Merge pull request from GHSA-w3w9-vrf5-8mx8

Do not decode cookie names anymore
reactphp · Aug 23, 2022 · 57b259e · 57b259e
2 parents 00e481e + 663c9a3
commit 57b259e
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -1304,7 +1304,7 @@ get all cookies sent with the current request.
 
 ```php 
 $http = new React\Http\HttpServer(function (Psr\Http\Message\ServerRequestInterface $request) {
-    $key = 'react\php';
+    $key = 'greeting';
 
     if (isset($request->getCookieParams()[$key])) {
         $body = "Your cookie value is: " . $request->getCookieParams()[$key] . "\n";
@@ -1316,7 +1316,7 @@ $http = new React\Http\HttpServer(function (Psr\Http\Message\ServerRequestInterf
 
     return React\Http\Message\Response::plaintext(
         "Your cookie has been set.\n"
-    )->withHeader('Set-Cookie', urlencode($key) . '=' . urlencode('test;more'));
+    )->withHeader('Set-Cookie', $key . '=' . urlencode('Hello world!'));
 });
 ```
 

diff --git a/examples/55-server-cookie-handling.php b/examples/55-server-cookie-handling.php
@@ -3,7 +3,7 @@
 require __DIR__ . '/../vendor/autoload.php';
 
 $http = new React\Http\HttpServer(function (Psr\Http\Message\ServerRequestInterface $request) {
-    $key = 'react\php';
+    $key = 'greeting';
 
     if (isset($request->getCookieParams()[$key])) {
         $body = "Your cookie value is: " . $request->getCookieParams()[$key] . "\n";
@@ -15,7 +15,7 @@
 
     return React\Http\Message\Response::plaintext(
         "Your cookie has been set.\n"
-    )->withHeader('Set-Cookie', urlencode($key) . '=' . urlencode('test;more'));
+    )->withHeader('Set-Cookie', $key . '=' . urlencode('Hello world!'));
 });
 
 $socket = new React\Socket\SocketServer(isset($argv[1]) ? $argv[1] : '0.0.0.0:0');

diff --git a/src/Message/ServerRequest.php b/src/Message/ServerRequest.php
@@ -186,7 +186,7 @@ private function parseCookie($cookie)
             $nameValuePair = \explode('=', $pair, 2);
 
             if (\count($nameValuePair) === 2) {
-                $key = \urldecode($nameValuePair[0]);
+                $key = $nameValuePair[0];
                 $value = \urldecode($nameValuePair[1]);
                 $result[$key] = $value;
             }

diff --git a/tests/Message/ServerRequestTest.php b/tests/Message/ServerRequestTest.php
@@ -251,7 +251,7 @@ public function testUrlEncodingForKeyWillReturnValidArray()
         );
 
         $cookies = $this->request->getCookieParams();
-        $this->assertEquals(array('react;php' => 'is great'), $cookies);
+        $this->assertEquals(array('react%3Bphp' => 'is great'), $cookies);
     }
 
     public function testCookieWithoutSpaceAfterSeparatorWillBeAccepted()