Plus signs in cookie data get converted to space.
Danack opened this issue · 1 comments
Danack commented
Bug Report
Plus signs in cookie values are converted to spaces.
Q | A |
---|---|
Version(s) | 2.24.0 but also the latest version. |
My reading of rfc6265 is that plus signs:
cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
as the plus sign is a %2B
Summary
Plus signs in cookie values are converted to spaces.
Current behavior
The function parseCookieHeader does a urldecode on the values here, and so the plus sign is converted to a space.
How to reproduce
$data = "john=12345; plus_sign=plus+sign";
$result = parseCookieHeader($data);
var_dump($data, $result);
Expected behavior
As the plus sign is apparently a valid cookie character, it should be passed through unchanged.
Not sure how you could change this without a large BC break...
btw, probably relevant
https://bugs.php.net/bug.php?id=78929