Fixed bug #45141 (setcookie will output expires years of >4 digits).

diff --git a/NEWS b/NEWS
index bc85cc174d03626c977d6fbd7557abe9182d37bc..a4691ee77012585ea476da8c01b60e76f30c1da7 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -69,6 +69,7 @@ PHP                                                                        NEWS
   (Sriram Natarajan)
 - Fixed bug #48182 (ssl handshake fails during asynchronous socket connection).
   (Sriram Natarajan)
+- Fixed bug #45141 (setcookie will output expires years of >4 digits). (Ilia)
 - Fixed bug #44144 (spl_autoload_functions() should return object instance
   when appropriate). (Hannes, Etienne)
 - Fixed bug #42434 (ImageLine w/ antialias = 1px shorter). (wojjie at gmail dot 

diff --git a/ext/standard/head.c b/ext/standard/head.c
index 6ebb89a51f31f41be1a883256187078f7bc37279..e563dfe7ea2020bff9089d65a1cd73f080e03338 100644 (file)
--- a/ext/standard/head.c
+++ b/ext/standard/head.c
@@ -110,8 +110,18 @@ PHPAPI int php_setcookie(char *name, int name_len, char *value, int value_len, t
        } else {
                snprintf(cookie, len + 100, "Set-Cookie: %s=%s", name, value ? encoded_value : "");
                if (expires > 0) {
+                       char *p;
                        strlcat(cookie, "; expires=", len + 100);
                        dt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, d-M-Y H:i:s T")-1, expires, 0 TSRMLS_CC);
+                       /* check to make sure that the year does not exceed 4 digits in length */
+                       p = zend_memrchr(dt, '-', strlen(dt));
+                       if (*(p + 5) != ' ') {
+                               efree(dt);
+                               efree(cookie);
+                               efree(encoded_value);
+                               zend_error(E_WARNING, "Expiry date cannot have a year greater then 9999");
+                               return FAILURE;
+                       }
                        strlcat(cookie, dt, len + 100);
                        efree(dt);
                }