summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--main/php_variables.c35
-rw-r--r--tests/basic/bug78929.phpt16
2 files changed, 33 insertions, 18 deletions
diff --git a/main/php_variables.c b/main/php_variables.c
index d540ff98ac..826b3bcfa5 100644
--- a/main/php_variables.c
+++ b/main/php_variables.c
@@ -477,6 +477,9 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data)
var = php_strtok_r(res, separator, &strtok_buf);
while (var) {
+ size_t val_len;
+ size_t new_val_len;
+
val = strchr(var, '=');
if (arg == PARSE_COOKIE) {
@@ -495,29 +498,25 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data)
}
if (val) { /* have a value */
- size_t val_len;
- size_t new_val_len;
*val++ = '\0';
- php_url_decode(var, strlen(var));
- val_len = php_url_decode(val, strlen(val));
- val = estrndup(val, val_len);
- if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len)) {
- php_register_variable_safe(var, val, new_val_len, &array);
+
+ if (arg == PARSE_COOKIE) {
+ val_len = php_raw_url_decode(val, strlen(val));
+ } else {
+ val_len = php_url_decode(val, strlen(val));
}
- efree(val);
} else {
- size_t val_len;
- size_t new_val_len;
-
- php_url_decode(var, strlen(var));
- val_len = 0;
- val = estrndup("", val_len);
- if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len)) {
- php_register_variable_safe(var, val, new_val_len, &array);
- }
- efree(val);
+ val = "";
+ val_len = 0;
+ }
+
+ val = estrndup(val, val_len);
+ php_url_decode(var, strlen(var));
+ if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len)) {
+ php_register_variable_safe(var, val, new_val_len, &array);
}
+ efree(val);
next_cookie:
var = php_strtok_r(NULL, separator, &strtok_buf);
}
diff --git a/tests/basic/bug78929.phpt b/tests/basic/bug78929.phpt
new file mode 100644
index 0000000000..60b71d1f8f
--- /dev/null
+++ b/tests/basic/bug78929.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Bug #78929 (plus signs in cookie values are converted to spaces)
+--INI--
+max_input_vars=1000
+filter.default=unsafe_raw
+--COOKIE--
+RFC6265=#$%&'()*+-./0123456789<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~!
+--FILE--
+<?php
+var_dump($_COOKIE);
+?>
+--EXPECT--
+array(1) {
+ ["RFC6265"]=>
+ string(89) "#$%&'()*+-./0123456789<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~!"
+}
View Lorry Controller Status