8000 Merge branch '4.4' into 5.4 · symfony/symfony@1a010a5 · GitHub
[go: up one dir, main page]

Skip to content

Commit 1a010a5

Browse files
Merge branch '4.4' into 5.4
* 4.4: [HttpClient] Add missing HttpOptions::setMaxDuration() [HttpFoundation] [Session] Overwrite invalid session id
2 parents 56c6dc1 + 1a7fa5d commit 1a010a5

File tree

3 files changed

+25
-0
lines changed

3 files changed

+25
-0
lines changed

src/Symfony/Component/HttpClient/HttpOptions.php

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -197,6 +197,16 @@ public function setTimeout(float $timeout)
197197
return $this;
198198
}
199199

200+
/**
201+
* @return $this
202+
*/
203+
public function setMaxDuration(float $maxDuration)
204+
{
205+
$this->options['max_duration'] = $maxDuration;
206+
207+
return $this;
208+
}
209+
200210
/**
201211
* @return $this
202212
*/

src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -145,6 +145,12 @@ public function start()
145145
throw new \RuntimeException(sprintf('Failed to start the session because headers have already been sent by "%s" at line %d.', $file, $line));
146146
}
147147

148+
$sessionId = $_COOKIE[session_name()] ?? null;
149+
if ($sessionId && !preg_match('/^[a-zA-Z0-9,-]{22,}$/', $sessionId)) {
150+
// the session ID in the header is invalid, create a new one
151+
session_id(session_create_id());
152+
}
153+
148154
// ok to try and start the session
149155
if (!session_start()) {
150156
throw new \RuntimeException('Failed to start the session.');

src/Symfony/Component/HttpFoundation/Tests/Session/Storage/NativeSessionStorageTest.php

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -286,4 +286,13 @@ public function testGetBagsOnceSessionStartedIsIgnored()
286286

287287
$this->assertEquals($storage->getBag('flashes'), $bag);
288288
}
289+
290+
public function testRegenerateInvalidSessionId()
291+
{
292+
$_COOKIE[session_name()] = '&~[';
293+
$started = (new NativeSessionStorage())->start();
294+
295+
$this->assertTrue($started);
296+
$this->assertMatchesRegularExpression('/^[a-zA-Z0-9,-]{22,}$/', session_id());
297+
}
289298
}

0 commit comments

Comments
 (0)
0