Skip to content

Commit 4c5a178

Browse files
cmb69cmb69
committed
Merge branch 'PHP-7.4'
* PHP-7.4: Fix #78929: plus signs in cookie values are converted to spaces
2 parents beee92a + 79376ab commit 4c5a178

File tree

2 files changed

+33
-18
lines changed

2 files changed

+33
-18
lines changed

main/php_variables.c

Lines changed: 17 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -477,6 +477,9 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data)
477477
var = php_strtok_r(res, separator, &strtok_buf);
478478

479479
while (var) {
480+
size_t val_len;
481+
size_t new_val_len;
482+
480483
val = strchr(var, '=');
481484

482485
if (arg == PARSE_COOKIE) {
@@ -495,29 +498,25 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data)
495498
}
496499

497500
if (val) { /* have a value */
498-
size_t val_len;
499-
size_t new_val_len;
500501

501502
*val++ = '\0';
502-
php_url_decode(var, strlen(var));
503-
val_len = php_url_decode(val, strlen(val));
504-
val = estrndup(val, val_len);
505-
if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len)) {
506-
php_register_variable_safe(var, val, new_val_len, &array);
503+
504+
if (arg == PARSE_COOKIE) {
505+
val_len = php_raw_url_decode(val, strlen(val));
506+
} else {
507+
val_len = php_url_decode(val, strlen(val));
507508
}
508-
efree(val);
509509
} else {
510-
size_t val_len;
511-
size_t new_val_len;
512-
513-
php_url_decode(var, strlen(var));
514-
val_len = 0;
515-
val = estrndup("", val_len);
516-
if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len)) {
517-
php_register_variable_safe(var, val, new_val_len, &array);
518-
}
519-
efree(val);
510+
val = "";
511+
val_len = 0;
512+
}
513+
514+
val = estrndup(val, val_len);
515+
php_url_decode(var, strlen(var));
516+
if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len)) {
517+
php_register_variable_safe(var, val, new_val_len, &array);
520518
}
519+
efree(val);
521520
next_cookie:
522521
var = php_strtok_r(NULL, separator, &strtok_buf);
523522
}

tests/basic/bug78929.phpt

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
--TEST--
2+
Bug #78929 (plus signs in cookie values are converted to spaces)
3+
--INI--
4+
max_input_vars=1000
5+
filter.default=unsafe_raw
6+
--COOKIE--
7+
RFC6265=#$%&'()*+-./0123456789<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~!
8+
--FILE--
9+
<?php
10+
var_dump($_COOKIE);
11+
?>
12+
--EXPECT--
13+
array(1) {
14+
["RFC6265"]=>
15+
string(89) "#$%&'()*+-./0123456789<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~!"
16+
}

0 commit comments

Comments
 (0)