From: Ilia Alshanetsky <iliaa@php.net>
Date: Sun, 24 Apr 2005 18:10:30 +0000 (+0000)
Subject: MFH: Fixed bug #32802 (General cookie overrides more specific cookie).
X-Git-Tag: php-4.4.0RC1~104
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=44a7348d2223a2c76ad91275e6183c3784b6dbfb;p=php

MFH: Fixed bug #32802 (General cookie overrides more specific cookie).
---

diff --git a/NEWS b/NEWS
index 4f160548d3..e93f20432e 100644
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,7 @@ PHP 4                                                                      NEWS
   them sort based on the current locale. (Derick)
 - Changed sha1_file() and md5_file() functions to use streams instead of 
   low level IO. (Uwe)
+- Fixed bug #32802 (General cookie overrides more specific cookie). (Ilia)
 - Fixed bug #32730 (ext/crack.c fails to compile with cracklib-2.8.3). (Jani)
 - Fixed bug #32699 (pg_affected_rows() was defined when it was not available).
   (Derick)
diff --git a/main/php_variables.c b/main/php_variables.c
index fdc0a65ba3..8ed64d03c1 100644
--- a/main/php_variables.c
+++ b/main/php_variables.c
@@ -63,7 +63,7 @@ PHPAPI void php_register_variable_ex(char *var, zval *val, pval *track_vars_arra
 	char *ip;		/* index pointer */
 	char *index;
 	int var_len, index_len;
-	zval *gpc_element, **gpc_element_p;
+	zval *gpc_element, **gpc_element_p, *tmp;
 	zend_bool is_array;
 	HashTable *symtable1=NULL;
 
@@ -184,9 +184,20 @@ plain_var:
 			} else {
 				if (PG(magic_quotes_gpc) && (index!=var)) {
 					char *escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC);
+ 					/* 
+ 					 * According to rfc2965, more specific paths are listed above the less specific ones.
+ 					 * If we encounter a duplicate cookie name, we should skip it, since it is not possible
+ 					 * to have the same (plain text) cookie name for the same path and we should not overwrite
+ 					 * more specific cookies with the less specific ones.
+ 				 	 */
+ 					if (PG(http_globals)[TRACK_VARS_COOKIE] && symtable1 == Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_COOKIE]) && 
+ 							zend_hash_find(symtable1, escaped_index, index_len+1, (void **) &tmp) != FAILURE) {
+						efree(escaped_index);
+ 						break;
+					}
 					zend_hash_update(symtable1, escaped_index, index_len+1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
 					efree(escaped_index);
-				} else {
+				} else if (!PG(http_globals)[TRACK_VARS_COOKIE] || symtable1 != Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_COOKIE]) || zend_hash_find(symtable1, index, index_len+1, (void **) tmp) == FAILURE) {
 					zend_hash_update(symtable1, index, index_len+1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
 				}
 			}