[wp-trac] [WordPress Trac] #19922: Cookie urlencoding in getHeaderValue method of WP_Http_Cookie confuses servers

WordPress Trac wp-trac at lists.automattic.com
Sat Feb 11 05:42:24 UTC 2012


#19922: Cookie urlencoding in getHeaderValue method of WP_Http_Cookie confuses
servers
------------------------------------+------------------------------
 Reporter:  pw201                   |       Owner:  westi
     Type:  defect (bug)            |      Status:  accepted
 Priority:  normal                  |   Milestone:  Awaiting Review
Component:  HTTP                    |     Version:  2.8
 Severity:  normal                  |  Resolution:
 Keywords:  has-patch dev-feedback  |
------------------------------------+------------------------------

Comment (by kurtpayne):

 Replying to [comment:5 dd32]:
 > The cookie spec indeed doesn't have any standard, other than only US-
 ASCII characters are permitted

 [http://www.rfc-editor.org/rfc/rfc6265.txt RFC 6265] identifies a cookie
 value as:

 >
 {{{
  cookie-value      = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
  cookie-octet      = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
                        ; US-ASCII characters excluding CTLs,
                        ; whitespace DQUOTE, comma, semicolon,
                        ; and backslash
 }}}

 Perhaps these should be encoded, at a minimum?  As a measure against
 double encoding, [[attachment:19922.patch]] also encodes %  and +.  Not
 sure why = was in there.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/19922#comment:8>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list