Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Plus signs in cookie data get converted to space. #165

Closed
Danack opened this issue Jun 14, 2023 · 1 comment · Fixed by #193
Closed

Plus signs in cookie data get converted to space. #165

Danack opened this issue Jun 14, 2023 · 1 comment · Fixed by #193
Labels
Bug Something isn't working
Milestone
3.4.0

Comments

@Danack
Copy link

Danack commented Jun 14, 2023
edited
Loading

Bug Report

Plus signs in cookie values are converted to spaces.

Q A
Version(s) 2.24.0 but also the latest version.

My reading of rfc6265 is that plus signs:

cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E

as the plus sign is a %2B

Summary

Plus signs in cookie values are converted to spaces.

Current behavior

The function parseCookieHeader does a urldecode on the values here, and so the plus sign is converted to a space.

How to reproduce

$data = "john=12345; plus_sign=plus+sign";
$result = parseCookieHeader($data);
var_dump($data, $result);

Expected behavior

As the plus sign is apparently a valid cookie character, it should be passed through unchanged.

Not sure how you could change this without a large BC break...

btw, probably relevant
https://bugs.php.net/bug.php?id=78929
@Danack Danack added the Bug Something isn't working label Jun 14, 2023
Danack added a commit to Danack/AdvancedSessionManagement that referenced this issue Jun 14, 2023
@Danack
Hack for plus signs being converted to plusses laminas/laminas-diacto…
9c84672 
…ros#165.
@Danack Danack mentioned this issue Jun 26, 2023
Open
@Xerkus Xerkus added this to the 3.4.0 milestone Sep 10, 2024
@Xerkus Xerkus linked a pull request Sep 10, 2024 that will close this issue
Fix cookie parsing from headers in server request factory using globals. #193
Merged
@Xerkus
Copy link
Member

Xerkus commented Sep 10, 2024

@Danack thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Something isn't working
Projects
None yet
Milestone
3.4.0
Development

Successfully merging a pull request may close this issue.

Fix cookie parsing from headers in server request factory using globals. Xerkus/laminas-diactoros
2 participants
@Xerkus @Danack