iliaa                                    Wed, 29 Jul 2009 13:44:16 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=286508

Log:
Fixed bug #45141 (setcookie will output expires years of >4 digits).

Bug: http://bugs.php.net/45141 (Assigned) [PATCH] setcookie will output expires 
years of >4 digits
      
Changed paths:
    U   php/php-src/branches/PHP_5_2/NEWS
    U   php/php-src/branches/PHP_5_2/ext/standard/head.c
    U   php/php-src/branches/PHP_5_3/NEWS
    U   php/php-src/branches/PHP_5_3/ext/standard/head.c
    U   php/php-src/trunk/ext/standard/head.c

Modified: php/php-src/branches/PHP_5_2/NEWS
===================================================================
--- php/php-src/branches/PHP_5_2/NEWS   2009-07-29 12:50:19 UTC (rev 286507)
+++ php/php-src/branches/PHP_5_2/NEWS   2009-07-29 13:44:16 UTC (rev 286508)
@@ -69,6 +69,7 @@
   (Sriram Natarajan)
 - Fixed bug #48182 (ssl handshake fails during asynchronous socket connection).
   (Sriram Natarajan)
+- Fixed bug #45141 (setcookie will output expires years of >4 digits). (Ilia)
 - Fixed bug #44144 (spl_autoload_functions() should return object instance
   when appropriate). (Hannes, Etienne)
 - Fixed bug #42434 (ImageLine w/ antialias = 1px shorter). (wojjie at gmail dot

Modified: php/php-src/branches/PHP_5_2/ext/standard/head.c
===================================================================
--- php/php-src/branches/PHP_5_2/ext/standard/head.c    2009-07-29 12:50:19 UTC 
(rev 286507)
+++ php/php-src/branches/PHP_5_2/ext/standard/head.c    2009-07-29 13:44:16 UTC 
(rev 286508)
@@ -110,8 +110,18 @@
        } else {
                snprintf(cookie, len + 100, "Set-Cookie: %s=%s", name, value ? 
encoded_value : "");
                if (expires > 0) {
+                       char *p;
                        strlcat(cookie, "; expires=", len + 100);
                        dt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, 
d-M-Y H:i:s T")-1, expires, 0 TSRMLS_CC);
+                       /* check to make sure that the year does not exceed 4 
digits in length */
+                       p = zend_memrchr(dt, '-', strlen(dt));
+                       if (*(p + 5) != ' ') {
+                               efree(dt);
+                               efree(cookie);
+                               efree(encoded_value);
+                               zend_error(E_WARNING, "Expiry date cannot have 
a year greater then 9999");
+                               return FAILURE;
+                       }
                        strlcat(cookie, dt, len + 100);
                        efree(dt);
                }

Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS   2009-07-29 12:50:19 UTC (rev 286507)
+++ php/php-src/branches/PHP_5_3/NEWS   2009-07-29 13:44:16 UTC (rev 286508)
@@ -73,6 +73,7 @@
   (Pierre)
 - Fixed bug #45905 (imagefilledrectangle() clipping error).
   (markril at hotmail dot com, Pierre)
+- Fixed bug #45141 (setcookie will output expires years of >4 digits). (Ilia)
 - Fixed bug #38091 (Mail() does not use FQDN when sending SMTP helo).
   (Kalle, Rick Yorgason)
 - Fixed bug #48774 (SIGSEGVs when using curl_copy_handle()).

Modified: php/php-src/branches/PHP_5_3/ext/standard/head.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/standard/head.c    2009-07-29 12:50:19 UTC 
(rev 286507)
+++ php/php-src/branches/PHP_5_3/ext/standard/head.c    2009-07-29 13:44:16 UTC 
(rev 286508)
@@ -124,8 +124,18 @@
        } else {
                snprintf(cookie, len + 100, "Set-Cookie: %s=%s", name, value ? 
encoded_value : "");
                if (expires > 0) {
+                       char *p;
                        strlcat(cookie, "; expires=", len + 100);
                        dt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, 
d-M-Y H:i:s T")-1, expires, 0 TSRMLS_CC);
+                       /* check to make sure that the year does not exceed 4 
digits in length */
+                       p = zend_memrchr(dt, '-', strlen(dt));
+                       if (*(p + 5) != ' ') {
+                               efree(dt);
+                               efree(cookie);
+                               efree(encoded_value);
+                               zend_error(E_WARNING, "Expiry date cannot have 
a year greater then 9999");
+                               return FAILURE;
+                       }
                        strlcat(cookie, dt, len + 100);
                        efree(dt);
                }

Modified: php/php-src/trunk/ext/standard/head.c
===================================================================
--- php/php-src/trunk/ext/standard/head.c       2009-07-29 12:50:19 UTC (rev 
286507)
+++ php/php-src/trunk/ext/standard/head.c       2009-07-29 13:44:16 UTC (rev 
286508)
@@ -125,8 +125,18 @@
        } else {
                snprintf(cookie, len + 100, "Set-Cookie: %s=%s", name, value ? 
encoded_value : "");
                if (expires > 0) {
+                       char *p;
                        strlcat(cookie, "; expires=", len + 100);
                        dt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, 
d-M-Y H:i:s T")-1, expires, 0 TSRMLS_CC);
+                       /* check to make sure that the year does not exceed 4 
digits in length */
+                       p = zend_memrchr(dt, '-', strlen(dt));
+                       if (*(p + 5) != ' ') {
+                               efree(dt);
+                               efree(cookie);
+                               efree(encoded_value);
+                               zend_error(E_WARNING, "Expiry date cannot have 
a year greater then 9999");
+                               return FAILURE;
+                       }
                        strlcat(cookie, dt, len + 100);
                        efree(dt);
                }

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to