Issue Type: Bug Created: 2008-09-08T10:49:42.000+0000 Last Updated: 2011-08-13T22:12:29.000+0000 Status: Postponed Fix version(s): Reporter: Compubelgrano (compubelgrano) Assignee: Shahar Evron (shahar) Tags: - Zend_Http_Cookie
Related issues: - ZF-4213
There is a error when check the domain of a cookie, I finally found that exists an error in the comparition way.
Valid domain are:
.zend.com => must catch zend.com and anything.zend.com .<www.zend.com> => must catch <www.zend.com> and anything.<www.zend.com>, this's not work right now.
Invalid domain are:
.com.ar .or com. or .com => the script doesn't check this. zend.com without initial dot.
This is the code that fails online 235:
<pre class="highlight"> // Domain is validated using tail match, while path is validated using head match $domain_preg = preg_quote($this->getDomain(), '/'); if (! preg_match('/'.$domain_preg.'$/i', $uri->getHost())) return false;
Here's a improve solution:
<pre class="highlight"> // Domain is validated using tail match, while path is validated using head match $domain_preg = preg_quote($uri->getHost(), '/'); if (! preg_match('/\.'.$domain_preg.'$/i', $this->getDomain())) return false;
Posted by Shahar Evron (shahar) on 2009-07-25T14:10:48.000+0000
This is somewhat improved after fixing ZF-5221 in rev. 17079 - but we still can't filter out .com or .co.ar domains - that would require quite a lot of work. I am also not sure it's the work of the cookie jar to filter those - maybe if Zend_Http_Client.
Have you found an issue?
See the Overview section for more details.