Mercurial > hg > isophonics-drupal-site
diff vendor/symfony/browser-kit/CookieJar.php @ 13:5fb285c0d0e3
Update Drupal core to 8.4.7 via Composer. Security update; I *think* we've
been lucky to get away with this so far, as we don't support self-registration
which seems to be used by the so-called "drupalgeddon 2" attack that 8.4.5
was vulnerable to.
| author | Chris Cannam |
|---|---|
| date | Mon, 23 Apr 2018 09:33:26 +0100 |
| parents | 7a779792577d |
| children | 129ea1e6d783 |
line wrap: on
line diff
--- a/vendor/symfony/browser-kit/CookieJar.php Fri Feb 23 15:52:07 2018 +0000 +++ b/vendor/symfony/browser-kit/CookieJar.php Mon Apr 23 09:33:26 2018 +0100 @@ -43,32 +43,21 @@ { $this->flushExpiredCookies(); - if (!empty($domain)) { - foreach ($this->cookieJar as $cookieDomain => $pathCookies) { - if ($cookieDomain) { - $cookieDomain = '.'.ltrim($cookieDomain, '.'); - if ($cookieDomain != substr('.'.$domain, -strlen($cookieDomain))) { - continue; - } - } - - foreach ($pathCookies as $cookiePath => $namedCookies) { - if ($cookiePath != substr($path, 0, strlen($cookiePath))) { - continue; - } - if (isset($namedCookies[$name])) { - return $namedCookies[$name]; - } + foreach ($this->cookieJar as $cookieDomain => $pathCookies) { + if ($cookieDomain && $domain) { + $cookieDomain = '.'.ltrim($cookieDomain, '.'); + if ($cookieDomain !== substr('.'.$domain, -\strlen($cookieDomain))) { + continue; } } - return; - } - - // avoid relying on this behavior that is mainly here for BC reasons - foreach ($this->cookieJar as $cookies) { - if (isset($cookies[$path][$name])) { - return $cookies[$path][$name]; + foreach ($pathCookies as $cookiePath => $namedCookies) { + if (0 !== strpos($path, $cookiePath)) { + continue; + } + if (isset($namedCookies[$name])) { + return $namedCookies[$name]; + } } } }