Edit File by line

<?php

[0] Fix | Delete

/**

[1] Fix | Delete

* Cookie storage object

[2] Fix | Delete

[3] Fix | Delete

* @package Requests\Cookies

[4] Fix | Delete

[5] Fix | Delete

[6] Fix | Delete

namespace WpOrg\Requests;

[7] Fix | Delete

[8] Fix | Delete

use WpOrg\Requests\Exception\InvalidArgument;

[9] Fix | Delete

use WpOrg\Requests\Iri;

[10] Fix | Delete

use WpOrg\Requests\Response\Headers;

[11] Fix | Delete

use WpOrg\Requests\Utility\CaseInsensitiveDictionary;

[12] Fix | Delete

use WpOrg\Requests\Utility\InputValidator;

[13] Fix | Delete

[14] Fix | Delete

/**

[15] Fix | Delete

* Cookie storage object

[16] Fix | Delete

[17] Fix | Delete

* @package Requests\Cookies

[18] Fix | Delete

[19] Fix | Delete

class Cookie {

[20] Fix | Delete

/**

[21] Fix | Delete

* Cookie name.

[22] Fix | Delete

[23] Fix | Delete

* @var string

[24] Fix | Delete

[25] Fix | Delete

public $name;

[26] Fix | Delete

[27] Fix | Delete

/**

[28] Fix | Delete

* Cookie value.

[29] Fix | Delete

[30] Fix | Delete

* @var string

[31] Fix | Delete

[32] Fix | Delete

public $value;

[33] Fix | Delete

[34] Fix | Delete

/**

[35] Fix | Delete

* Cookie attributes

[36] Fix | Delete

[37] Fix | Delete

* Valid keys are `'path'`, `'domain'`, `'expires'`, `'max-age'`, `'secure'` and

[38] Fix | Delete

* `'httponly'`.

[39] Fix | Delete

[40] Fix | Delete

* @var \WpOrg\Requests\Utility\CaseInsensitiveDictionary|array Array-like object

[41] Fix | Delete

[42] Fix | Delete

public $attributes = [];

[43] Fix | Delete

[44] Fix | Delete

/**

[45] Fix | Delete

* Cookie flags

[46] Fix | Delete

[47] Fix | Delete

* Valid keys are `'creation'`, `'last-access'`, `'persistent'` and `'host-only'`.

[48] Fix | Delete

[49] Fix | Delete

* @var array

[50] Fix | Delete

[51] Fix | Delete

public $flags = [];

[52] Fix | Delete

[53] Fix | Delete

/**

[54] Fix | Delete

* Reference time for relative calculations

[55] Fix | Delete

[56] Fix | Delete

* This is used in place of `time()` when calculating Max-Age expiration and

[57] Fix | Delete

* checking time validity.

[58] Fix | Delete

[59] Fix | Delete

* @var int

[60] Fix | Delete

[61] Fix | Delete

public $reference_time = 0;

[62] Fix | Delete

[63] Fix | Delete

/**

[64] Fix | Delete

* Create a new cookie object

[65] Fix | Delete

[66] Fix | Delete

* @param string $name The name of the cookie.

[67] Fix | Delete

* @param string $value The value for the cookie.

[68] Fix | Delete

* @param array|\WpOrg\Requests\Utility\CaseInsensitiveDictionary $attributes Associative array of attribute data

[69] Fix | Delete

* @param array $flags The flags for the cookie.

[70] Fix | Delete

* Valid keys are `'creation'`, `'last-access'`,

[71] Fix | Delete

* `'persistent'` and `'host-only'`.

[72] Fix | Delete

* @param int|null $reference_time Reference time for relative calculations.

[73] Fix | Delete

[74] Fix | Delete

* @throws \WpOrg\Requests\Exception\InvalidArgument When the passed $name argument is not a string.

[75] Fix | Delete

* @throws \WpOrg\Requests\Exception\InvalidArgument When the passed $value argument is not a string.

[76] Fix | Delete

* @throws \WpOrg\Requests\Exception\InvalidArgument When the passed $attributes argument is not an array or iterable object with array access.

[77] Fix | Delete

* @throws \WpOrg\Requests\Exception\InvalidArgument When the passed $flags argument is not an array.

[78] Fix | Delete

* @throws \WpOrg\Requests\Exception\InvalidArgument When the passed $reference_time argument is not an integer or null.

[79] Fix | Delete

[80] Fix | Delete

public function __construct($name, $value, $attributes = [], $flags = [], $reference_time = null) {

[81] Fix | Delete

if (is_string($name) === false) {

[82] Fix | Delete

throw InvalidArgument::create(1, '$name', 'string', gettype($name));

[83] Fix | Delete

}

[84] Fix | Delete

[85] Fix | Delete

if (is_string($value) === false) {

[86] Fix | Delete

throw InvalidArgument::create(2, '$value', 'string', gettype($value));

[87] Fix | Delete

}

[88] Fix | Delete

[89] Fix | Delete

if (InputValidator::has_array_access($attributes) === false || InputValidator::is_iterable($attributes) === false) {

[90] Fix | Delete

throw InvalidArgument::create(3, '$attributes', 'array|ArrayAccess&Traversable', gettype($attributes));

[91] Fix | Delete

}

[92] Fix | Delete

[93] Fix | Delete

if (is_array($flags) === false) {

[94] Fix | Delete

throw InvalidArgument::create(4, '$flags', 'array', gettype($flags));

[95] Fix | Delete

}

[96] Fix | Delete

[97] Fix | Delete

if ($reference_time !== null && is_int($reference_time) === false) {

[98] Fix | Delete

throw InvalidArgument::create(5, '$reference_time', 'integer|null', gettype($reference_time));

[99] Fix | Delete

}

[100] Fix | Delete

[101] Fix | Delete

$this->name = $name;

[102] Fix | Delete

$this->value = $value;

[103] Fix | Delete

$this->attributes = $attributes;

[104] Fix | Delete

$default_flags = [

[105] Fix | Delete

'creation' => time(),

[106] Fix | Delete

'last-access' => time(),

[107] Fix | Delete

'persistent' => false,

[108] Fix | Delete

'host-only' => true,

[109] Fix | Delete

];

[110] Fix | Delete

$this->flags = array_merge($default_flags, $flags);

[111] Fix | Delete

[112] Fix | Delete

$this->reference_time = time();

[113] Fix | Delete

if ($reference_time !== null) {

[114] Fix | Delete

$this->reference_time = $reference_time;

[115] Fix | Delete

}

[116] Fix | Delete

[117] Fix | Delete

$this->normalize();

[118] Fix | Delete

}

[119] Fix | Delete

[120] Fix | Delete

/**

[121] Fix | Delete

* Get the cookie value

[122] Fix | Delete

[123] Fix | Delete

* Attributes and other data can be accessed via methods.

[124] Fix | Delete

[125] Fix | Delete

public function __toString() {

[126] Fix | Delete

return $this->value;

[127] Fix | Delete

}

[128] Fix | Delete

[129] Fix | Delete

/**

[130] Fix | Delete

* Check if a cookie is expired.

[131] Fix | Delete

[132] Fix | Delete

* Checks the age against $this->reference_time to determine if the cookie

[133] Fix | Delete

* is expired.

[134] Fix | Delete

[135] Fix | Delete

* @return boolean True if expired, false if time is valid.

[136] Fix | Delete

[137] Fix | Delete

public function is_expired() {

[138] Fix | Delete

// RFC6265, s. 4.1.2.2:

[139] Fix | Delete

// If a cookie has both the Max-Age and the Expires attribute, the Max-

[140] Fix | Delete

// Age attribute has precedence and controls the expiration date of the

[141] Fix | Delete

// cookie.

[142] Fix | Delete

if (isset($this->attributes['max-age'])) {

[143] Fix | Delete

$max_age = $this->attributes['max-age'];

[144] Fix | Delete

return $max_age < $this->reference_time;

[145] Fix | Delete

}

[146] Fix | Delete

[147] Fix | Delete

if (isset($this->attributes['expires'])) {

[148] Fix | Delete

$expires = $this->attributes['expires'];

[149] Fix | Delete

return $expires < $this->reference_time;

[150] Fix | Delete

}

[151] Fix | Delete

[152] Fix | Delete

return false;

[153] Fix | Delete

}

[154] Fix | Delete

[155] Fix | Delete

/**

[156] Fix | Delete

* Check if a cookie is valid for a given URI

[157] Fix | Delete

[158] Fix | Delete

* @param \WpOrg\Requests\Iri $uri URI to check

[159] Fix | Delete

* @return boolean Whether the cookie is valid for the given URI

[160] Fix | Delete

[161] Fix | Delete

public function uri_matches(Iri $uri) {

[162] Fix | Delete

if (!$this->domain_matches($uri->host)) {

[163] Fix | Delete

return false;

[164] Fix | Delete

}

[165] Fix | Delete

[166] Fix | Delete

if (!$this->path_matches($uri->path)) {

[167] Fix | Delete

return false;

[168] Fix | Delete

}

[169] Fix | Delete

[170] Fix | Delete

return empty($this->attributes['secure']) || $uri->scheme === 'https';

[171] Fix | Delete

}

[172] Fix | Delete

[173] Fix | Delete

/**

[174] Fix | Delete

* Check if a cookie is valid for a given domain

[175] Fix | Delete

[176] Fix | Delete

* @param string $domain Domain to check

[177] Fix | Delete

* @return boolean Whether the cookie is valid for the given domain

[178] Fix | Delete

[179] Fix | Delete

public function domain_matches($domain) {

[180] Fix | Delete

if (is_string($domain) === false) {

[181] Fix | Delete

return false;

[182] Fix | Delete

}

[183] Fix | Delete

[184] Fix | Delete

if (!isset($this->attributes['domain'])) {

[185] Fix | Delete

// Cookies created manually; cookies created by Requests will set

[186] Fix | Delete

// the domain to the requested domain

[187] Fix | Delete

return true;

[188] Fix | Delete

}

[189] Fix | Delete

[190] Fix | Delete

$cookie_domain = $this->attributes['domain'];

[191] Fix | Delete

if ($cookie_domain === $domain) {

[192] Fix | Delete

// The cookie domain and the passed domain are identical.

[193] Fix | Delete

return true;

[194] Fix | Delete

}

[195] Fix | Delete

[196] Fix | Delete

// If the cookie is marked as host-only and we don't have an exact

[197] Fix | Delete

// match, reject the cookie

[198] Fix | Delete

if ($this->flags['host-only'] === true) {

[199] Fix | Delete

return false;

[200] Fix | Delete

}

[201] Fix | Delete

[202] Fix | Delete

if (strlen($domain) <= strlen($cookie_domain)) {

[203] Fix | Delete

// For obvious reasons, the cookie domain cannot be a suffix if the passed domain

[204] Fix | Delete

// is shorter than the cookie domain

[205] Fix | Delete

return false;

[206] Fix | Delete

}

[207] Fix | Delete

[208] Fix | Delete

if (substr($domain, -1 * strlen($cookie_domain)) !== $cookie_domain) {

[209] Fix | Delete

// The cookie domain should be a suffix of the passed domain.

[210] Fix | Delete

return false;

[211] Fix | Delete

}

[212] Fix | Delete

[213] Fix | Delete

$prefix = substr($domain, 0, strlen($domain) - strlen($cookie_domain));

[214] Fix | Delete

if (substr($prefix, -1) !== '.') {

[215] Fix | Delete

// The last character of the passed domain that is not included in the

[216] Fix | Delete

// domain string should be a %x2E (".") character.

[217] Fix | Delete

return false;

[218] Fix | Delete

}

[219] Fix | Delete

[220] Fix | Delete

// The passed domain should be a host name (i.e., not an IP address).

[221] Fix | Delete

return !preg_match('#^(.+\.)\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$#', $domain);

[222] Fix | Delete

}

[223] Fix | Delete

[224] Fix | Delete

/**

[225] Fix | Delete

* Check if a cookie is valid for a given path

[226] Fix | Delete

[227] Fix | Delete

* From the path-match check in RFC 6265 section 5.1.4

[228] Fix | Delete

[229] Fix | Delete

* @param string $request_path Path to check

[230] Fix | Delete

* @return boolean Whether the cookie is valid for the given path

[231] Fix | Delete

[232] Fix | Delete

public function path_matches($request_path) {

[233] Fix | Delete

if (empty($request_path)) {

[234] Fix | Delete

// Normalize empty path to root

[235] Fix | Delete

$request_path = '/';

[236] Fix | Delete

}

[237] Fix | Delete

[238] Fix | Delete

if (!isset($this->attributes['path'])) {

[239] Fix | Delete

// Cookies created manually; cookies created by Requests will set

[240] Fix | Delete

// the path to the requested path

[241] Fix | Delete

return true;

[242] Fix | Delete

}

[243] Fix | Delete

[244] Fix | Delete

if (is_scalar($request_path) === false) {

[245] Fix | Delete

return false;

[246] Fix | Delete

}

[247] Fix | Delete

[248] Fix | Delete

$cookie_path = $this->attributes['path'];

[249] Fix | Delete

[250] Fix | Delete

if ($cookie_path === $request_path) {

[251] Fix | Delete

// The cookie-path and the request-path are identical.

[252] Fix | Delete

return true;

[253] Fix | Delete

}

[254] Fix | Delete

[255] Fix | Delete

if (strlen($request_path) > strlen($cookie_path) && substr($request_path, 0, strlen($cookie_path)) === $cookie_path) {

[256] Fix | Delete

if (substr($cookie_path, -1) === '/') {

[257] Fix | Delete

// The cookie-path is a prefix of the request-path, and the last

[258] Fix | Delete

// character of the cookie-path is %x2F ("/").

[259] Fix | Delete

return true;

[260] Fix | Delete

}

[261] Fix | Delete

[262] Fix | Delete

if (substr($request_path, strlen($cookie_path), 1) === '/') {

[263] Fix | Delete

// The cookie-path is a prefix of the request-path, and the

[264] Fix | Delete

// first character of the request-path that is not included in

[265] Fix | Delete

// the cookie-path is a %x2F ("/") character.

[266] Fix | Delete

return true;

[267] Fix | Delete

}

[268] Fix | Delete

}

[269] Fix | Delete

[270] Fix | Delete

return false;

[271] Fix | Delete

}

[272] Fix | Delete

[273] Fix | Delete

/**

[274] Fix | Delete

* Normalize cookie and attributes

[275] Fix | Delete

[276] Fix | Delete

* @return boolean Whether the cookie was successfully normalized

[277] Fix | Delete

[278] Fix | Delete

public function normalize() {

[279] Fix | Delete

foreach ($this->attributes as $key => $value) {

[280] Fix | Delete

$orig_value = $value;

[281] Fix | Delete

[282] Fix | Delete

if (is_string($key)) {

[283] Fix | Delete

$value = $this->normalize_attribute($key, $value);

[284] Fix | Delete

}

[285] Fix | Delete

[286] Fix | Delete

if ($value === null) {

[287] Fix | Delete

unset($this->attributes[$key]);

[288] Fix | Delete

continue;

[289] Fix | Delete

}

[290] Fix | Delete

[291] Fix | Delete

if ($value !== $orig_value) {

[292] Fix | Delete

$this->attributes[$key] = $value;

[293] Fix | Delete

}

[294] Fix | Delete

}

[295] Fix | Delete

[296] Fix | Delete

return true;

[297] Fix | Delete

}

[298] Fix | Delete

[299] Fix | Delete

/**

[300] Fix | Delete

* Parse an individual cookie attribute

[301] Fix | Delete

[302] Fix | Delete

* Handles parsing individual attributes from the cookie values.

[303] Fix | Delete

[304] Fix | Delete

* @param string $name Attribute name

[305] Fix | Delete

* @param string|int|bool $value Attribute value (string/integer value, or true if empty/flag)

[306] Fix | Delete

* @return mixed Value if available, or null if the attribute value is invalid (and should be skipped)

[307] Fix | Delete

[308] Fix | Delete

protected function normalize_attribute($name, $value) {

[309] Fix | Delete

switch (strtolower($name)) {

[310] Fix | Delete

case 'expires':

[311] Fix | Delete

// Expiration parsing, as per RFC 6265 section 5.2.1

[312] Fix | Delete

if (is_int($value)) {

[313] Fix | Delete

return $value;

[314] Fix | Delete

}

[315] Fix | Delete

[316] Fix | Delete

$expiry_time = strtotime($value);

[317] Fix | Delete

if ($expiry_time === false) {

[318] Fix | Delete

return null;

[319] Fix | Delete

}

[320] Fix | Delete

[321] Fix | Delete

return $expiry_time;

[322] Fix | Delete

[323] Fix | Delete

case 'max-age':

[324] Fix | Delete

// Expiration parsing, as per RFC 6265 section 5.2.2

[325] Fix | Delete

if (is_int($value)) {

[326] Fix | Delete

return $value;

[327] Fix | Delete

}

[328] Fix | Delete

[329] Fix | Delete

// Check that we have a valid age

[330] Fix | Delete

if (!preg_match('/^-?\d+$/', $value)) {

[331] Fix | Delete

return null;

[332] Fix | Delete

}

[333] Fix | Delete

[334] Fix | Delete

$delta_seconds = (int) $value;

[335] Fix | Delete

if ($delta_seconds <= 0) {

[336] Fix | Delete

$expiry_time = 0;

[337] Fix | Delete

} else {

[338] Fix | Delete

$expiry_time = $this->reference_time + $delta_seconds;

[339] Fix | Delete

}

[340] Fix | Delete

[341] Fix | Delete

return $expiry_time;

[342] Fix | Delete

[343] Fix | Delete

case 'domain':

[344] Fix | Delete

// Domains are not required as per RFC 6265 section 5.2.3

[345] Fix | Delete

if (empty($value)) {

[346] Fix | Delete

return null;

[347] Fix | Delete

}

[348] Fix | Delete

[349] Fix | Delete

// Domain normalization, as per RFC 6265 section 5.2.3

[350] Fix | Delete

if ($value[0] === '.') {

[351] Fix | Delete

$value = substr($value, 1);

[352] Fix | Delete

}

[353] Fix | Delete

[354] Fix | Delete

return $value;

[355] Fix | Delete

[356] Fix | Delete

default:

[357] Fix | Delete

return $value;

[358] Fix | Delete

}

[359] Fix | Delete

}

[360] Fix | Delete

[361] Fix | Delete

/**

[362] Fix | Delete

* Format a cookie for a Cookie header

[363] Fix | Delete

[364] Fix | Delete

* This is used when sending cookies to a server.

[365] Fix | Delete

[366] Fix | Delete

* @return string Cookie formatted for Cookie header

[367] Fix | Delete

[368] Fix | Delete

public function format_for_header() {

[369] Fix | Delete

return sprintf('%s=%s', $this->name, $this->value);

[370] Fix | Delete

}

[371] Fix | Delete

[372] Fix | Delete

/**

[373] Fix | Delete

* Format a cookie for a Set-Cookie header

[374] Fix | Delete

[375] Fix | Delete

* This is used when sending cookies to clients. This isn't really

[376] Fix | Delete

* applicable to client-side usage, but might be handy for debugging.

[377] Fix | Delete

[378] Fix | Delete

* @return string Cookie formatted for Set-Cookie header

[379] Fix | Delete

[380] Fix | Delete

public function format_for_set_cookie() {

[381] Fix | Delete

$header_value = $this->format_for_header();

[382] Fix | Delete

if (!empty($this->attributes)) {

[383] Fix | Delete

$parts = [];

[384] Fix | Delete

foreach ($this->attributes as $key => $value) {

[385] Fix | Delete

// Ignore non-associative attributes

[386] Fix | Delete

if (is_numeric($key)) {

[387] Fix | Delete

$parts[] = $value;

[388] Fix | Delete

} else {

[389] Fix | Delete

$parts[] = sprintf('%s=%s', $key, $value);

[390] Fix | Delete

}

[391] Fix | Delete

}

[392] Fix | Delete

[393] Fix | Delete

$header_value .= '; ' . implode('; ', $parts);

[394] Fix | Delete

}

[395] Fix | Delete

[396] Fix | Delete

return $header_value;

[397] Fix | Delete

}

[398] Fix | Delete

[399] Fix | Delete

/**

[400] Fix | Delete

* Parse a cookie string into a cookie object

[401] Fix | Delete

[402] Fix | Delete

* Based on Mozilla's parsing code in Firefox and related projects, which

[403] Fix | Delete

* is an intentional deviation from RFC 2109 and RFC 2616. RFC 6265

[404] Fix | Delete

* specifies some of this handling, but not in a thorough manner.

[405] Fix | Delete

[406] Fix | Delete

* @param string $cookie_header Cookie header value (from a Set-Cookie header)

[407] Fix | Delete

* @param string $name

[408] Fix | Delete

* @param int|null $reference_time

[409] Fix | Delete

* @return \WpOrg\Requests\Cookie Parsed cookie object

[410] Fix | Delete

[411] Fix | Delete

* @throws \WpOrg\Requests\Exception\InvalidArgument When the passed $cookie_header argument is not a string.

[412] Fix | Delete

* @throws \WpOrg\Requests\Exception\InvalidArgument When the passed $name argument is not a string.

[413] Fix | Delete

[414] Fix | Delete

public static function parse($cookie_header, $name = '', $reference_time = null) {

[415] Fix | Delete

if (is_string($cookie_header) === false) {

[416] Fix | Delete

throw InvalidArgument::create(1, '$cookie_header', 'string', gettype($cookie_header));

[417] Fix | Delete

}

[418] Fix | Delete

[419] Fix | Delete

if (is_string($name) === false) {

[420] Fix | Delete

throw InvalidArgument::create(2, '$name', 'string', gettype($name));

[421] Fix | Delete

}

[422] Fix | Delete

[423] Fix | Delete

$parts = explode(';', $cookie_header);

[424] Fix | Delete

$kvparts = array_shift($parts);

[425] Fix | Delete

[426] Fix | Delete

if (!empty($name)) {

[427] Fix | Delete

$value = $cookie_header;

[428] Fix | Delete

} elseif (strpos($kvparts, '=') === false) {

[429] Fix | Delete

// Some sites might only have a value without the equals separator.

[430] Fix | Delete

// Deviate from RFC 6265 and pretend it was actually a blank name

[431] Fix | Delete

// (`=foo`)

[432] Fix | Delete

[433] Fix | Delete

// https://bugzilla.mozilla.org/show_bug.cgi?id=169091

[434] Fix | Delete

$name = '';

[435] Fix | Delete

$value = $kvparts;

[436] Fix | Delete

} else {

[437] Fix | Delete

list($name, $value) = explode('=', $kvparts, 2);

[438] Fix | Delete

}

[439] Fix | Delete

[440] Fix | Delete

$name = trim($name);

[441] Fix | Delete

$value = trim($value);

[442] Fix | Delete

[443] Fix | Delete

// Attribute keys are handled case-insensitively

[444] Fix | Delete

$attributes = new CaseInsensitiveDictionary();

[445] Fix | Delete

[446] Fix | Delete

if (!empty($parts)) {

[447] Fix | Delete

foreach ($parts as $part) {

[448] Fix | Delete

if (strpos($part, '=') === false) {

[449] Fix | Delete

$part_key = $part;

[450] Fix | Delete

$part_value = true;

[451] Fix | Delete

} else {

[452] Fix | Delete

list($part_key, $part_value) = explode('=', $part, 2);

[453] Fix | Delete

$part_value = trim($part_value);

[454] Fix | Delete

}

[455] Fix | Delete

[456] Fix | Delete

$part_key = trim($part_key);

[457] Fix | Delete

$attributes[$part_key] = $part_value;

[458] Fix | Delete

}

[459] Fix | Delete

}

[460] Fix | Delete

[461] Fix | Delete

return new static($name, $value, $attributes, [], $reference_time);

[462] Fix | Delete

}

[463] Fix | Delete

[464] Fix | Delete

/**

[465] Fix | Delete

* Parse all Set-Cookie headers from request headers

[466] Fix | Delete

[467] Fix | Delete

* @param \WpOrg\Requests\Response\Headers $headers Headers to parse from

[468] Fix | Delete

* @param \WpOrg\Requests\Iri|null $origin URI for comparing cookie origins

[469] Fix | Delete

* @param int|null $time Reference time for expiration calculation

[470] Fix | Delete

* @return array

[471] Fix | Delete

[472] Fix | Delete

* @throws \WpOrg\Requests\Exception\InvalidArgument When the passed $origin argument is not null or an instance of the Iri class.

[473] Fix | Delete

[474] Fix | Delete

public static function parse_from_headers(Headers $headers, $origin = null, $time = null) {

[475] Fix | Delete

$cookie_headers = $headers->getValues('Set-Cookie');

[476] Fix | Delete

if (empty($cookie_headers)) {

[477] Fix | Delete

return [];

[478] Fix | Delete

}

[479] Fix | Delete

[480] Fix | Delete

if ($origin !== null && !($origin instanceof Iri)) {

[481] Fix | Delete

throw InvalidArgument::create(2, '$origin', Iri::class . ' or null', gettype($origin));

[482] Fix | Delete

}

[483] Fix | Delete

[484] Fix | Delete

$cookies = [];

[485] Fix | Delete

foreach ($cookie_headers as $header) {

[486] Fix | Delete

$parsed = self::parse($header, '', $time);

[487] Fix | Delete

[488] Fix | Delete

// Default domain/path attributes

[489] Fix | Delete

if (empty($parsed->attributes['domain']) && !empty($origin)) {

[490] Fix | Delete

$parsed->attributes['domain'] = $origin->host;

[491] Fix | Delete

$parsed->flags['host-only'] = true;

[492] Fix | Delete

} else {

[493] Fix | Delete

$parsed->flags['host-only'] = false;

[494] Fix | Delete

}

[495] Fix | Delete

[496] Fix | Delete

$path_is_valid = (!empty($parsed->attributes['path']) && $parsed->attributes['path'][0] === '/');

[497] Fix | Delete

if (!$path_is_valid && !empty($origin)) {

[498] Fix | Delete

$path = $origin->path;

[499] Fix | Delete