PHP :: Bug #72071 :: setcookie allows max-age to be negative

Bug #72071

setcookie allows max-age to be negative

Submitted:

2016-04-21 21:41 UTC

Modified:

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

bfrance@php.net

Assigned:

Status:

Closed

Package:

*General Issues

PHP Version:

5.6.20

OS:

Linux

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	bfrance@php.net
New email:
PHP Version:		OS:

New Comment:

[2016-04-21 21:41 UTC] bfrance@php.net

Description:
------------
I believe 7.x has the same issues, but I am using 5.6.x.

setcookie is setting a negative max-age value.  The RFC:

https://tools.ietf.org/html/rfc7234#section-5.2.2.8

states max-age is delta-seconds, which is defined in RFC:

https://tools.ietf.org/html/rfc7234#section-1.2.1

"The delta-seconds rule specifies a non-negative integer, representing time in seconds."

The test script below shows that the max age is getting set to negative values instead of zero.


In fixing this bug I noticed that it was also doing a time(NULL) instead of calling sapi_get_request_time().  I fixed that as well.


Test script:
---------------
<?php
setcookie("TestCookie-Now-3600", "1", time() - 3600);
setcookie("TestCookie-Now+3600", "1", time() + 3600);
?>

Expected result:
----------------
Set-Cookie: TestCookie-Now-3600=1; expires=Thu, 21-Apr-2016 19:29:15 GMT; Max-Age=0
Set-Cookie: TestCookie-Now+3600=1; expires=Thu, 21-Apr-2016 21:29:15 GMT; Max-Age=3600

Actual result:
--------------
Set-Cookie: TestCookie-Now-3600=1; expires=Thu, 21-Apr-2016 19:29:09 GMT; Max-Age=-3600
Set-Cookie: TestCookie-Now+3600=1; expires=Thu, 21-Apr-2016 21:29:09 GMT; Max-Age=3600

Patches

max-age.diff (last revision 2016-04-21 21:41 UTC by bfrance)

Pull Requests

Pull requests:

[Bug] 72071 - Prevent Max-Age from being negative (php-src/2452)

History

AllCommentsChangesGit/SVN commitsRelated reports

[2017-04-09 11:15 UTC] nikic@php.net

Automatic comment on behalf of git@duncanc.co.uk
Revision: http://git.php.net/?p=php-src.git;a=commit;h=ba6561d3cc5ef8c2d5a698622586e7aa28e76f5a
Log: Fixed bug #72071: Prevent Max-Age from being negative

[2017-04-09 11:15 UTC] nikic@php.net

-Status: Open +Status: Closed

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 15:01:30 2024 UTC