Issues

ZF-4213: The cookie domain has some problem in Zend_Http_CookieJar

Issue Type: Bug Created: 2008-09-06T14:37:57.000+0000 Last Updated: 2011-08-13T22:12:22.000+0000 Status: Postponed Fix version(s): Reporter: Compubelgrano (compubelgrano) Assignee: Shahar Evron (shahar) Tags: - Zend_Http_CookieJar

  • zf-crteam-padraic
  • zf-crteam-priority

Related issues: - ZF-4226

Attachments:

Description

See [http://framework.zend.com/issues/browse/ZF-4226]

There is a error when check the domain of a cookie, I finally found that exists an error in the comparision way.

Valid domain are:

.zend.com => must catch zend.com and anything.zend.com .<www.zend.com> => must catch <www.zend.com> and anything.<www.zend.com>, this's not works right now.

Invalid domain are:

.com.ar .or com. or .com => the script doesn't check this. zend.com without initial dot.

This is the code that fails:

<pre class="highlight">
    protected function _matchDomain($domain) {
        $ret = array();

        foreach (array_keys($this->cookies) as $cdom) {
                      $regex = "/" . preg_quote($cdom, "/") . "$/i";
              if (preg_match($regex, $domain)) $ret[$cdom] = &$this->cookies[$cdom];
        }
        return $ret;
    }

Here a faster but not ideal, solution:

<pre class="highlight">
    protected function _matchDomain($domain) {
        $ret = array();

        foreach (array_keys($this->cookies) as $cdom) {
                      $regex = '/\.' . preg_quote($domain, '/') . '$/i';
              if (preg_match($regex, $cdom)) $ret[$cdom] = &$this->cookies[$cdom];
        }
        return $ret;
    }

This only fix the valid domain issue.

Regards.

Comments

Posted by Shahar Evron (shahar) on 2009-07-25T14:10:28.000+0000

This is somewhat improved after fixing ZF-5221 in rev. 17079 - but we still can't filter out .com or .co.ar domains - that would require quite a lot of work. I am also not sure it's the work of the cookie jar to filter those - maybe if Zend_Http_Client.

Have you found an issue?

See the Overview section for more details.

Copyright

© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.

Contacts