[Bug 876974] New: CGI::header() does not escape new lines in cookie value

bugzilla Thu, 15 Nov 2012 04:40:47 -0800

Product: Fedora
https://bugzilla.redhat.com/show_bug.cgi?id=876974


            Bug ID: 876974
           Summary: CGI::header() does not escape new lines in cookie
                    value
           Product: Fedora
           Version: 17
         Component: perl-CGI
          Severity: high
          Priority: unspecified
          Reporter: ppi...@redhat.com
              Type: Bug

$ cat test
#!/usr/bin/perl
use strict;
use warnings;
use CGI qw/header/;

print header(
   -cookie => [ "foo\nbar\nbaz", ],
   -p3p    => [ "foo\nbar\nbaz", ],
);

$ ./test
P3P: policyref="/w3c/p3p.xml", CP="foo
bar
baz"
Set-Cookie: foo
bar
baz
Date: Thu, 15 Nov 2012 12:23:39 GMT
Content-Type: text/html; charset=ISO-8859-1

Fixed in upstream CGI-3.63.

F<19 are affected.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
perl-devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/perl-devel

[Bug 876974] New: CGI::header() does not escape new lines in cookie value

Reply via email to