[wp-trac] [WordPress Trac] #19922: Cookie urlencoding in getHeaderValue method of WP_Http_Cookie confuses servers
WordPress Trac
wp-trac at lists.automattic.com
Sun Jan 29 21:21:49 UTC 2012
#19922: Cookie urlencoding in getHeaderValue method of WP_Http_Cookie confuses
servers
--------------------------+-----------------------------
Reporter: pw201 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords:
--------------------------+-----------------------------
WP_Http_Cookie calls [http://php.net/manual/en/function.urlencode.php
urlencode] on cookie values before they're used in the Cookie header in
the HTTP request. This produces interoperability problems with servers
which don't perform the corresponding decode.
[http://stackoverflow.com/a/1969339 This Stack Overflow article] says that
the RFC specifying that these values should be encoded is not well
adopted, and that browsers don't follow it.
I found this while looking into why the LiveJournal importer now fails to
import comments. I think LJ changed their cookie formats a while ago. The
session cookies now contain colons and forward slashes. Both of these are
encoded by the WP core code, resulting in the cookie not being recognised
by LJ's server.
Removing the call to urlencode in getHeaderValue allows the import to
complete. A better fix would probably be to only encode non-printable
characters, I suppose.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/19922>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list