[TYPO3-core] RFC #15503: Bug: fixed getCookie() method

Michael Bürgi michael.buergi at gmx.net
Wed Oct 6 10:57:49 CEST 2010


This is an SVN patch request.

Type: Bugfix

Bugtracker references:
http://bugs.typo3.org/view.php?id=15503

Branches:
TYPO3_4-3 & TYPO3_4-4 & trunk

Problem:
There are two issues in the getCookie() method in t3lib_userauth.php: string comparison and value decoding.

Solution:
- Strings should be compared using strcmp(), as numeric strings are compared numeric. So exotic cookie names like 1.23E3 wouldn't work.
- decoding of cookie values in $_SERVER['HTTP_COOKIE'] must be done by urldecode not stripslashes as $_SERVER is not affected by magic_quotes.

Kind regards
Michael Buergi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bug_15503.patch
Type: application/octet-stream
Size: 634 bytes
Desc: not available
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20101006/f9888521/attachment.obj>


More information about the TYPO3-team-core mailing list