Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork9.7k
[HttpFoundation] Do not swallow trailing= in cookie value#51819
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
[HttpFoundation] Do not swallow trailing= in cookie value#51819
Uh oh!
There was an error while loading.Please reload this page.
Conversation
= in cookie valueOskarStark commentedOct 3, 2023
Or should this be fixed inside HeaderUtils::split() method? |
stof commentedOct 3, 2023
I guess we have similar bugs in other places using |
OskarStark commentedOct 3, 2023
So do you have a proposal on where to fix this? |
stof commentedOct 3, 2023
Well, HeaderUtils should be the place to fix it, but not sure we can fix it with the existing signature (unless we hardcode a special behavior for |
nicolas-grekas commentedOct 6, 2023
The bug is clearly in HeaderUtils, see
|
OskarStark commentedOct 6, 2023
Will check on Monday 👍🏻 |
7cf16b0 to360e0adCompareOskarStark commentedOct 9, 2023
Review please |
nicolas-grekas left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
The whole logic is opaque to me 😓
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
f2d7a47 toed51a41Compare469f98b to59d6acfComparenicolas-grekas left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I rewrote the implementation, it now makes sense, at least to me :)
AND, it handles more edge cases.
59d6acf to77ca01cCompareOskarStark commentedOct 17, 2023
Thank you Nicolas!! 👏 |
| [['foo bar'],'"foo" "bar"',','], | ||
| [[['foo_cookie','foo=1&bar=2&baz=3'], ['expires','Tue, 22-Sep-2020 06:27:09 GMT'], ['path','/']],'foo_cookie=foo=1&bar=2&baz=3; expires=Tue, 22-Sep-2020 06:27:09 GMT; path=/',';='], | ||
| [[['foo_cookie','foo=='], ['expires','Tue, 22-Sep-2020 06:27:09 GMT'], ['path','/']],'foo_cookie=foo==; expires=Tue, 22-Sep-2020 06:27:09 GMT; path=/',';='], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
| [[['foo_cookie','foo=='], ['expires','Tue, 22-Sep-2020 06:27:09 GMT'], ['path','/']],'foo_cookie=foo==; expires=Tue, 22-Sep-2020 06:27:09 GMT; path=/',';='], | |
| [[['foo_cookie','foo==='], ['expires','Tue, 22-Sep-2020 06:27:09 GMT'], ['path','/']],'foo_cookie=foo===; expires=Tue, 22-Sep-2020 06:27:09 GMT; path=/',';='], | |
| [[['foo_cookie','foo=='], ['expires','Tue, 22-Sep-2020 06:27:09 GMT'], ['path','/']],'foo_cookie=foo==; expires=Tue, 22-Sep-2020 06:27:09 GMT; path=/',';='], |
Does this pass as well?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
yes
nicolas-grekas commentedOct 17, 2023
Thank you@OskarStark. |
OskarStark commentedOct 17, 2023
Thank you, as you did the reimplementation 👍 |
Uh oh!
There was an error while loading.Please reload this page.
cc@pschultz as you opened the bug report