Skip to content

Commit ba0b1a3

Browse files
simensensimensen
authored
Merge pull request #40 from weierophinney/security/do-not-decode-cookie-names
Do not decode cookie names, just values
2 parents 733af78 + 0500ad0 commit ba0b1a3

File tree

2 files changed

+4
-4
lines changed

2 files changed

+4
-4
lines changed

src/Dflydev/FigCookies/StringUtil.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,11 +5,11 @@
55
namespace Dflydev\FigCookies;
66

77
use function array_filter;
8-
use function array_map;
98
use function assert;
109
use function explode;
1110
use function is_array;
1211
use function preg_split;
12+
use function urldecode;
1313

1414
class StringUtil
1515
{
@@ -27,8 +27,8 @@ public static function splitOnAttributeDelimiter(string $string) : array
2727
public static function splitCookiePair(string $string) : array
2828
{
2929
$pairParts = explode('=', $string, 2);
30-
$pairParts[1] = $pairParts[1] ?? '';
30+
$pairParts[1] = urldecode($pairParts[1]) ?? '';
3131

32-
return array_map('urldecode', $pairParts);
32+
return $pairParts;
3333
}
3434
}

tests/Dflydev/FigCookies/CookieTest.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,7 @@ public function provideParsesOneFromCookieStringData() : array
5252
{
5353
return [
5454
['someCookie=something', 'someCookie', 'something'],
55-
['hello%3Dworld=how%22are%27you', 'hello=world', 'how"are\'you'],
55+
['hello%3Dworld=how%22are%27you', 'hello%3Dworld', 'how"are\'you'],
5656
['empty=', 'empty', ''],
5757
];
5858
}

0 commit comments

Comments
 (0)