014"
-setrawcookie(): Argument #5 ($domain) cannot contain ",", ";", " ", "\t", "\r", "\n", "\013", and "\014"
+setrawcookie(): "expire" option must be less than 253402300800
+setrawcookie(): "path" option cannot contain ",", ";", " ", "\t", "\r", "\n", "\013", and "\014"
+setrawcookie(): "domain" option cannot contain ",", ";", " ", "\t", "\r", "\n", "\013", and "\014"
 array(1) {
   [0]=>
   string(%d) "X-Powered-By: PHP/%s"
