From: francesco dot laffi at gmail dot com
Operating system:
PHP version: 5.5Git-2013-09-08 (snap)
Package: Built-in web server
Bug Type: Bug
Bug description:PHP built-in server
Description:
------------
The built-in server look for info in same headers in a case-sensitive way,
but the
rfc2616 define http headers fields as case insensitive.
i.e. 'cookie: foo=bar' should be recognized but the the current cli server
only
recognize correctly 'Cookie: foo=bar'
I tried to fiddle with the code to confirm it, i.e in
`sapi/cli/php_cli_server.c`
in the function `sapi_cli_server_read_cookies`:
replace: if (FAILURE == zend_hash_find(&client->request.headers, "Cookie",
sizeof("Cookie"), (void**)&val))
with: if (FAILURE == zend_hash_find(&client->request.headers, "Cookie",
sizeof("Cookie"), (void**)&val) && FAILURE == zend_hash_find(&client-
>request.headers, "cookie", sizeof("cookie"), (void**)&val))
And cookies then worked correctly even with lowercase header field.
I never developed in C so I wont be able to produce a full patch. The above
snippet is not a suggestion on how to fix it, just pointing where the bug
is. In
the same file I see there are other headers checked in the same way.
I also noticed that even if it doesnt fill the $_COOKIE superglobal it does
put
the cookie header in $_SERVER['HTTP_COOKIE'], so its already
case-insensitive in
some code.
Looking around about this I found this bug on other projects but I didnt
found it here, other sources for reference:
https://github.com/symfony/symfony/issues/8278
https://github.com/37signals/pow/issues/319
Test script:
---------------
echo '<?php var_dump($_COOKIE);' > index.php
php -S 127.0.0.1:8080
curl http://127.0.0.1:8080 -H 'Cookie: foo=bar'
curl http://127.0.0.1:8080 -H 'cookie: foo=bar'
Expected result:
----------------
the two curl request return the same output
Actual result:
--------------
> curl http://127.0.0.1:8080 -H 'Cookie: foo=bar'
array(1) {
["foo"]=>
string(3) "bar"
}
> curl http://127.0.0.1:8080 -H 'cookie: foo=bar'
array(0) {
}
--
Edit bug report at https://bugs.php.net/bug.php?id=65633&edit=1
--
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=65633&r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=65633&r=trysnapshot53
Try a snapshot (trunk):
https://bugs.php.net/fix.php?id=65633&r=trysnapshottrunk
Fixed in SVN: https://bugs.php.net/fix.php?id=65633&r=fixed
Fixed in release: https://bugs.php.net/fix.php?id=65633&r=alreadyfixed
Need backtrace: https://bugs.php.net/fix.php?id=65633&r=needtrace
Need Reproduce Script: https://bugs.php.net/fix.php?id=65633&r=needscript
Try newer version: https://bugs.php.net/fix.php?id=65633&r=oldversion
Not developer issue: https://bugs.php.net/fix.php?id=65633&r=support
Expected behavior: https://bugs.php.net/fix.php?id=65633&r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=65633&r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=65633&r=submittedtwice
register_globals: https://bugs.php.net/fix.php?id=65633&r=globals
PHP 4 support discontinued: https://bugs.php.net/fix.php?id=65633&r=php4
Daylight Savings: https://bugs.php.net/fix.php?id=65633&r=dst
IIS Stability: https://bugs.php.net/fix.php?id=65633&r=isapi
Install GNU Sed: https://bugs.php.net/fix.php?id=65633&r=gnused
Floating point limitations: https://bugs.php.net/fix.php?id=65633&r=float
No Zend Extensions: https://bugs.php.net/fix.php?id=65633&r=nozend
MySQL Configuration Error: https://bugs.php.net/fix.php?id=65633&r=mysqlcfg
