Merge pull request from GHSA-w3w9-vrf5-8mx8

clue · web-flow · commit 57b259e51c7e · 2022-08-23T13:38:17.000+02:00
Do not decode cookie names anymore
diff --git a/README.md b/README.md
@@ -1304,7 +1304,7 @@ get all cookies sent with the current request.
 
 ```php 
 $http = new React\Http\HttpServer(function (Psr\Http\Message\ServerRequestInterface $request) {
-    $key = 'react\php';
+    $key = 'greeting';
 
     if (isset($request->getCookieParams()[$key])) {
         $body = "Your cookie value is: " . $request->getCookieParams()[$key] . "\n";
@@ -1316,7 +1316,7 @@ $http = new React\Http\HttpServer(function (Psr\Http\Message\ServerRequestInterf
 
     return React\Http\Message\Response::plaintext(
         "Your cookie has been set.\n"
-    )->withHeader('Set-Cookie', urlencode($key) . '=' . urlencode('test;more'));
+    )->withHeader('Set-Cookie', $key . '=' . urlencode('Hello world!'));
 });
 ```
 
diff --git a/examples/55-server-cookie-handling.php b/examples/55-server-cookie-handling.php
@@ -3,7 +3,7 @@
 require __DIR__ . '/../vendor/autoload.php';
 
 $http = new React\Http\HttpServer(function (Psr\Http\Message\ServerRequestInterface $request) {
-    $key = 'react\php';
+    $key = 'greeting';
 
     if (isset($request->getCookieParams()[$key])) {
         $body = "Your cookie value is: " . $request->getCookieParams()[$key] . "\n";
@@ -15,7 +15,7 @@
 
     return React\Http\Message\Response::plaintext(
         "Your cookie has been set.\n"
-    )->withHeader('Set-Cookie', urlencode($key) . '=' . urlencode('test;more'));
+    )->withHeader('Set-Cookie', $key . '=' . urlencode('Hello world!'));
 });
 
 $socket = new React\Socket\SocketServer(isset($argv[1]) ? $argv[1] : '0.0.0.0:0');
diff --git a/src/Message/ServerRequest.php b/src/Message/ServerRequest.php
@@ -186,7 +186,7 @@ private function parseCookie($cookie)
             $nameValuePair = \explode('=', $pair, 2);
 
             if (\count($nameValuePair) === 2) {
-                $key = \urldecode($nameValuePair[0]);
+                $key = $nameValuePair[0];
                 $value = \urldecode($nameValuePair[1]);
                 $result[$key] = $value;
             }
diff --git a/tests/Message/ServerRequestTest.php b/tests/Message/ServerRequestTest.php
@@ -251,7 +251,7 @@ public function testUrlEncodingForKeyWillReturnValidArray()
         );
 
         $cookies = $this->request->getCookieParams();
-        $this->assertEquals(array('react;php' => 'is great'), $cookies);
+        $this->assertEquals(array('react%3Bphp' => 'is great'), $cookies);
     }
 
     public function testCookieWithoutSpaceAfterSeparatorWillBeAccepted()

Original file line number	Diff line number	Diff line change
`@@ -186,7 +186,7 @@ private function parseCookie($cookie)`
`186`	`186`	`$nameValuePair = \explode('=', $pair, 2);`
`187`	`187`
`188`	`188`	`if (\count($nameValuePair) === 2) {`
`189`		`- $key = \urldecode($nameValuePair[0]);`
	`189`	`+ $key = $nameValuePair[0];`
`190`	`190`	`$value = \urldecode($nameValuePair[1]);`
`191`	`191`	`$result[$key] = $value;`
`192`	`192`	`}`
Original file line number	Diff line number	Diff line change
`@@ -251,7 +251,7 @@ public function testUrlEncodingForKeyWillReturnValidArray()`
`251`	`251`	`);`
`252`	`252`
`253`	`253`	`$cookies = $this->request->getCookieParams();`
`254`		`- $this->assertEquals(array('react;php' => 'is great'), $cookies);`
	`254`	`+ $this->assertEquals(array('react%3Bphp' => 'is great'), $cookies);`
`255`	`255`	`}`
`256`	`256`
`257`	`257`	`public function testCookieWithoutSpaceAfterSeparatorWillBeAccepted()`