Plus signs in cookie data get converted to space. #165

Danack · 2023-06-14T21:36:11Z

Bug Report

Plus signs in cookie values are converted to spaces.

Q	A
Version(s)	2.24.0 but also the latest version.

My reading of rfc6265 is that plus signs:

cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E

as the plus sign is a %2B

Summary

Plus signs in cookie values are converted to spaces.

Current behavior

The function parseCookieHeader does a urldecode on the values here, and so the plus sign is converted to a space.

How to reproduce

$data = "john=12345; plus_sign=plus+sign";
$result = parseCookieHeader($data);
var_dump($data, $result);

Expected behavior

As the plus sign is apparently a valid cookie character, it should be passed through unchanged.

Not sure how you could change this without a large BC break...

btw, probably relevant
https://bugs.php.net/bug.php?id=78929

…ros#165.

Danack added the Bug Something isn't working label Jun 14, 2023

Danack added a commit to Danack/AdvancedSessionManagement that referenced this issue Jun 14, 2023

Hack for plus signs being converted to plusses laminas/laminas-diacto…

9c84672

…ros#165.

Danack mentioned this issue Jun 26, 2023

HTML canvas as base64 to PNG giving CRC error Imagick/imagick#620

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Plus signs in cookie data get converted to space. #165

Plus signs in cookie data get converted to space. #165

Danack commented Jun 14, 2023 •

edited

Plus signs in cookie data get converted to space. #165

Plus signs in cookie data get converted to space. #165

Comments

Danack commented Jun 14, 2023 • edited

Bug Report

Summary

Current behavior

How to reproduce

Expected behavior

Danack commented Jun 14, 2023 •

edited