From bb9db21af137344feffa192fcabe4e439c8b0f60 Mon Sep 17 00:00:00 2001 From: Taylor Otwell Date: Mon, 27 Jul 2020 10:03:22 -0500 Subject: [PATCH 1/2] fix cookie issues --- src/Illuminate/Cookie/Middleware/EncryptCookies.php | 4 ++-- src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php | 2 +- .../Foundation/Testing/Concerns/MakesHttpRequests.php | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/Illuminate/Cookie/Middleware/EncryptCookies.php b/src/Illuminate/Cookie/Middleware/EncryptCookies.php index 0fe5e3222c62..160b9e1fd8c4 100644 --- a/src/Illuminate/Cookie/Middleware/EncryptCookies.php +++ b/src/Illuminate/Cookie/Middleware/EncryptCookies.php @@ -83,7 +83,7 @@ protected function decrypt(Request $request) $value = $this->decryptCookie($key, $cookie); $request->cookies->set( - $key, strpos($value, sha1($key).'|') !== 0 ? null : substr($value, 41) + $key, strpos($value, sha1($key.'v2').'|') !== 0 ? null : substr($value, 41) ); } catch (DecryptException $e) { $request->cookies->set($key, null); @@ -142,7 +142,7 @@ protected function encrypt(Response $response) $response->headers->setCookie($this->duplicate( $cookie, $this->encrypter->encrypt( - sha1($cookie->getName()).'|'.$cookie->getValue(), + sha1($cookie->getName().'v2').'|'.$cookie->getValue(), static::serialized($cookie->getName()) ) )); diff --git a/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php b/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php index 0f24357e20fc..186ee20d719d 100644 --- a/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php +++ b/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php @@ -151,7 +151,7 @@ protected function getTokenFromRequest($request) $token = $request->input('_token') ?: $request->header('X-CSRF-TOKEN'); if (! $token && $header = $request->header('X-XSRF-TOKEN')) { - $token = $this->encrypter->decrypt($header, static::serialized()); + $token = substr($this->encrypter->decrypt($header, static::serialized()), 41); } return $token; diff --git a/src/Illuminate/Foundation/Testing/Concerns/MakesHttpRequests.php b/src/Illuminate/Foundation/Testing/Concerns/MakesHttpRequests.php index 3aa10c4288b7..275616a49f2b 100644 --- a/src/Illuminate/Foundation/Testing/Concerns/MakesHttpRequests.php +++ b/src/Illuminate/Foundation/Testing/Concerns/MakesHttpRequests.php @@ -560,8 +560,8 @@ protected function prepareCookiesForRequest() return array_merge($this->defaultCookies, $this->unencryptedCookies); } - return collect($this->defaultCookies)->map(function ($value) { - return encrypt($value, false); + return collect($this->defaultCookies)->map(function ($value, $key) { + return encrypt(sha1($key.'v2').'|'.$value, false); })->merge($this->unencryptedCookies)->all(); } From 3c13945b8d50ad3b0657d9b8a21bfd74b7ec65c3 Mon Sep 17 00:00:00 2001 From: Taylor Otwell Date: Mon, 27 Jul 2020 10:04:41 -0500 Subject: [PATCH 2/2] version --- src/Illuminate/Foundation/Application.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Illuminate/Foundation/Application.php b/src/Illuminate/Foundation/Application.php index 3c942c3b3607..b842fada78cf 100755 --- a/src/Illuminate/Foundation/Application.php +++ b/src/Illuminate/Foundation/Application.php @@ -31,7 +31,7 @@ class Application extends Container implements ApplicationContract, HttpKernelIn * * @var string */ - const VERSION = '6.18.27'; + const VERSION = '6.18.28'; /** * The base path for the Laravel installation.