From: Christoph M. Becker <cmbecker69@gmx.de>
Date: Fri, 1 May 2015 22:10:28 +0000 (+0200)
Subject: prohibit empty cookie names for setcookie()
X-Git-Tag: PRE_PHP7_NSAPI_REMOVAL~42^2~120
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=613f7475793159124379371fe78e99c3c9d633f0;p=php

prohibit empty cookie names for setcookie()
---

diff --git a/ext/standard/head.c b/ext/standard/head.c
index bdb3e59f58..22a2af1abe 100644
--- a/ext/standard/head.c
+++ b/ext/standard/head.c
@@ -86,7 +86,10 @@ PHPAPI int php_setcookie(char *name, size_t name_len, char *value, size_t value_
 	int result;
 	zend_string *encoded_value = NULL;
 
-	if (name && strpbrk(name, "=,; \t\r\n\013\014") != NULL) {   /* man isspace for \013 and \014 */
+	if (!name_len) {
+		zend_error( E_WARNING, "Cookie names must not be empty" );
+		return FAILURE;
+	} else if (name && strpbrk(name, "=,; \t\r\n\013\014") != NULL) {   /* man isspace for \013 and \014 */
 		zend_error( E_WARNING, "Cookie names cannot contain any of the following '=,; \\t\\r\\n\\013\\014'" );
 		return FAILURE;
 	}
diff --git a/ext/standard/tests/network/bug69523.phpt b/ext/standard/tests/network/bug69523.phpt
new file mode 100644
index 0000000000..979ae00d17
--- /dev/null
+++ b/ext/standard/tests/network/bug69523.phpt
@@ -0,0 +1,8 @@
+--TEST--
+setcookie() allows empty cookie name
+--FILE--
+<?php
+setcookie('', 'foo');
+?>
+--EXPECTF--
+Warning: Cookie names must not be empty in %s on line %d