Error with malformed domain that contains a "/" character #1999
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Cookies where the domain contains a "/" character are triggering an exception with
SetCookie::matchesDomain()
. The issue is that the call topreg_quote()
inside this function does not specify the regex delimiter being used, and so this character isn't getting escaped, which leads to a malformed pattern going intopreg_match()
. This can be triggered for example if the cookie improperly contains a URL, or if it appends a path after the hostname, such as in the following examples: