php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #72071 setcookie allows max-age to be negative
Submitted: 2016-04-21 21:41 UTC Modified: -
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: bfrance@php.net Assigned:
Status: Closed Package: *General Issues
PHP Version: 5.6.20 OS: Linux
Private report: No CVE-ID:
 [2016-04-21 21:41 UTC] bfrance@php.net
Description:
------------
I believe 7.x has the same issues, but I am using 5.6.x.

setcookie is setting a negative max-age value.  The RFC:

https://tools.ietf.org/html/rfc7234#section-5.2.2.8

states max-age is delta-seconds, which is defined in RFC:

https://tools.ietf.org/html/rfc7234#section-1.2.1

"The delta-seconds rule specifies a non-negative integer, representing time in seconds."

The test script below shows that the max age is getting set to negative values instead of zero.


In fixing this bug I noticed that it was also doing a time(NULL) instead of calling sapi_get_request_time().  I fixed that as well.


Test script:
---------------
<?php
setcookie("TestCookie-Now-3600", "1", time() - 3600);
setcookie("TestCookie-Now+3600", "1", time() + 3600);
?>

Expected result:
----------------
Set-Cookie: TestCookie-Now-3600=1; expires=Thu, 21-Apr-2016 19:29:15 GMT; Max-Age=0
Set-Cookie: TestCookie-Now+3600=1; expires=Thu, 21-Apr-2016 21:29:15 GMT; Max-Age=3600

Actual result:
--------------
Set-Cookie: TestCookie-Now-3600=1; expires=Thu, 21-Apr-2016 19:29:09 GMT; Max-Age=-3600
Set-Cookie: TestCookie-Now+3600=1; expires=Thu, 21-Apr-2016 21:29:09 GMT; Max-Age=3600

Patches

max-age.diff (last revision 2016-04-21 21:41 UTC) by bfrance)

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-04-09 11:15 UTC] nikic@php.net
Automatic comment on behalf of git@duncanc.co.uk
Revision: http://git.php.net/?p=php-src.git;a=commit;h=ba6561d3cc5ef8c2d5a698622586e7aa28e76f5a
Log: Fixed bug #72071: Prevent Max-Age from being negative
 [2017-04-09 11:15 UTC] nikic@php.net
-Status: Open +Status: Closed
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Thu May 25 16:01:43 2017 UTC