diff options
Diffstat (limited to 'src/sp_cookie_encryption.c')
| -rw-r--r-- | src/sp_cookie_encryption.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/sp_cookie_encryption.c b/src/sp_cookie_encryption.c index 72223ad..6cb1ff7 100644 --- a/src/sp_cookie_encryption.c +++ b/src/sp_cookie_encryption.c | |||
| @@ -108,8 +108,9 @@ PHP_FUNCTION(sp_setcookie) { | |||
| 108 | ZVAL_LONG(¶ms[6], httponly); | 108 | ZVAL_LONG(¶ms[6], httponly); |
| 109 | } | 109 | } |
| 110 | 110 | ||
| 111 | /* param[3](path) is concatenated to path= and is not filtered, we can inject | 111 | /* param[3](path) is concatenated to path= and is not filtered in PHP < 7.3 |
| 112 | the samesite parameter here */ | 112 | we can inject the samesite parameter here |
| 113 | TODO find another solution with 7.3 */ | ||
| 113 | if (cookie_node && cookie_node->samesite) { | 114 | if (cookie_node && cookie_node->samesite) { |
| 114 | if (!path) { | 115 | if (!path) { |
| 115 | path = zend_string_init("", 0, 0); | 116 | path = zend_string_init("", 0, 0); |