ZF-1629: The cookie path has some problem in Zend_Http_CookieJar

Description

If using $path="/a/b/",the cookie which exsits in the path "/a/b/" will be filtered. for example:


<?php
        require_once('Zend/Http/Client.php');
        require_once('Zend/Http/CookieJar.php');

        $params=array('continue'=>'https://google.com/a/yourdomain.com/…',
            'service'=>'CPanel',
            'persistent'=>'true',
            'at'=>'null',
            'userName'=>'admin',
            'password'=>'****'          
                );
        $client=new Zend_Http_Client();
        $client->setCookieJar();
 
        $client->setUri('https://google.com/a/yourdomain.com/…');
        $client->setParameterPost($params);
        $client->request('POST'); 

The example can not send correct Cookie.The cookie in path of "a/yourdomain.com/LoginAction/" will be lost. if i fixed Zend_Http_Cookiejar using this codes as follows:


protected function _matchPath($domains, $path) {
        $ret = array();
        
        foreach ($domains as $dom => $paths_array) {
            foreach (array_keys($paths_array) as $cpath) {
                $regex = "|^" . preg_quote($cpath, "|") . "|i";
                if (preg_match($regex, $path."/") {  //I changed the line
                    if (! isset($ret[$dom])) $ret[$dom] = array();
                    $ret[$dom][$cpath] = &$paths_array[$cpath];
                }
            }
        }
        
        return $ret;
    }

The example will return right result.

Comments

Assigned to Shahar.

Thanks for the report - should be fixed in r. 5460 + unit tests added.

Hello, Shahar Evron

       The bug exist in the method of getCookie(). 

HI,

Can you attach some reproduction code?

Hi, This is the code.


<?php
        require_once('Zend/Http/Client.php');
        require_once('Zend/Http/CookieJar.php');

        $params=array('continue'=>'https://google.com/a/yourdomain.com/…',
            'service'=>'CPanel',
            'persistent'=>'true',
            'at'=>'null',
            'userName'=>'admin',
            'password'=>'****'          
                );
        $client=new Zend_Http_Client();
        $client->setCookieJar();
 
        $client->setUri('https://google.com/a/yourdomain.com/…');
        $client->setParameterPost($params);
        $client->request('POST');

        $jar=$client->getCookieJar();
        $cpat=$jar->getCookie('https://google.com/a/cpanel/…');
        $at=$cpat->getValue();

The example will get wrong result. But I changed the code as follows:


 public function getCookie($uri, $cookie_name, $ret_as = self::COOKIE_OBJECT)
    {
        if (is_string($uri)) {
            $uri = Zend_Uri::factory($uri);
        }
        
        if (! $uri instanceof Zend_Uri_Http) {
            throw new Zend_Http_Exception('Invalid URI specified');
        }
        
        // Get correct cookie path
        $path = $uri->getPath();
        $path = substr($path, 0, strrpos($path, '/'))."/";//The line was changed
        if (! $path) $path = '/';
        
        if (isset($this->cookies[$uri->getHost()][$path][$cookie_name])) {
            $cookie = $this->cookies[$uri->getHost()][$path][$cookie_name];
            
            switch ($ret_as) {
                case self::COOKIE_OBJECT:
                    return $cookie;
                    break;
                    
                case self::COOKIE_STRING_ARRAY:
                case self::COOKIE_STRING_CONCAT:
                    return $cookie->__toString();
                    break;
                    
                default:
                    throw new Zend_Http_Exception("Invalid value passed for \$ret_as: {$ret_as}");
                    break;
            }
        } else {
            return false;
        }
    }        

The result will be right. Can you give me Email?Thanks!

Fix version after 1.0.1.

Hallelujah - after 2 years, fixed in rev. 17079

Thanks!

I set fix version. I find this at SVN r17118 in 1.9 branch.