Skip to content

Commit 2a6cd1c

Browse files
pawan-adobe-securitypawan-adobe-security
authored
Merge pull request #9341 from magento-cia/cia-2.4.8-beta2-develop-bugfix-11062024
Cia 2.4.8 beta2 develop bugfix 11062024
2 parents dc5c68e + 0354658 commit 2a6cd1c

File tree

2 files changed

+25
-22
lines changed

2 files changed

+25
-22
lines changed

lib/internal/Magento/Framework/Stdlib/Cookie/PhpCookieManager.php

Lines changed: 11 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -31,19 +31,21 @@ class PhpCookieManager implements CookieManagerInterface
3131
* RFC 2109 - Page 15
3232
* http://www.ietf.org/rfc/rfc6265.txt
3333
*/
34-
const MAX_NUM_COOKIES = 50;
35-
const MAX_COOKIE_SIZE = 4096;
36-
const EXPIRE_NOW_TIME = 1;
37-
const EXPIRE_AT_END_OF_SESSION_TIME = 0;
34+
private const MAX_NUM_COOKIES = 50;
35+
public const MAX_COOKIE_SIZE = 4096;
36+
private const EXPIRE_NOW_TIME = 1;
37+
private const EXPIRE_AT_END_OF_SESSION_TIME = 0;
3838
/**#@-*/
3939

4040
/**#@+
4141
* Constant for metadata array key
4242
*/
43-
const KEY_EXPIRE_TIME = 'expiry';
43+
private const KEY_EXPIRE_TIME = 'expiry';
4444
/**#@-*/
4545

46-
/**#@-*/
46+
/**
47+
* @var CookieScopeInterface
48+
*/
4749
private $scope;
4850

4951
/**
@@ -209,17 +211,17 @@ private function checkAbilityToSendCookie($name, $value)
209211

210212
$sizeOfCookie = $this->sizeOfCookie($name, $value);
211213

212-
if ($numCookies > static::MAX_NUM_COOKIES) {
214+
if ($numCookies > self::MAX_NUM_COOKIES) {
213215
$this->logger->warning(
214216
new Phrase('Unable to send the cookie. Maximum number of cookies would be exceeded.'),
215217
[
216-
'cookies' => $_COOKIE,
218+
'cookies' => array_keys($_COOKIE),
217219
'user-agent' => $this->httpHeader->getHttpUserAgent()
218220
]
219221
);
220222
}
221223

222-
if ($sizeOfCookie > static::MAX_COOKIE_SIZE) {
224+
if ($sizeOfCookie > self::MAX_COOKIE_SIZE) {
223225
throw new CookieSizeLimitReachedException(
224226
new Phrase(
225227
'Unable to send the cookie. Size of \'%name\' is %size bytes.',

lib/internal/Magento/Framework/Stdlib/Test/Unit/Cookie/PhpCookieManagerTest.php

Lines changed: 14 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -60,6 +60,9 @@ class PhpCookieManagerTest extends TestCase
6060
public const COOKIE_HTTP_ONLY = true;
6161
public const COOKIE_NOT_HTTP_ONLY = false;
6262
public const COOKIE_EXPIRE_END_OF_SESSION = 0;
63+
private const MAX_NUM_COOKIES = 50;
64+
private const EXPIRE_NOW_TIME = 1;
65+
private const EXPIRE_AT_END_OF_SESSION_TIME = 0;
6366

6467
/**
6568
* Mapping from constant names to functions that handle the assertions.
@@ -515,8 +518,7 @@ public function testSetCookieSizeTooLarge()
515518

516519
$cookieValue = '';
517520

518-
$cookieManager = $this->cookieManager;
519-
for ($i = 0; $i < $cookieManager::MAX_COOKIE_SIZE + 1; $i++) {
521+
for ($i = 0; $i < $this->cookieManager::MAX_COOKIE_SIZE + 1; $i++) {
520522
$cookieValue = $cookieValue . 'a';
521523
}
522524

@@ -544,9 +546,8 @@ public function testSetTooManyCookies()
544546

545547
$userAgent = 'some_user_agent';
546548

547-
$cookieManager = $this->cookieManager;
548-
// Set $cookieManager::MAX_NUM_COOKIES number of cookies in superglobal $_COOKIE.
549-
for ($i = count($_COOKIE); $i < $cookieManager::MAX_NUM_COOKIES; $i++) {
549+
// Set self::MAX_NUM_COOKIES number of cookies in superglobal $_COOKIE.
550+
for ($i = count($_COOKIE); $i < self::MAX_NUM_COOKIES; $i++) {
550551
$_COOKIE['test_cookie_' . $i] = self::COOKIE_VALUE . '_' . $i;
551552
}
552553

@@ -566,7 +567,7 @@ public function testSetTooManyCookies()
566567
->with(
567568
new Phrase('Unable to send the cookie. Maximum number of cookies would be exceeded.'),
568569
[
569-
'cookies' => $_COOKIE,
570+
'cookies' => array_keys($_COOKIE),
570571
'user-agent' => $userAgent
571572
]
572573
);
@@ -615,7 +616,7 @@ private static function assertDeleteCookie(
615616
) {
616617
self::assertEquals(self::DELETE_COOKIE_NAME, $name);
617618
self::assertEquals('', $value);
618-
self::assertEquals($expiry, PhpCookieManager::EXPIRE_NOW_TIME);
619+
self::assertEquals($expiry, self::EXPIRE_NOW_TIME);
619620
self::assertFalse($secure);
620621
self::assertFalse($httpOnly);
621622
self::assertEquals('magento.url', $domain);
@@ -641,7 +642,7 @@ private static function assertDeleteCookieWithNoMetadata(
641642
) {
642643
self::assertEquals(self::DELETE_COOKIE_NAME_NO_METADATA, $name);
643644
self::assertEquals('', $value);
644-
self::assertEquals($expiry, PhpCookieManager::EXPIRE_NOW_TIME);
645+
self::assertEquals($expiry, self::EXPIRE_NOW_TIME);
645646
self::assertFalse($secure);
646647
self::assertFalse($httpOnly);
647648
self::assertEquals('', $domain);
@@ -667,7 +668,7 @@ private static function assertSensitiveCookieWithNoMetaDataHttps(
667668
) {
668669
self::assertEquals(self::SENSITIVE_COOKIE_NAME_NO_METADATA_HTTPS, $name);
669670
self::assertEquals(self::COOKIE_VALUE, $value);
670-
self::assertEquals(PhpCookieManager::EXPIRE_AT_END_OF_SESSION_TIME, $expiry);
671+
self::assertEquals(self::EXPIRE_AT_END_OF_SESSION_TIME, $expiry);
671672
self::assertTrue($secure);
672673
self::assertTrue($httpOnly);
673674
self::assertEquals('', $domain);
@@ -693,7 +694,7 @@ private static function assertSensitiveCookieWithNoMetaDataNotHttps(
693694
) {
694695
self::assertEquals(self::SENSITIVE_COOKIE_NAME_NO_METADATA_NOT_HTTPS, $name);
695696
self::assertEquals(self::COOKIE_VALUE, $value);
696-
self::assertEquals(PhpCookieManager::EXPIRE_AT_END_OF_SESSION_TIME, $expiry);
697+
self::assertEquals(self::EXPIRE_AT_END_OF_SESSION_TIME, $expiry);
697698
self::assertFalse($secure);
698699
self::assertTrue($httpOnly);
699700
self::assertEquals('', $domain);
@@ -719,7 +720,7 @@ private static function assertSensitiveCookieNoDomainNoPath(
719720
) {
720721
self::assertEquals(self::SENSITIVE_COOKIE_NAME_NO_DOMAIN_NO_PATH, $name);
721722
self::assertEquals(self::COOKIE_VALUE, $value);
722-
self::assertEquals(PhpCookieManager::EXPIRE_AT_END_OF_SESSION_TIME, $expiry);
723+
self::assertEquals(self::EXPIRE_AT_END_OF_SESSION_TIME, $expiry);
723724
self::assertTrue($secure);
724725
self::assertTrue($httpOnly);
725726
self::assertEquals('', $domain);
@@ -745,7 +746,7 @@ private static function assertSensitiveCookieWithDomainAndPath(
745746
) {
746747
self::assertEquals(self::SENSITIVE_COOKIE_NAME_WITH_DOMAIN_AND_PATH, $name);
747748
self::assertEquals(self::COOKIE_VALUE, $value);
748-
self::assertEquals(PhpCookieManager::EXPIRE_AT_END_OF_SESSION_TIME, $expiry);
749+
self::assertEquals(self::EXPIRE_AT_END_OF_SESSION_TIME, $expiry);
749750
self::assertFalse($secure);
750751
self::assertTrue($httpOnly);
751752
self::assertEquals('magento.url', $domain);
@@ -797,7 +798,7 @@ private static function assertPublicCookieWithNoDomainNoPath(
797798
) {
798799
self::assertEquals(self::PUBLIC_COOKIE_NAME_NO_METADATA, $name);
799800
self::assertEquals(self::COOKIE_VALUE, $value);
800-
self::assertEquals(PhpCookieManager::EXPIRE_AT_END_OF_SESSION_TIME, $expiry);
801+
self::assertEquals(self::EXPIRE_AT_END_OF_SESSION_TIME, $expiry);
801802
self::assertTrue($secure);
802803
self::assertTrue($httpOnly);
803804
self::assertEquals('magento.url', $domain);

0 commit comments

Comments
 (0)