php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #77407 Cookie name not parsed correctly
Submitted: 2019-01-03 16:48 UTC Modified: 2019-01-04 11:52 UTC
From: devosc at gmail dot com Assigned:
Status: Suspended Package: *Programming Data Structures
PHP Version: next OS:
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: devosc at gmail dot com
New email:
PHP Version: OS:

 

 [2019-01-03 16:48 UTC] devosc at gmail dot com
Description:
------------
"PHP will replace special characters in cookie names, which results in other cookies not being available due to overwriting. Thus, the server request should take the cookies from the request header instead."

https://github.com/zendframework/zend-diactoros/blob/master/src/functions/parse_cookie_header.php

It seems like this should be fixed in PHP itself, as this is the purpose of having the super global $_COOKIE.



Test script:
---------------
setcookie('foo.bar', 'foobar');

Expected result:
----------------
$_COOKIE = [ 'foo.bar' => 'foobar']

Actual result:
--------------
$_COOKIE = [ 'foo_bar' => 'foobar']

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-01-04 11:52 UTC] cmb@php.net
-Status: Open +Status: Suspended -Type: Bug +Type: Feature/Change Request -PHP Version: 7.3.0 +PHP Version: next
 [2019-01-04 11:52 UTC] cmb@php.net
This is intended and well documented[1] behavior, coming from the
old times where request parameters (could) have been registered as
PHP variables.  Changing the behavior would now technically be
possible, but due to the BC break, this needs discussion on
internals@, and likely the RFC process[2].  Feel free to start it;
for the time being I'm suspending this ticket.

[1] <http://php.net/manual/en/language.variables.external.php#language.variables.external.dot-in-names>
[2] <https://wiki.php.net/rfc/howto>
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Wed Oct 23 01:01:32 2019 UTC