PHP :: Bug #79174 :: setcookie() encodes space as `+`, but $

Bug #79174

setcookie() encodes space as `+`, but $_COOKIE no longer decodes them

Submitted:

2020-01-27 15:14 UTC

Modified:

2020-01-28 14:39 UTC

Votes:	1
Avg. Score:	4.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

bjorsch at wikimedia dot org

Assigned:

cmb (profile)

Status:

Closed

Package:

URL related

PHP Version:

7.4.2

OS:

Irrelevant

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	bjorsch at wikimedia dot org
New email:
PHP Version:		OS:

New Comment:

[2020-01-27 15:14 UTC] bjorsch at wikimedia dot org

Description:
------------
http://git.php.net/?p=php-src.git;a=commit;h=79376ab209f61be03bbf8c1b6177c18261767da8 fixed #78929 by changing the cookie decoding logic to use php_raw_url_decode() rather than php_url_decode(). Unfortunately, it didn't change php_setcookie() to match.

This results in cookie values with spaces failing to round-trip.

Test script:
---------------
You already have a test illustrating this behavior at  https://git.php.net/?p=php-src.git;a=blob;f=ext/standard/tests/network/setcookie.phpt;h=d41bed01f4e9e3866817ef9e3c6aff10dd575ed5;hb=79376ab209f61be03bbf8c1b6177c18261767da8

See lines 10 and 27.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2020-01-27 16:04 UTC] nikic@php.net

-Assigned To: +Assigned To: cmb

[2020-01-28 14:30 UTC] cmb@php.net

Related To: Bug #78929

[2020-01-28 14:38 UTC] cmb@php.net

Automatic comment on behalf of cmbecker69@gmx.de
Revision: http://git.php.net/?p=php-src.git;a=commit;h=addc3c92f2956b4efea9d78f34262403adc393ad
Log: Fix #79174: cookie values with spaces fail to round-trip

[2020-01-28 14:38 UTC] cmb@php.net

-Status: Assigned +Status: Closed

[2020-01-28 14:39 UTC] cmb@php.net

The fix for this bug has been committed.
If you are still experiencing this bug, try to check out latest source from https://github.com/php/php-src and re-test.
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Apr 20 08:01:30 2024 UTC