[wp-trac] [WordPress Trac] #19922: Cookie urlencoding in getHeaderValue method of WP_Http_Cookie confuses servers
WordPress Trac
wp-trac at lists.automattic.com
Sat Feb 11 05:42:24 UTC 2012
#19922: Cookie urlencoding in getHeaderValue method of WP_Http_Cookie confuses
servers
------------------------------------+------------------------------
Reporter: pw201 | Owner: westi
Type: defect (bug) | Status: accepted
Priority: normal | Milestone: Awaiting Review
Component: HTTP | Version: 2.8
Severity: normal | Resolution:
Keywords: has-patch dev-feedback |
------------------------------------+------------------------------
Comment (by kurtpayne):
Replying to [comment:5 dd32]:
> The cookie spec indeed doesn't have any standard, other than only US-
ASCII characters are permitted
[http://www.rfc-editor.org/rfc/rfc6265.txt RFC 6265] identifies a cookie
value as:
>
{{{
cookie-value = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
; US-ASCII characters excluding CTLs,
; whitespace DQUOTE, comma, semicolon,
; and backslash
}}}
Perhaps these should be encoded, at a minimum? As a measure against
double encoding, [[attachment:19922.patch]] also encodes % and +. Not
sure why = was in there.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/19922#comment:8>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list