ZF-10506: Zend_Http_Cookie::matchCookieDomain() has unescaped preg_match() call
Description
The method matchCookieDomain() of the Zend_Http_Cookie object has a preg_match() function call, with unescaped input to that call.
When the method gets "/" as $cookieDomain parameter, preg_match() generates following error:
{quote} preg_match(): Unknown modifier '$' {quote}
Current code:
// Check for either exact match or suffix match
return ($cookieDomain == $host ||
preg_match("/\.$cookieDomain$/", $host));
Proposed fix:
// Check for either exact match or suffix match
return ($cookieDomain == $host ||
preg_match("/\.".preg_quote($cookieDomain, '/')."$/", $host));
Comments
Posted by Marc Hodgins (mjh_ca) on 2010-10-24T18:43:22.000+0000
Not sure why there would be a slash in a domain as in your example. But, you do raise a valid concern about the missing escaping.
The bigger issue here is that false positives can occur due to an unescaped $cookieDomain being used in the preg_match() because a dot "." in preg_match indicates "match any character".
Patch with unit test is attached.
Posted by Matthew Weier O'Phinney (matthew) on 2010-10-25T07:20:26.000+0000
Patch applied to trunk and 1.11 release branch --thanks!