[TYPO3-core] RFC #15503: Bug: fixed getCookie() method
Marcus Krause
marcus#exp2010 at t3sec.info
Tue Oct 19 22:30:51 CEST 2010
> On Wed, 06 Oct 2010 10:57:49 +0200, Michael Bürgi
> <michael.buergi at gmx.net> wrote:
>
>> This is an SVN patch request.
>>
>> Type: Bugfix
>>
>> Bugtracker references:
>> http://bugs.typo3.org/view.php?id=15503
>>
>> Branches:
>> TYPO3_4-3 & TYPO3_4-4 & trunk
>>
>> Problem:
>> There are two issues in the getCookie() method in t3lib_userauth.php:
>> string comparison and value decoding.
>>
>> Solution:
>> - Strings should be compared using strcmp(), as numeric strings are
>> compared numeric. So exotic cookie names like 1.23E3 wouldn't work.
>> - decoding of cookie values in $_SERVER['HTTP_COOKIE'] must be done by
>> urldecode not stripslashes as $_SERVER is not affected by magic_quotes.
+1 by reading (good catch, thanks)
this one should be applied to 4-2 and above!
Marcus.
More information about the TYPO3-team-core
mailing list