[Security] TokenBasedRememberMeServices test to show why encoding username is required

MacDada · fabpot · commit 6671cc506fde · 2015-05-21T06:29:39.000+02:00
diff --git a/RememberMe/TokenBasedRememberMeServices.php b/RememberMe/TokenBasedRememberMeServices.php
@@ -125,6 +125,8 @@ protected function onLoginSuccess(Request $request, Response $response, TokenInt
      */
     protected function generateCookieValue($class, $username, $expires, $password)
     {
+        // $username is encoded because it might contain COOKIE_DELIMITER,
+        // we assume other values don't
         return $this->encodeCookie(array(
             $class,
             base64_encode($username),

Original file line number	Diff line number	Diff line change
`@@ -125,6 +125,8 @@ protected function onLoginSuccess(Request $request, Response $response, TokenInt`
`125`	`125`	`*/`
`126`	`126`	`protected function generateCookieValue($class, $username, $expires, $password)`
`127`	`127`	`{`
	`128`	`+ // $username is encoded because it might contain COOKIE_DELIMITER,`
	`129`	`+ // we assume other values don't`
`128`	`130`	`return $this->encodeCookie(array(`
`129`	`131`	`$class,`
`130`	`132`	`base64_encode($username),`