php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79174 setcookie() encodes space as `+`, but $_COOKIE no longer decodes them
Submitted: 2020-01-27 15:14 UTC Modified: 2020-01-28 14:39 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: bjorsch at wikimedia dot org Assigned: cmb (profile)
Status: Closed Package: URL related
PHP Version: 7.4.2 OS: Irrelevant
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: bjorsch at wikimedia dot org
New email:
PHP Version: OS:

 

 [2020-01-27 15:14 UTC] bjorsch at wikimedia dot org
Description:
------------
http://git.php.net/?p=php-src.git;a=commit;h=79376ab209f61be03bbf8c1b6177c18261767da8 fixed #78929 by changing the cookie decoding logic to use php_raw_url_decode() rather than php_url_decode(). Unfortunately, it didn't change php_setcookie() to match.

This results in cookie values with spaces failing to round-trip.

Test script:
---------------
You already have a test illustrating this behavior at  https://git.php.net/?p=php-src.git;a=blob;f=ext/standard/tests/network/setcookie.phpt;h=d41bed01f4e9e3866817ef9e3c6aff10dd575ed5;hb=79376ab209f61be03bbf8c1b6177c18261767da8

See lines 10 and 27.


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-01-27 16:04 UTC] nikic@php.net
-Assigned To: +Assigned To: cmb
 [2020-01-28 14:38 UTC] cmb@php.net
Automatic comment on behalf of cmbecker69@gmx.de
Revision: http://git.php.net/?p=php-src.git;a=commit;h=addc3c92f2956b4efea9d78f34262403adc393ad
Log: Fix #79174: cookie values with spaces fail to round-trip
 [2020-01-28 14:38 UTC] cmb@php.net
-Status: Assigned +Status: Closed
 [2020-01-28 14:39 UTC] cmb@php.net
The fix for this bug has been committed.
If you are still experiencing this bug, try to check out latest source from https://github.com/php/php-src and re-test.
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Nov 11 04:01:27 2024 UTC