Details
-
Type:
Bug
-
Status:
Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 6.1.6, 6.2.0pre0, 6.1.7, 6.1.8
-
Component/s: None
-
Labels:None
-
Environment:Problem platform independent, discovered on Windows XP SP2 + Firefox 2.0.11
-
Patch Submitted:Yes
-
Number of attachments :
Description
cookie values are parsed in an overly strict manner. In the initial case an unquoted cookie value began with an equal sign, which was dropped on parsing (as it was lost in tokenization). Unparseable cookies should be dropped, not truncated.
However, there is another choice. I'm including a patch which implements a parser that is ass permissive as possible with regards to values. an equalsign, aside from the first one obviously, is not a separator (although it is technically a disallowed value, we can deal with it). The patch also deals better with insignificant whitespace in the cookie, missing values where there should be one, and is between 50% and 200% faster than the current parser, (although a much uglier implementation).
Included patch applies to 6.1.7 and trunk, and likely to any version back quite some time in the past.
