Merge pull request #9341 from magento-cia/cia-2.4.8-beta2-develop-bugfix-11062024

pawan-adobe-security · web-flow · commit 2a6cd1c82833 · 2024-11-10T21:19:21.000+05:30
Cia 2.4.8 beta2 develop bugfix 11062024
diff --git a/lib/internal/Magento/Framework/Stdlib/Cookie/PhpCookieManager.php b/lib/internal/Magento/Framework/Stdlib/Cookie/PhpCookieManager.php
@@ -31,19 +31,21 @@ class PhpCookieManager implements CookieManagerInterface
      * RFC 2109 - Page 15
      * http://www.ietf.org/rfc/rfc6265.txt
      */
-    const MAX_NUM_COOKIES = 50;
-    const MAX_COOKIE_SIZE = 4096;
-    const EXPIRE_NOW_TIME = 1;
-    const EXPIRE_AT_END_OF_SESSION_TIME = 0;
+    private const MAX_NUM_COOKIES = 50;
+    public const MAX_COOKIE_SIZE = 4096;
+    private const EXPIRE_NOW_TIME = 1;
+    private const EXPIRE_AT_END_OF_SESSION_TIME = 0;
     /**#@-*/
 
     /**#@+
      * Constant for metadata array key
      */
-    const KEY_EXPIRE_TIME = 'expiry';
+    private const KEY_EXPIRE_TIME = 'expiry';
     /**#@-*/
 
-    /**#@-*/
+    /**
+     * @var CookieScopeInterface
+     */
     private $scope;
 
     /**
@@ -209,17 +211,17 @@ private function checkAbilityToSendCookie($name, $value)
 
         $sizeOfCookie = $this->sizeOfCookie($name, $value);
 
-        if ($numCookies > static::MAX_NUM_COOKIES) {
+        if ($numCookies > self::MAX_NUM_COOKIES) {
             $this->logger->warning(
                 new Phrase('Unable to send the cookie. Maximum number of cookies would be exceeded.'),
                 [
-                    'cookies' => $_COOKIE,
+                    'cookies' => array_keys($_COOKIE),
                     'user-agent' => $this->httpHeader->getHttpUserAgent()
                 ]
             );
         }
 
-        if ($sizeOfCookie > static::MAX_COOKIE_SIZE) {
+        if ($sizeOfCookie > self::MAX_COOKIE_SIZE) {
             throw new CookieSizeLimitReachedException(
                 new Phrase(
                     'Unable to send the cookie. Size of \'%name\' is %size bytes.',
diff --git a/lib/internal/Magento/Framework/Stdlib/Test/Unit/Cookie/PhpCookieManagerTest.php b/lib/internal/Magento/Framework/Stdlib/Test/Unit/Cookie/PhpCookieManagerTest.php
@@ -60,6 +60,9 @@ class PhpCookieManagerTest extends TestCase
         public const COOKIE_HTTP_ONLY = true;
         public const COOKIE_NOT_HTTP_ONLY = false;
         public const COOKIE_EXPIRE_END_OF_SESSION = 0;
+        private const MAX_NUM_COOKIES = 50;
+        private const EXPIRE_NOW_TIME = 1;
+        private const EXPIRE_AT_END_OF_SESSION_TIME = 0;
 
         /**
          * Mapping from constant names to functions that handle the assertions.
@@ -515,8 +518,7 @@ public function testSetCookieSizeTooLarge()
 
             $cookieValue = '';
 
-            $cookieManager = $this->cookieManager;
-            for ($i = 0; $i < $cookieManager::MAX_COOKIE_SIZE + 1; $i++) {
+            for ($i = 0; $i < $this->cookieManager::MAX_COOKIE_SIZE + 1; $i++) {
                 $cookieValue = $cookieValue . 'a';
             }
 
@@ -544,9 +546,8 @@ public function testSetTooManyCookies()
 
             $userAgent = 'some_user_agent';
 
-            $cookieManager = $this->cookieManager;
-            // Set $cookieManager::MAX_NUM_COOKIES number of cookies in superglobal $_COOKIE.
-            for ($i = count($_COOKIE); $i < $cookieManager::MAX_NUM_COOKIES; $i++) {
+            // Set self::MAX_NUM_COOKIES number of cookies in superglobal $_COOKIE.
+            for ($i = count($_COOKIE); $i < self::MAX_NUM_COOKIES; $i++) {
                 $_COOKIE['test_cookie_' . $i] = self::COOKIE_VALUE . '_' . $i;
             }
 
@@ -566,7 +567,7 @@ public function testSetTooManyCookies()
                 ->with(
                     new Phrase('Unable to send the cookie. Maximum number of cookies would be exceeded.'),
                     [
-                        'cookies' => $_COOKIE,
+                        'cookies' => array_keys($_COOKIE),
                         'user-agent' => $userAgent
                     ]
                 );
@@ -615,7 +616,7 @@ private static function assertDeleteCookie(
         ) {
             self::assertEquals(self::DELETE_COOKIE_NAME, $name);
             self::assertEquals('', $value);
-            self::assertEquals($expiry, PhpCookieManager::EXPIRE_NOW_TIME);
+            self::assertEquals($expiry, self::EXPIRE_NOW_TIME);
             self::assertFalse($secure);
             self::assertFalse($httpOnly);
             self::assertEquals('magento.url', $domain);
@@ -641,7 +642,7 @@ private static function assertDeleteCookieWithNoMetadata(
         ) {
             self::assertEquals(self::DELETE_COOKIE_NAME_NO_METADATA, $name);
             self::assertEquals('', $value);
-            self::assertEquals($expiry, PhpCookieManager::EXPIRE_NOW_TIME);
+            self::assertEquals($expiry, self::EXPIRE_NOW_TIME);
             self::assertFalse($secure);
             self::assertFalse($httpOnly);
             self::assertEquals('', $domain);
@@ -667,7 +668,7 @@ private static function assertSensitiveCookieWithNoMetaDataHttps(
         ) {
             self::assertEquals(self::SENSITIVE_COOKIE_NAME_NO_METADATA_HTTPS, $name);
             self::assertEquals(self::COOKIE_VALUE, $value);
-            self::assertEquals(PhpCookieManager::EXPIRE_AT_END_OF_SESSION_TIME, $expiry);
+            self::assertEquals(self::EXPIRE_AT_END_OF_SESSION_TIME, $expiry);
             self::assertTrue($secure);
             self::assertTrue($httpOnly);
             self::assertEquals('', $domain);
@@ -693,7 +694,7 @@ private static function assertSensitiveCookieWithNoMetaDataNotHttps(
         ) {
             self::assertEquals(self::SENSITIVE_COOKIE_NAME_NO_METADATA_NOT_HTTPS, $name);
             self::assertEquals(self::COOKIE_VALUE, $value);
-            self::assertEquals(PhpCookieManager::EXPIRE_AT_END_OF_SESSION_TIME, $expiry);
+            self::assertEquals(self::EXPIRE_AT_END_OF_SESSION_TIME, $expiry);
             self::assertFalse($secure);
             self::assertTrue($httpOnly);
             self::assertEquals('', $domain);
@@ -719,7 +720,7 @@ private static function assertSensitiveCookieNoDomainNoPath(
         ) {
             self::assertEquals(self::SENSITIVE_COOKIE_NAME_NO_DOMAIN_NO_PATH, $name);
             self::assertEquals(self::COOKIE_VALUE, $value);
-            self::assertEquals(PhpCookieManager::EXPIRE_AT_END_OF_SESSION_TIME, $expiry);
+            self::assertEquals(self::EXPIRE_AT_END_OF_SESSION_TIME, $expiry);
             self::assertTrue($secure);
             self::assertTrue($httpOnly);
             self::assertEquals('', $domain);
@@ -745,7 +746,7 @@ private static function assertSensitiveCookieWithDomainAndPath(
         ) {
             self::assertEquals(self::SENSITIVE_COOKIE_NAME_WITH_DOMAIN_AND_PATH, $name);
             self::assertEquals(self::COOKIE_VALUE, $value);
-            self::assertEquals(PhpCookieManager::EXPIRE_AT_END_OF_SESSION_TIME, $expiry);
+            self::assertEquals(self::EXPIRE_AT_END_OF_SESSION_TIME, $expiry);
             self::assertFalse($secure);
             self::assertTrue($httpOnly);
             self::assertEquals('magento.url', $domain);
@@ -797,7 +798,7 @@ private static function assertPublicCookieWithNoDomainNoPath(
         ) {
             self::assertEquals(self::PUBLIC_COOKIE_NAME_NO_METADATA, $name);
             self::assertEquals(self::COOKIE_VALUE, $value);
-            self::assertEquals(PhpCookieManager::EXPIRE_AT_END_OF_SESSION_TIME, $expiry);
+            self::assertEquals(self::EXPIRE_AT_END_OF_SESSION_TIME, $expiry);
             self::assertTrue($secure);
             self::assertTrue($httpOnly);
             self::assertEquals('magento.url', $domain);
