php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Doc Bug #33688 Promoting possible insecure coding practices
Submitted: 2005-07-13 23:54 UTC Modified: 2005-07-14 12:18 UTC
From: sesser@php.net Assigned:
Status: Closed Package: Documentation problem
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: sesser@php.net
New email:
PHP Version: OS:

 

 [2005-07-13 23:54 UTC] sesser@php.net 
Description:
------------
In the setcookie() description there is the following paragraph:

Cookies names can be set as array names and will be available to your PHP scripts as arrays but separate cookies are stored on the users system. Consider explode() or serialize() to set one cookie with multiple names and values.

This should be fixed according to the example below...

Reproduce code:
---------------
---

Expected result:
----------------
Cookies names can be set as array names and will be available to your PHP scripts as arrays but separate cookies are stored on the users system. Consider explode() to set one cookie with multiple names and values. It is not recommended to use serialize() for this purpose, because it can result in security holes.

Actual result:
--------------
Cookies names can be set as array names and will be available to your PHP scripts as arrays but separate cookies are stored on the users system. Consider explode() or serialize() to set one cookie with multiple names and values.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-07-14 12:18 UTC] vrana@php.net 
This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.

Thank you for the report, and for helping us make our documentation better.

"Consider explode() to set one cookie with multiple names and values. It is not recommended to use serialize() for this purpose, because it can result in security holes."
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Wed Jun 26 02:01:29 2024 UTC