Allow for empty cookie $name when checking for validity

WordPress · Jun 3, 2024 · 873b93e · 873b93e
1 parent bd7cb69
commit 873b93e
Showing 1 changed file with 13 additions and 6 deletions.
diff --git a/src/Cookie.php b/src/Cookie.php
@@ -82,7 +82,7 @@ class Cookie {
 	 * @throws \WpOrg\Requests\Exception\InvalidArgument When the passed $reference_time argument is not an integer or null.
 	 */
 	public function __construct($name, $value, $attributes = [], $flags = [], $reference_time = null) {
-		if (InputValidator::is_valid_rfc2616_token($name) === false) {
+		if ($name !== '' && InputValidator::is_valid_rfc2616_token($name) === false) {
 			throw InvalidArgument::create(1, '$name', 'integer|string and conform to RFC 2616', gettype($name));
 		}
 
@@ -439,29 +439,36 @@ public static function parse($cookie_header, $name = '', $reference_time = null)
 			throw InvalidArgument::create(1, '$cookie_header', 'string', gettype($cookie_header));
 		}
 
-		if (InputValidator::is_valid_rfc2616_token($name) === false) {
+		if (is_string($name)) {
+			$name = trim($name);
+		}
+
+		if ($name !== '' && InputValidator::is_valid_rfc2616_token($name) === false) {
 			throw InvalidArgument::create(2, '$name', 'integer|string and conform to RFC 2616', gettype($name));
 		}
 
 		$parts   = explode(';', $cookie_header);
 		$kvparts = array_shift($parts);
 
 		if (!empty($name)) {
-			$value = $cookie_header;
+			$value = trim($cookie_header);
 		} elseif (strpos($kvparts, '=') === false) {
 			// Some sites might only have a value without the equals separator.
 			// Deviate from RFC 6265 and pretend it was actually a blank name
 			// (`=foo`)
 			//
 			// https://bugzilla.mozilla.org/show_bug.cgi?id=169091
 			$name  = '';
-			$value = $kvparts;
+			$value = trim($kvparts);
 		} else {
 			list($name, $value) = explode('=', $kvparts, 2);
+			$name               = trim($name);
+			$value              = trim($value);
 		}
 
-		$name  = trim($name);
-		$value = trim($value);
+		if ($name !== '' && InputValidator::is_valid_rfc2616_token($name) === false) {
+			throw InvalidArgument::create(2, '$name', 'integer|string and conform to RFC 2616', gettype($name));
+		}
 
 		// Attribute keys are handled case-insensitively
 		$attributes = new CaseInsensitiveDictionary();