This repository has been archived by the owner on Jan 30, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 84
cookie values decode error #15
Comments
malinink
pushed a commit
to malinink/zend-http
that referenced
this issue
Aug 5, 2015
malinink
pushed a commit
to malinink/zend-http
that referenced
this issue
Aug 5, 2015
For example default action may looks like that one. |
@malinink Can you please submit your changes as a pull request? |
This was referenced Aug 5, 2015
@weierophinney Pull request have been added. |
I mistakenly filed a duplicate issue for this. I think the best way to distill it down is to post a tiny one-liner that fails when it shouldn't: Zend\Http\Header\SetCookie::fromString('Set-Cookie:foo=%0A; path=/; HttpOnly'); The practical upshot is that any attempt to make a request to a server that responds with SetCookie headers with url-encoded whitespace in the value will fail because the SetCookie header class is urldecoding the value before attempting to validate it. |
zerocrates
added a commit
to zerocrates/zend-http
that referenced
this issue
Sep 11, 2015
zerocrates
added a commit
to zerocrates/zend-http
that referenced
this issue
Sep 12, 2015
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hi!
I have found one problem with encoding.
In PHP it's normal behavior that values are urlencoded, but in other languages there are another standards for encoding such value, for example - in python.
So, cookie created in python could be invalid after urldecode here:
https://github.com/zendframework/zend-http/blob/master/src/Header/SetCookie.php#L119
But if we want to fix that issue, we suppose to get rid of that urlencode also:
https://github.com/zendframework/zend-http/blob/master/src/Header/SetCookie.php#L236
That is wrong, cause when we try to set cookie with specific symbols - we get wrong cookie.
I really don't know how to fix problem, have anyone ideas?
I thought that best approach is to add client type (php, python) and add specific decode/encode functions for each type, also add default type which only encode values.
At now I have a site that causes Zend Http Client failed on send method:
The text was updated successfully, but these errors were encountered: