Issues

ZF-10506: Zend_Http_Cookie::matchCookieDomain() has unescaped preg_match() call

Description

The method matchCookieDomain() of the Zend_Http_Cookie object has a preg_match() function call, with unescaped input to that call.

When the method gets "/" as $cookieDomain parameter, preg_match() generates following error:

{quote} preg_match(): Unknown modifier '$' {quote}

Current code:


// Check for either exact match or suffix match
return ($cookieDomain == $host ||
     preg_match("/\.$cookieDomain$/", $host));

Proposed fix:


// Check for either exact match or suffix match
return ($cookieDomain == $host ||
     preg_match("/\.".preg_quote($cookieDomain, '/')."$/", $host));

Comments

Not sure why there would be a slash in a domain as in your example. But, you do raise a valid concern about the missing escaping.

The bigger issue here is that false positives can occur due to an unescaped $cookieDomain being used in the preg_match() because a dot "." in preg_match indicates "match any character".

Patch with unit test is attached.

Patch applied to trunk and 1.11 release branch --thanks!