Merge branch '4.4' into 5.0

nicolas-grekas · nicolas-grekas · commit 2da08283c33c · 2020-03-23T13:42:46.000+01:00
* 4.4:
  [Http Foundation] Fix clear cookie samesite
  [Security] Check if firewall is stateless before checking for session/previous session
  [Form] Support customized intl php.ini settings
  [Security] Remember me: allow to set the samesite cookie flag
  [Debug] fix for PHP 7.3.16+/7.4.4+
  [Validator] Backport translations
  [Mailer] Use %d instead of %s for error code in error messages
  [HttpKernel] fix locking for PHP 7.4+
  [Security] Fixed hardcoded value of SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE
  Prevent warning in proc_open()
  [FrameworkBundle] Fix Router Cache
  Fix deprecation messages
diff --git a/ResponseHeaderBag.php b/ResponseHeaderBag.php
@@ -239,9 +239,9 @@ public function getCookies(string $format = self::COOKIES_FLAT)
     /**
      * Clears a cookie in the browser.
      */
-    public function clearCookie(string $name, ?string $path = '/', string $domain = null, bool $secure = false, bool $httpOnly = true)
+    public function clearCookie(string $name, ?string $path = '/', string $domain = null, bool $secure = false, bool $httpOnly = true, string $sameSite = null)
     {
-        $this->setCookie(new Cookie($name, null, 1, $path, $domain, $secure, $httpOnly, false, null));
+        $this->setCookie(new Cookie($name, null, 1, $path, $domain, $secure, $httpOnly, false, $sameSite));
     }
 
     /**
diff --git a/Tests/ResponseHeaderBagTest.php b/Tests/ResponseHeaderBagTest.php
@@ -128,6 +128,14 @@ public function testClearCookieSecureNotHttpOnly()
         $this->assertSetCookieHeader('foo=deleted; expires='.gmdate('D, d-M-Y H:i:s T', time() - 31536001).'; Max-Age=0; path=/; secure', $bag);
     }
 
+    public function testClearCookieSamesite()
+    {
+        $bag = new ResponseHeaderBag([]);
+
+        $bag->clearCookie('foo', '/', null, true, false, 'none');
+        $this->assertSetCookieHeader('foo=deleted; expires='.gmdate('D, d-M-Y H:i:s T', time() - 31536001).'; Max-Age=0; path=/; secure; samesite=none', $bag);
+    }
+
     public function testReplace()
     {
         $bag = new ResponseHeaderBag([]);

Original file line number	Diff line number	Diff line change
`@@ -239,9 +239,9 @@ public function getCookies(string $format = self::COOKIES_FLAT)`
`239`	`239`	`/**`
`240`	`240`	`* Clears a cookie in the browser.`
`241`	`241`	`*/`
`242`		`- public function clearCookie(string $name, ?string $path = '/', string $domain = null, bool $secure = false, bool $httpOnly = true)`
	`242`	`+ public function clearCookie(string $name, ?string $path = '/', string $domain = null, bool $secure = false, bool $httpOnly = true, string $sameSite = null)`
`243`	`243`	`{`
`244`		`- $this->setCookie(new Cookie($name, null, 1, $path, $domain, $secure, $httpOnly, false, null));`
	`244`	`+ $this->setCookie(new Cookie($name, null, 1, $path, $domain, $secure, $httpOnly, false, $sameSite));`
`245`	`245`	`}`
`246`	`246`
`247`	`247`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -128,6 +128,14 @@ public function testClearCookieSecureNotHttpOnly()`
`128`	`128`	`$this->assertSetCookieHeader('foo=deleted; expires='.gmdate('D, d-M-Y H:i:s T', time() - 31536001).'; Max-Age=0; path=/; secure', $bag);`
`129`	`129`	`}`
`130`	`130`
	`131`	`+ public function testClearCookieSamesite()`
	`132`	`+ {`
	`133`	`+ $bag = new ResponseHeaderBag([]);`
	`134`	`+`
	`135`	`+ $bag->clearCookie('foo', '/', null, true, false, 'none');`
	`136`	`+ $this->assertSetCookieHeader('foo=deleted; expires='.gmdate('D, d-M-Y H:i:s T', time() - 31536001).'; Max-Age=0; path=/; secure; samesite=none', $bag);`
	`137`	`+ }`
	`138`	`+`
`131`	`139`	`public function testReplace()`
`132`	`140`	`{`
`133`	`141`	`$bag = new ResponseHeaderBag([]);`