mirror of
https://github.com/php/php-src.git
synced 2026-04-20 22:41:20 +02:00
5cb825df72
For improved security, characters not allowed for name and value should also be forbidden for path and domain.
19 lines
487 B
PHP
19 lines
487 B
PHP
--TEST--
|
|
Bug #69948 (path/domain are not sanitized for special characters in setcookie)
|
|
--FILE--
|
|
<?php
|
|
var_dump(
|
|
setcookie('foo', 'bar', 0, 'asdf;asdf'),
|
|
setcookie('foo', 'bar', 0, '/', 'foobar; secure')
|
|
);
|
|
?>
|
|
===DONE===
|
|
--EXPECTHEADERS--
|
|
--EXPECTF--
|
|
Warning: Cookie paths cannot contain any of the following ',; \t\r\n\013\014' in %s on line %d
|
|
|
|
Warning: Cookie domains cannot contain any of the following ',; \t\r\n\013\014' in %s on line %d
|
|
bool(false)
|
|
bool(false)
|
|
===DONE===
|