summaryrefslogtreecommitdiffstats
path: root/Http/RememberMe/AbstractRememberMeServices.php
diff options
context:
space:
mode:
Diffstat (limited to 'Http/RememberMe/AbstractRememberMeServices.php')
-rw-r--r--Http/RememberMe/AbstractRememberMeServices.php8
1 files changed, 8 insertions, 0 deletions
diff --git a/Http/RememberMe/AbstractRememberMeServices.php b/Http/RememberMe/AbstractRememberMeServices.php
index b14e36d..16f7831 100644
--- a/Http/RememberMe/AbstractRememberMeServices.php
+++ b/Http/RememberMe/AbstractRememberMeServices.php
@@ -268,9 +268,17 @@ abstract class AbstractRememberMeServices implements RememberMeServicesInterface
* @param array $cookieParts
*
* @return string
+ *
+ * @throws \InvalidArgumentException When $cookieParts contain the cookie delimiter. Extending class should either remove or escape it.
*/
protected function encodeCookie(array $cookieParts)
{
+ foreach ($cookieParts as $cookiePart) {
+ if (false !== strpos($cookiePart, self::COOKIE_DELIMITER)) {
+ throw new \InvalidArgumentException(sprintf('$cookieParts should not contain the cookie delimiter "%s"', self::COOKIE_DELIMITER));
+ }
+ }
+
return base64_encode(implode(self::COOKIE_DELIMITER, $cookieParts));
}
generated by cgit v1.1 at 2025-05-11 23:13:02 +0000