ID: 35523
Comment by: judas at dotgeek dot org
Reported By: bugs dot php dot net at honeypot-1 dot dnsalias dot
net
Status: Open
Bug Type: HTTP related
Operating System: Linux 2.4
PHP Version: 4.4.1
New Comment:
Also reproducible using PHP 5.1.2-dev (latest CVS)
Previous Comments:
------------------------------------------------------------------------
[2005-12-02 17:04:54] bugs dot php dot net at honeypot-1 dot dnsalias
dot net
Description:
------------
As far as I know (Netscape specification) cookies are allowed to
contain the '+'-character. Up to and including PHP 4.4.0 this is the
way they were handled. But with PHP 4.4.1 pluses in the cookie value
are replaced by a single space, like in values of GET-parameters.
Reproduce code:
---------------
// run twice
header('Set-Cookie: my_cookie=ABC+DEF');
phpinfo();
Expected result:
----------------
// as up to 4.4.0
_REQUEST['my_cookie'] == 'ABC+DEF';
_COOKIE['my_cookie'] == 'ABC+DEF';
_SERVER["HTTP_COOKIE"] == 'my_cookie=ABC+DEF';
Actual result:
--------------
_REQUEST['my_cookie'] == 'ABC DEF';
_COOKIE['my_cookie'] == 'ABC DEF';
_SERVER["HTTP_COOKIE"] == 'my_cookie=ABC+DEF';
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=35523&edit=1
