php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #77407 Cookie name not parsed correctly
Submitted: 2019-01-03 16:48 UTC Modified: 2019-01-04 11:52 UTC
From: devosc at gmail dot com Assigned:
Status: Suspended Package: *Programming Data Structures
PHP Version: next OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: devosc at gmail dot com
New email:
PHP Version: OS:

 

 [2019-01-03 16:48 UTC] devosc at gmail dot com
Description:
------------
"PHP will replace special characters in cookie names, which results in other cookies not being available due to overwriting. Thus, the server request should take the cookies from the request header instead."

https://github.com/zendframework/zend-diactoros/blob/master/src/functions/parse_cookie_header.php

It seems like this should be fixed in PHP itself, as this is the purpose of having the super global $_COOKIE.



Test script:
---------------
setcookie('foo.bar', 'foobar');

Expected result:
----------------
$_COOKIE = [ 'foo.bar' => 'foobar']

Actual result:
--------------
$_COOKIE = [ 'foo_bar' => 'foobar']

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-01-04 11:52 UTC] cmb@php.net
-Status: Open +Status: Suspended -Type: Bug +Type: Feature/Change Request -PHP Version: 7.3.0 +PHP Version: next
 [2019-01-04 11:52 UTC] cmb@php.net
This is intended and well documented[1] behavior, coming from the
old times where request parameters (could) have been registered as
PHP variables.  Changing the behavior would now technically be
possible, but due to the BC break, this needs discussion on
internals@, and likely the RFC process[2].  Feel free to start it;
for the time being I'm suspending this ticket.

[1] <http://php.net/manual/en/language.variables.external.php#language.variables.external.dot-in-names>
[2] <https://wiki.php.net/rfc/howto>
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 07:01:29 2024 UTC