Updating cookie-parsing regex to be more aligned with RFC 6265

Signed-off-by: denis.yuryev <[email protected]>
laminas · Jan 7, 2025 · d147c63 · d147c63
1 parent 746db20
commit d147c63
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 9 deletions.
diff --git a/src/functions/parse_cookie_header.php b/src/functions/parse_cookie_header.php
@@ -21,13 +21,13 @@
 function parseCookieHeader($cookieHeader): array
 {
     preg_match_all('(
-        (?:^\\n?[ \t]*|;[ ])
-        (?P<name>[!#$%&\'*+-.0-9A-Z^_`a-z|~]+)
+        (?:^\\n?[ \t]*|;[ \t]*)
+        (?P<name>[!#$%&\'*+-.0-9A-Z^_`a-z|~\[\]]+)
         =
         (?P<DQUOTE>"?)
             (?P<value>[\x21\x23-\x2b\x2d-\x3a\x3c-\x5b\x5d-\x7e]*)
         (?P=DQUOTE)
-        (?=\\n?[ \t]*$|;[ ])
+        (?=\\n?[ \t]*$|;[ \t]*)
     )x', $cookieHeader, $matches, PREG_SET_ORDER);
 
     $cookies = [];

diff --git a/test/ServerRequestFactoryTest.php b/test/ServerRequestFactoryTest.php
@@ -234,30 +234,38 @@ public function testFromGlobalsUsesCookieSuperGlobalWhenCookieHeaderIsNotSet():
     public static function cookieHeaderValues(): array
     {
         return [
-            'ows-without-fold'    => [
+            'ows-without-fold'        => [
                 "\tfoo=bar ",
                 ['foo' => 'bar'],
             ],
-            'url-encoded-value'   => [
+            'url-encoded-value'       => [
                 'foo=bar%3B+',
                 ['foo' => 'bar;+'],
             ],
-            'double-quoted-value' => [
+            'double-quoted-value'     => [
                 'foo="bar"',
                 ['foo' => 'bar'],
             ],
-            'multiple-pairs'      => [
+            'multiple-pairs'          => [
                 'foo=bar; baz="bat"; bau=bai',
                 ['foo' => 'bar', 'baz' => 'bat', 'bau' => 'bai'],
             ],
-            'same-name-pairs'     => [
+            'same-name-pairs'         => [
                 'foo=bar; foo="bat"',
                 ['foo' => 'bat'],
             ],
-            'period-in-name'      => [
+            'period-in-name'          => [
                 'foo.bar=baz',
                 ['foo.bar' => 'baz'],
             ],
+            'no-space-separator'      => [
+                'foo=bar;bar=baz',
+                ['foo' => 'bar', 'bar' => 'baz'],
+            ],
+            'square-brackets-in-name' => [
+                'foo[bar]=bar;foo[baz]=baz',
+                ['foo[bar]' => 'bar', 'foo[baz]' => 'baz'],
+            ],
         ];
     }