ZF-10506: Zend_Http_Cookie::matchCookieDomain() has unescaped preg_match() call

Issue Type: Bug Created: 2010-09-30T01:45:24.000+0000 Last Updated: 2010-10-25T07:20:26.000+0000 Status: Resolved Fix version(s): - 1.11.0 (02/Nov/10)

Reporter: rasta (rasta) Assignee: Marc Hodgins (mjh_ca) Tags: - Zend_Http_Cookie

Related issues: Attachments: - ZF-10506.patch


The method matchCookieDomain() of the Zend_Http_Cookie object has a preg_match() function call, with unescaped input to that call.

When the method gets "/" as $cookieDomain parameter, preg_match() generates following error:

{quote} preg_match(): Unknown modifier '$' {quote}

Current code:

<pre class="highlight">
// Check for either exact match or suffix match
return ($cookieDomain == $host ||
     preg_match("/\.$cookieDomain$/", $host));

Proposed fix:

<pre class="highlight">
// Check for either exact match or suffix match
return ($cookieDomain == $host ||
     preg_match("/\.".preg_quote($cookieDomain, '/')."$/", $host));


Posted by Marc Hodgins (mjh_ca) on 2010-10-24T18:43:22.000+0000

Not sure why there would be a slash in a domain as in your example. But, you do raise a valid concern about the missing escaping.

The bigger issue here is that false positives can occur due to an unescaped $cookieDomain being used in the preg_match() because a dot "." in preg_match indicates "match any character".

Patch with unit test is attached.

Posted by Matthew Weier O'Phinney (matthew) on 2010-10-25T07:20:26.000+0000

Patch applied to trunk and 1.11 release branch --thanks!

Have you found an issue?

See the Overview section for more details.


© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.