[TYPO3-core] RFC #15503: Bug: fixed getCookie() method
Michael Bürgi
michael.buergi at gmx.net
Tue Oct 19 20:12:44 CEST 2010
REMINDER #1
On Wed, 06 Oct 2010 10:57:49 +0200, Michael Bürgi <michael.buergi at gmx.net> wrote:
> This is an SVN patch request.
>
> Type: Bugfix
>
> Bugtracker references:
> http://bugs.typo3.org/view.php?id=15503
>
> Branches:
> TYPO3_4-3 & TYPO3_4-4 & trunk
>
> Problem:
> There are two issues in the getCookie() method in t3lib_userauth.php: string comparison and value decoding.
>
> Solution:
> - Strings should be compared using strcmp(), as numeric strings are compared numeric. So exotic cookie names like 1.23E3 wouldn't work.
> - decoding of cookie values in $_SERVER['HTTP_COOKIE'] must be done by urldecode not stripslashes as $_SERVER is not affected by magic_quotes.
>
> Kind regards
> Michael Buergi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bug_15503.patch
Type: application/octet-stream
Size: 634 bytes
Desc: not available
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20101019/a388ad0e/attachment.obj>
More information about the TYPO3-team-core
mailing list