From 5135548c9d9358c08636451be9ec3b3764cbae8c Mon Sep 17 00:00:00 2001 From: Ilia Alshanetsky Date: Sun, 24 Apr 2005 17:52:58 +0000 Subject: [PATCH] MFH: Fixed bug #32802 (General cookie overrides more specific cookie). --- NEWS | 1 + main/php_variables.c | 12 ++++++++++++ 2 files changed, 13 insertions(+) diff --git a/NEWS b/NEWS index c9f698b4bf..8c3ec7d54e 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,7 @@ PHP NEWS - Changed sha1_file() and md5_file() functions to use streams instead of low level IO. (Uwe) - Fixed memory corruption in ImageTTFText() with 64bit systems. (Andrey) +- Fixed bug #32802 (General cookie overrides more specific cookie). (Ilia) - Fixed bug #32776 (SOAP doesn't support one-way operations). (Dmitry) - Fixed bug #32759 (incorrect determination of default value (COM)). (Wez) - Fixed bug #32758 (Cannot access safearray properties in VB6 objects). (Wez) diff --git a/main/php_variables.c b/main/php_variables.c index b3307a51d7..0eed752b37 100644 --- a/main/php_variables.c +++ b/main/php_variables.c @@ -186,7 +186,19 @@ plain_var: if (!index) { zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); } else { + zval *tmp; char *escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC); + /* + * According to rfc2965, more specific paths are listed above the less specific ones. + * If we encounter a duplicate cookie name, we should skip it, since it is not possible + * to have the same (plain text) cookie name for the same path and we should not overwrite + * more specific cookies with the less specific ones. + */ + if (PG(http_globals)[TRACK_VARS_COOKIE] && symtable1 == Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_COOKIE]) && + zend_symtable_find(symtable1, escaped_index, index_len+1, (void **) &tmp) != FAILURE) { + efree(escaped_index); + break; + } zend_symtable_update(symtable1, escaped_index, index_len+1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); efree(escaped_index); } -- 2.40.0