Strip port from cookie domain

Cookies are set per host regardless of the domain as per RFC 6265

diff --git a/wcfsetup/install/files/lib/util/HeaderUtil.class.php b/wcfsetup/install/files/lib/util/HeaderUtil.class.php
index 5ca4c8ac7e10798c0e20614c8e017d6aff54370a..9469f103f3fded7972de83208f4d45b9d90ef153 100644 (file)
--- a/wcfsetup/install/files/lib/util/HeaderUtil.class.php
+++ b/wcfsetup/install/files/lib/util/HeaderUtil.class.php
@@ -43,8 +43,12 @@ final class HeaderUtil {
        public static function setCookie($name, $value = '', $expire = 0) {
                $application = ApplicationHandler::getInstance()->getActiveApplication();
                $addDomain = (mb_strpos($application->cookieDomain, '.') === false || StringUtil::endsWith($application->cookieDomain, '.lan') || StringUtil::endsWith($application->cookieDomain, '.local')) ? false : true;
+               $cookieDomain = $application->cookieDomain;
+               if ($addDomain && strpos($cookieDomain, ':') !== false) {
+                       $cookieDomain = explode(':', $cookieDomain, 2)[0];
+               }
                
-               @header('Set-Cookie: '.rawurlencode(COOKIE_PREFIX.$name).'='.rawurlencode($value).($expire ? '; expires='.gmdate('D, d-M-Y H:i:s', $expire).' GMT; max-age='.($expire - TIME_NOW) : '').'; path=/'.($addDomain ? '; domain='.$application->cookieDomain : '').(RouteHandler::secureConnection() ? '; secure' : '').'; HttpOnly', false);
+               @header('Set-Cookie: '.rawurlencode(COOKIE_PREFIX.$name).'='.rawurlencode($value).($expire ? '; expires='.gmdate('D, d-M-Y H:i:s', $expire).' GMT; max-age='.($expire - TIME_NOW) : '').'; path=/'.($addDomain ? '; domain='.$cookieDomain : '').(RouteHandler::secureConnection() ? '; secure' : '').'; HttpOnly', false);
        }
        
        /**