1--TEST-- 2Bug #69948 (path/domain are not sanitized for special characters in setcookie) 3--FILE-- 4<?php 5try { 6 var_dump(setcookie('foo', 'bar', 0, 'asdf;asdf')); 7} catch (\ValueError $e) { 8 echo $e->getMessage() . \PHP_EOL; 9} 10try { 11 var_dump(setcookie('foo', 'bar', 0, '/', 'foobar; secure')); 12} catch (\ValueError $e) { 13 echo $e->getMessage() . \PHP_EOL; 14} 15 16?> 17===DONE=== 18--EXPECTHEADERS-- 19--EXPECT-- 20setcookie(): "path" option cannot contain ",", ";", " ", "\t", "\r", "\n", "\013", or "\014" 21setcookie(): "domain" option cannot contain ",", ";", " ", "\t", "\r", "\n", "\013", or "\014" 22===DONE=== 23
