[wp-trac] [WordPress Trac] #19922: Cookie urlencoding in getHeaderValue method of WP_Http_Cookie confuses servers
WordPress Trac
wp-trac at lists.automattic.com
Fri Feb 10 21:58:27 UTC 2012
#19922: Cookie urlencoding in getHeaderValue method of WP_Http_Cookie confuses
servers
------------------------------------+------------------------------
Reporter: pw201 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: HTTP | Version: 2.8
Severity: normal | Resolution:
Keywords: has-patch dev-feedback |
------------------------------------+------------------------------
Comment (by dd32):
The cookie spec indeed doesn't have any standard, other than only US-ASCII
characters are permitted (And other sites warn non-ascii characters are
prone to being mangled), URL Encoding non-ASCII characters seems to be the
agree'd standard, encoding : and \ doesn't seem to make sense to me, as
they're printable US-ASCII characters, so php's urlencode shouldn't be
used here.
However, the Data contained within cookies is only useful to the origin
server, We shouldn't try to interpret it, as we have no need to, we simply
need to send back the same data that we received, Plugin authors can pass
any kind of data in, and it should be sent as-is. Or at least, that's my
understanding of how we should be handling it.
refs: [http://www.w3.org/Protocols/rfc2109/rfc2109.txt rfc 2109]
[http://www.ietf.org/rfc/rfc2965.txt rfc 2965]
--
Ticket URL: <http://core.trac.wordpress.org/ticket/19922#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list