From: Ilia Alshanetsky <iliaa@php.net>
Date: Wed, 29 Jul 2009 13:44:16 +0000 (+0000)
Subject: Fixed bug #45141 (setcookie will output expires years of >4 digits).
X-Git-Tag: php-5.4.0alpha1~191^2~2924
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4d0e637af868d3a21a5fb8b8518877958ef42f23;p=php

Fixed bug #45141 (setcookie will output expires years of >4 digits).
---

diff --git a/ext/standard/head.c b/ext/standard/head.c
index bbbb31890c..4f9aa63da8 100644
--- a/ext/standard/head.c
+++ b/ext/standard/head.c
@@ -125,8 +125,18 @@ PHPAPI int php_setcookie(char *name, int name_len, char *value, int value_len, t
 	} else {
 		snprintf(cookie, len + 100, "Set-Cookie: %s=%s", name, value ? encoded_value : "");
 		if (expires > 0) {
+			char *p;
 			strlcat(cookie, "; expires=", len + 100);
 			dt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, d-M-Y H:i:s T")-1, expires, 0 TSRMLS_CC);
+			/* check to make sure that the year does not exceed 4 digits in length */
+			p = zend_memrchr(dt, '-', strlen(dt));
+			if (*(p + 5) != ' ') {
+				efree(dt);
+				efree(cookie);
+				efree(encoded_value);
+				zend_error(E_WARNING, "Expiry date cannot have a year greater then 9999");
+				return FAILURE;
+			}
 			strlcat(cookie, dt, len + 100);
 			efree(dt);
 		}