adjust cookie serialization

taylorotwell · taylorotwell · commit 240d904606a1 · 2018-08-07T08:02:09.000-10:00
diff --git a/src/Illuminate/Cookie/Middleware/EncryptCookies.php b/src/Illuminate/Cookie/Middleware/EncryptCookies.php
@@ -30,7 +30,7 @@ class EncryptCookies
      *
      * @var bool
      */
-    protected $serialize = false;
+    protected static $serialize = false;
 
     /**
      * Create a new CookieGuard instance.
@@ -100,7 +100,7 @@ protected function decryptCookie($name, $cookie)
     {
         return is_array($cookie)
                         ? $this->decryptArray($cookie)
-                        : $this->encrypter->decrypt($cookie, $this->serialize);
+                        : $this->encrypter->decrypt($cookie, static::serialized($name));
     }
 
     /**
@@ -115,7 +115,7 @@ protected function decryptArray(array $cookie)
 
         foreach ($cookie as $key => $value) {
             if (is_string($value)) {
-                $decrypted[$key] = $this->encrypter->decrypt($value, $this->serialize);
+                $decrypted[$key] = $this->encrypter->decrypt($value, static::serialized($key));
             }
         }
 
@@ -136,7 +136,7 @@ protected function encrypt(Response $response)
             }
 
             $response->headers->setCookie($this->duplicate(
-                $cookie, $this->encrypter->encrypt($cookie->getValue(), $this->serialize)
+                $cookie, $this->encrypter->encrypt($cookie->getValue(), static::serialized($cookie->getName()))
             ));
         }
 
@@ -169,4 +169,15 @@ public function isDisabled($name)
     {
         return in_array($name, $this->except);
     }
+
+    /**
+     * Determine if the cookie contents should be serialized.
+     *
+     * @param  string  $name
+     * @return bool
+     */
+    public static function serialized($name)
+    {
+        return static::$serialize;
+    }
 }
diff --git a/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php b/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php
@@ -8,6 +8,7 @@
 use Symfony\Component\HttpFoundation\Cookie;
 use Illuminate\Contracts\Encryption\Encrypter;
 use Illuminate\Session\TokenMismatchException;
+use Illuminate\Cookie\Middleware\EncryptCookies;
 
 class VerifyCsrfToken
 {
@@ -138,7 +139,7 @@ protected function getTokenFromRequest($request)
         $token = $request->input('_token') ?: $request->header('X-CSRF-TOKEN');
 
         if (! $token && $header = $request->header('X-XSRF-TOKEN')) {
-            $token = $this->encrypter->decrypt($header, false);
+            $token = $this->encrypter->decrypt($header, static::serialized());
         }
 
         return $token;
@@ -164,4 +165,14 @@ protected function addCookieToResponse($request, $response)
 
         return $response;
     }
+
+    /**
+     * Determine if the cookie contents should be serialized.
+     *
+     * @return bool
+     */
+    public static function serialized()
+    {
+        return EncryptCookies::serialized('XSRF-TOKEN');
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,7 @@ class EncryptCookies`
`30`	`30`	`*`
`31`	`31`	`* @var bool`
`32`	`32`	`*/`
`33`		`- protected $serialize = false;`
	`33`	`+ protected static $serialize = false;`
`34`	`34`
`35`	`35`	`/**`
`36`	`36`	`* Create a new CookieGuard instance.`
`@@ -100,7 +100,7 @@ protected function decryptCookie($name, $cookie)`
`100`	`100`	`{`
`101`	`101`	`return is_array($cookie)`
`102`	`102`	`? $this->decryptArray($cookie)`
`103`		`- : $this->encrypter->decrypt($cookie, $this->serialize);`
	`103`	`+ : $this->encrypter->decrypt($cookie, static::serialized($name));`
`104`	`104`	`}`
`105`	`105`
`106`	`106`	`/**`
`@@ -115,7 +115,7 @@ protected function decryptArray(array $cookie)`
`115`	`115`
`116`	`116`	`foreach ($cookie as $key => $value) {`
`117`	`117`	`if (is_string($value)) {`
`118`		`- $decrypted[$key] = $this->encrypter->decrypt($value, $this->serialize);`
	`118`	`+ $decrypted[$key] = $this->encrypter->decrypt($value, static::serialized($key));`
`119`	`119`	`}`
`120`	`120`	`}`
`121`	`121`
`@@ -136,7 +136,7 @@ protected function encrypt(Response $response)`
`136`	`136`	`}`
`137`	`137`
`138`	`138`	`$response->headers->setCookie($this->duplicate(`
`139`		`- $cookie, $this->encrypter->encrypt($cookie->getValue(), $this->serialize)`
	`139`	`+ $cookie, $this->encrypter->encrypt($cookie->getValue(), static::serialized($cookie->getName()))`
`140`	`140`	`));`
`141`	`141`	`}`
`142`	`142`
`@@ -169,4 +169,15 @@ public function isDisabled($name)`
`169`	`169`	`{`
`170`	`170`	`return in_array($name, $this->except);`
`171`	`171`	`}`
	`172`	`+`
	`173`	`+ /**`
	`174`	`+ * Determine if the cookie contents should be serialized.`
	`175`	`+ *`
	`176`	`+ * @param string $name`
	`177`	`+ * @return bool`
	`178`	`+ */`
	`179`	`+ public static function serialized($name)`
	`180`	`+ {`
	`181`	`+ return static::$serialize;`
	`182`	`+ }`
`172`	`183`	`}`