diff options
| -rw-r--r-- | src/sp_cookie_encryption.c | 5 | ||||
| -rw-r--r-- | src/tests/harden_rand_noargs.phpt | 8 | ||||
| -rw-r--r-- | src/tests/samesite_cookies.phpt | 5 |
3 files changed, 11 insertions, 7 deletions
diff --git a/src/sp_cookie_encryption.c b/src/sp_cookie_encryption.c index 72223ad..6cb1ff7 100644 --- a/src/sp_cookie_encryption.c +++ b/src/sp_cookie_encryption.c | |||
| @@ -108,8 +108,9 @@ PHP_FUNCTION(sp_setcookie) { | |||
| 108 | ZVAL_LONG(¶ms[6], httponly); | 108 | ZVAL_LONG(¶ms[6], httponly); |
| 109 | } | 109 | } |
| 110 | 110 | ||
| 111 | /* param[3](path) is concatenated to path= and is not filtered, we can inject | 111 | /* param[3](path) is concatenated to path= and is not filtered in PHP < 7.3 |
| 112 | the samesite parameter here */ | 112 | we can inject the samesite parameter here |
| 113 | TODO find another solution with 7.3 */ | ||
| 113 | if (cookie_node && cookie_node->samesite) { | 114 | if (cookie_node && cookie_node->samesite) { |
| 114 | if (!path) { | 115 | if (!path) { |
| 115 | path = zend_string_init("", 0, 0); | 116 | path = zend_string_init("", 0, 0); |
diff --git a/src/tests/harden_rand_noargs.phpt b/src/tests/harden_rand_noargs.phpt index 643a453..fdf8124 100644 --- a/src/tests/harden_rand_noargs.phpt +++ b/src/tests/harden_rand_noargs.phpt | |||
| @@ -46,13 +46,13 @@ Warning: rand() expects exactly 2 parameters, 3 given in %s/tests/harden_rand_no | |||
| 46 | 46 | ||
| 47 | Warning: mt_rand() expects exactly 2 parameters, 3 given in %s/tests/harden_rand_noargs.php on line %d | 47 | Warning: mt_rand() expects exactly 2 parameters, 3 given in %s/tests/harden_rand_noargs.php on line %d |
| 48 | 48 | ||
| 49 | Warning: rand() expects parameter 1 to be integer, string given in %s/tests/harden_rand_noargs.php on line %d | 49 | Warning: rand() expects parameter 1 to be in%s, string given in %s/tests/harden_rand_noargs.php on line %d |
| 50 | 50 | ||
| 51 | Warning: mt_rand() expects parameter 1 to be integer, string given in %s/tests/harden_rand_noargs.php on line %d | 51 | Warning: mt_rand() expects parameter 1 to be in%s, string given in %s/tests/harden_rand_noargs.php on line %d |
| 52 | 52 | ||
| 53 | Warning: rand() expects parameter 2 to be integer, string given in %s/tests/harden_rand_noargs.php on line %d | 53 | Warning: rand() expects parameter 2 to be in%s, string given in %s/tests/harden_rand_noargs.php on line %d |
| 54 | 54 | ||
| 55 | Warning: mt_rand() expects parameter 2 to be integer, string given in %s/tests/harden_rand_noargs.php on line %d | 55 | Warning: mt_rand() expects parameter 2 to be in%s, string given in %s/tests/harden_rand_noargs.php on line %d |
| 56 | 56 | ||
| 57 | Warning: rand() expects exactly 2 parameters, 3 given in %s/tests/harden_rand_noargs.php on line %d | 57 | Warning: rand() expects exactly 2 parameters, 3 given in %s/tests/harden_rand_noargs.php on line %d |
| 58 | 58 | ||
diff --git a/src/tests/samesite_cookies.phpt b/src/tests/samesite_cookies.phpt index d010963..3247432 100644 --- a/src/tests/samesite_cookies.phpt +++ b/src/tests/samesite_cookies.phpt | |||
| @@ -1,7 +1,10 @@ | |||
| 1 | --TEST-- | 1 | --TEST-- |
| 2 | Cookie samesite | 2 | Cookie samesite |
| 3 | --SKIPIF-- | 3 | --SKIPIF-- |
| 4 | <?php if (!extension_loaded("snuffleupagus")) die "skip"; ?> | 4 | <?php |
| 5 | if (!extension_loaded("snuffleupagus")) die("skip"); | ||
| 6 | if (PHP_VERSION_ID >= 70300) die("skip BROKEN with 7.3"); | ||
| 7 | ?> | ||
| 5 | --INI-- | 8 | --INI-- |
| 6 | sp.configuration_file={PWD}/config/config_samesite_cookies.ini | 9 | sp.configuration_file={PWD}/config/config_samesite_cookies.ini |
| 7 | --COOKIE-- | 10 | --COOKIE-- |