php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #19697 mcrypt and cookies
Submitted: 2002-10-01 14:58 UTC Modified: 2002-10-02 13:32 UTC
From: avillarm at terra dot es Assigned:
Status: Not a bug Package: mcrypt related
PHP Version: 4.2.2 OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: avillarm at terra dot es
New email:
PHP Version: OS:

 

 [2002-10-01 14:58 UTC] avillarm at terra dot es
I use the rijndael-256 encryption.

I think that there is a bug with this time of encryption or the cookies. Yesterday I got an error when I saved the IV to a cookie. The correct value should be "????|??'ds?A??懲?5؃A???qYbI;?" but when I save the IV value to a cookie and then display it, I shows "????|??\'ds?A??懲?5؃A???qYbI;?". That are 33 chars, not 32. Why that "\"?

I don't know if this a PHP problem, a mcrypt problem, a rijndael-256 encryption bug, or a limitation of the cookies.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-10-01 15:00 UTC] avillarm at terra dot es
I use the rijndael-256 encryption.

I think that there is a bug with this type of encryption or the cookies.
Yesterday I got an error when I saved the IV to a cookie. The correct
value should be "????|??'ds?A??懲?5؃A???qYbI;?" but when I save the
IV value to a cookie and then display it, I shows
"????|??\'ds?A??懲?5؃A???qYbI;?". That are 33 chars, not 32. Why that
"\"?

I don't know if this a PHP problem, a mcrypt problem, a rijndael-256
encryption bug, or a limitation of the cookies.
 [2002-10-01 15:01 UTC] derick@php.net
Sorry, but the bug system is not the appropriate forum for asking
support questions. Your problem does not imply a bug in PHP itself.
For a list of more appropriate places to ask for help using PHP,
please visit http://www.php.net/support.php

Thank you for your interest in PHP.

You shouldn't store binary data into cookies, use base64_encode() or similiar. Also, that slash was most likely added because you have something like magic_quotes set to on in php.ini
 [2002-10-01 15:01 UTC] avillarm at terra dot es
Sorry, the only change in the bug report was: "type=time".
 [2002-10-01 15:04 UTC] avillarm at terra dot es
Ok, thanks.
 [2002-10-01 15:05 UTC] iliaa@php.net
Sorry, but the bug system is not the appropriate forum for asking
support questions. Your problem does not imply a bug in PHP itself.
For a list of more appropriate places to ask for help using PHP,
please visit http://www.php.net/support.php

Thank you for your interest in PHP.

cookies are not binary safe. Use base64_encode() function to encode them if you wish to prevent data corruption.
 [2002-10-02 13:10 UTC] avillarm at terra dot es
Ok, used the base64_encode and it works :)
 [2002-10-02 13:32 UTC] sander@php.net
User error -> bogus
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 14:01:29 2024 UTC