Merge branch 'hotfix/7507' into develop

Forward port zendframework#7507
dineshkummarc · May 8, 2015 · d87b4de · d87b4de
2 parents 5a4882c + 2fd68b0
commit d87b4de
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 36 deletions.
diff --git a/library/Zend/Http/Header/Cookie.php b/library/Zend/Http/Header/Cookie.php
@@ -74,38 +74,7 @@ public static function fromString($headerLine)
 
     public function __construct(array $array = array())
     {
-        parent::__construct(array(), ArrayObject::ARRAY_AS_PROPS);
-        $this->exchangeArray($array);
-    }
-
-    /**
-     * Ensure all keys and values are valid.
-     *
-     * @param array $array
-     * @return array the old array.
-     */
-    public function exchangeArray($array)
-    {
-        foreach ($array as $key => $value) {
-            HeaderValue::assertValid($key);
-            HeaderValue::assertValid($value);
-        }
-
-        return parent::exchangeArray($array);
-    }
-
-    /**
-     * Ensure both key and value are valid.
-     *
-     * @param string $key
-     * @param string $value
-     * @return void
-     */
-    public function offsetSet($key, $value)
-    {
-        HeaderValue::assertValid($key);
-        HeaderValue::assertValid($value);
-        parent::offsetSet($key, $value);
+        parent::__construct($array, ArrayObject::ARRAY_AS_PROPS);
     }
 
     public function setEncodeValue($encodeValue)

diff --git a/library/Zend/Http/Header/GenericHeader.php b/library/Zend/Http/Header/GenericHeader.php
@@ -53,6 +53,10 @@ public static function splitHeaderLine($headerLine)
             throw new Exception\InvalidArgumentException('Header must match with the format "name:value"');
         }
 
+        if (! HeaderValue::isValid($parts[1])) {
+            throw new Exception\InvalidArgumentException('Invalid header value detected');
+        }
+
         $parts[1] = ltrim($parts[1]);
 
         return $parts;

diff --git a/tests/ZendTest/Http/Header/AllowTest.php b/tests/ZendTest/Http/Header/AllowTest.php
@@ -89,7 +89,7 @@ public function testAllowChecksAllowedMethod()
      */
     public function testPreventsCRLFAttackViaFromString()
     {
-        $this->setExpectedException('Zend\Http\Header\Exception\InvalidArgumentException', 'valid method');
+        $this->setExpectedException('Zend\Http\Header\Exception\InvalidArgumentException', 'Invalid header value detected');
         $header = Allow::fromString("Allow: GET\r\n\r\nevilContent");
     }
 

diff --git a/tests/ZendTest/Http/Header/CookieTest.php b/tests/ZendTest/Http/Header/CookieTest.php
@@ -80,11 +80,22 @@ public function testPreventsCRLFAttackViaFromString()
     /**
      * @see http://en.wikipedia.org/wiki/HTTP_response_splitting
      * @group ZF2015-04
+     * @dataProvider valuesProvider
+     * @param mixed $value
+     * @param string $serialized
      */
-    public function testPreventsCRLFAttackViaConstructorValue()
+    public function testSerialization($value, $serialized)
     {
-        $this->setExpectedException('Zend\Http\Header\Exception\InvalidArgumentException');
-        $header = new Cookie(array("foo=bar\r\n\r\nevilContent"));
+        $header = new Cookie(array($value));
+        $this->assertEquals('Cookie: ' . $serialized, $header->toString());
+    }
+
+    public function valuesProvider()
+    {
+        return array(
+            // Description => [raw value, serialized]
+            'CRLF characters' => array("foo=bar\r\n\r\nevilContent", '0=foo%3Dbar%0D%0A%0D%0AevilContent'),
+        );
     }
 
 //    /**