From: a dot candle at gmail dot com Operating system: slackware/debian PHP version: 5.2.5 PHP Bug Type: Unknown/Other Function Bug description: Multiple 'Cookie: ' headers incorrectly parsed
Description: ------------ When a client sends multiple 'Cookie' headers they appear to be parsed incorrectly. What I believe is happening is that the value part of the cookie headers (after the ': ') are being concaternated with a comma rather then a semicolon. Then (as per the cookie spec: http://wp.netscape.com/newsref/std/cookie_spec.html) the resulting string is being split on semicolon, resulting in the broken cookie values. Reproduce code: --------------- php code: <?php setcookie("a", "aaaa"); setcookie("b", "bbbb"); setcookie("c", "cccc"); var_dump($_COOKIE); ?> headers sent by client: (on the second request) "Cookie: $Version=0; a=aaaa\r\n" "Cookie: $Version=0; b=bbbb\r\n" "Cookie: $Version=0; c=bbbb\r\n" Expected result: ---------------- array(4) { ["$Version"]=> string(1) "0" ["a"]=> string(4) "aaaa" ["b"]=> string(4) "bbbb" ["c"]=> string(4) "cccc" } Actual result: -------------- resulting output: array(4) { ["$Version"]=> string(1) "0" ["a"]=> string(16) "aaaa, $Version=0" ["b"]=> string(16) "bbbb, $Version=0" ["c"]=> string(4) "cccc" } -- Edit bug report at http://bugs.php.net/?id=44050&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=44050&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=44050&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=44050&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=44050&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=44050&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=44050&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=44050&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=44050&r=needscript Try newer version: http://bugs.php.net/fix.php?id=44050&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=44050&r=support Expected behavior: http://bugs.php.net/fix.php?id=44050&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=44050&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=44050&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=44050&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=44050&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=44050&r=dst IIS Stability: http://bugs.php.net/fix.php?id=44050&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=44050&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=44050&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=44050&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=44050&r=mysqlcfg
