mirror of
https://github.com/php/php-src.git
synced 2024-09-21 09:57:23 +00:00
Fix #78929: plus signs in cookie values are converted to spaces
We switch the cookie value parsing function from `php_url_decode()` to `php_raw_url_decode()`, so that cookie values are now parsed according to RFC 6265, section 4.1.1. We also refactor to remove duplicate code without changing the execution flow.
This commit is contained in:
parent
be89a5c7f1
commit
79376ab209
4
NEWS
4
NEWS
@ -3,6 +3,10 @@ PHP NEWS
|
||||
|
||||
?? ??? ????, PHP 7.4.2
|
||||
|
||||
- Core:
|
||||
. Fixed bug #78929 (plus signs in cookie values are converted to spaces).
|
||||
(Alexey Kachalin)
|
||||
|
||||
- OPcache:
|
||||
. Fixed bug #78950 (Preloading trait method with static variables). (Nikita)
|
||||
|
||||
|
@ -479,6 +479,9 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data)
|
||||
var = php_strtok_r(res, separator, &strtok_buf);
|
||||
|
||||
while (var) {
|
||||
size_t val_len;
|
||||
size_t new_val_len;
|
||||
|
||||
val = strchr(var, '=');
|
||||
|
||||
if (arg == PARSE_COOKIE) {
|
||||
@ -497,29 +500,25 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data)
|
||||
}
|
||||
|
||||
if (val) { /* have a value */
|
||||
size_t val_len;
|
||||
size_t new_val_len;
|
||||
|
||||
*val++ = '\0';
|
||||
php_url_decode(var, strlen(var));
|
||||
val_len = php_url_decode(val, strlen(val));
|
||||
val = estrndup(val, val_len);
|
||||
if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len)) {
|
||||
php_register_variable_safe(var, val, new_val_len, &array);
|
||||
}
|
||||
efree(val);
|
||||
} else {
|
||||
size_t val_len;
|
||||
size_t new_val_len;
|
||||
|
||||
php_url_decode(var, strlen(var));
|
||||
val_len = 0;
|
||||
val = estrndup("", val_len);
|
||||
if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len)) {
|
||||
php_register_variable_safe(var, val, new_val_len, &array);
|
||||
if (arg == PARSE_COOKIE) {
|
||||
val_len = php_raw_url_decode(val, strlen(val));
|
||||
} else {
|
||||
val_len = php_url_decode(val, strlen(val));
|
||||
}
|
||||
efree(val);
|
||||
} else {
|
||||
val = "";
|
||||
val_len = 0;
|
||||
}
|
||||
|
||||
val = estrndup(val, val_len);
|
||||
php_url_decode(var, strlen(var));
|
||||
if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len)) {
|
||||
php_register_variable_safe(var, val, new_val_len, &array);
|
||||
}
|
||||
efree(val);
|
||||
next_cookie:
|
||||
var = php_strtok_r(NULL, separator, &strtok_buf);
|
||||
}
|
||||
|
16
tests/basic/bug78929.phpt
Normal file
16
tests/basic/bug78929.phpt
Normal file
@ -0,0 +1,16 @@
|
||||
--TEST--
|
||||
Bug #78929 (plus signs in cookie values are converted to spaces)
|
||||
--INI--
|
||||
max_input_vars=1000
|
||||
filter.default=unsafe_raw
|
||||
--COOKIE--
|
||||
RFC6265=#$%&'()*+-./0123456789<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~!
|
||||
--FILE--
|
||||
<?php
|
||||
var_dump($_COOKIE);
|
||||
?>
|
||||
--EXPECT--
|
||||
array(1) {
|
||||
["RFC6265"]=>
|
||||
string(89) "#$%&'()*+-./0123456789<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~!"
|
||||
}
|
Loading…
Reference in New Issue
Block a user