#14191 closed defect (bug) (fixed)
The test() function of the cookie class does not allow session cookies
Reported by: | mailnew2ster | Owned by: | dd32 |
---|---|---|---|
Milestone: | 3.5 | Priority: | normal |
Severity: | normal | Version: | 3.0 |
Component: | HTTP API | Keywords: | has-patch needs-testing |
Focuses: | Cc: |
Description
http://core.trac.wordpress.org/browser/trunk/wp-includes/class-http.php#L1777
Because $this->expires is not defined for session cookies, test() always returns false.
Attachments (1)
Change History (8)
#3
@
14 years ago
- Milestone changed from Awaiting Review to 3.1
Would this allow more than necessary though?
The isset() should be enough to fix the issue as we set this->expires to null.
#5
@
12 years ago
- Milestone changed from Future Release to 3.5
- Owner set to dd32
- Status changed from new to accepted
While testing this, I've just noticed that WP_Http_Cookie::test() is never actually used by core, or WP_HTTP itself.
The following code works fine at present without this change:
$one = wp_remote_get( 'http://tools.dd32.id.au/wordpress/cookie-test.php' ); $two = wp_remote_get( 'http://tools.dd32.id.au/wordpress/cookie-test.php', array( 'cookies' => $one['cookies'] ) ); var_dump( $one, $two );
The 2nd request is sent with the cookies returned from request 1, However, If you wish to validate the cookies can be sent to the 2nd/new destination, then calling $cookie->test() would still fail.
Looking at testing it, and the attached patch, nacin was right that only the 2nd chunk was required, While the first chunk of diff is nice to "clean up" the existing code, there's some bugs that need fixing which would be harder with the cleanup.
#7
@
12 years ago
While the first chunk of diff is nice to "clean up" the existing code, there's some bugs that need fixing which would be harder with the cleanup.
It's not only a "nice clean up".
I quote my first comment:
Patch also improves the "new cookie from array" code, by making it cleaner and allowing unknown values such as httponly (like the "new cookie from string" code does).
It improves the function, making it:
- Accept values different than name, value, path, domain and expires (e.g. httponly).
- Case-insensitive (e.g. accept name, Name, or NAME).
I understand it's unrelated to the current ticket title, I just wanted to clarify the purpose of my change.
Patch also improves the "new cookie from array" code, by making it cleaner and allowing unknown values such as httponly (like the "new cookie from string" code does).