From: francesco dot laffi at gmail dot com Operating system: PHP version: 5.5Git-2013-09-08 (snap) Package: Built-in web server Bug Type: Bug Bug description:PHP built-in server
Description: ------------ The built-in server look for info in same headers in a case-sensitive way, but the rfc2616 define http headers fields as case insensitive. i.e. 'cookie: foo=bar' should be recognized but the the current cli server only recognize correctly 'Cookie: foo=bar' I tried to fiddle with the code to confirm it, i.e in `sapi/cli/php_cli_server.c` in the function `sapi_cli_server_read_cookies`: replace: if (FAILURE == zend_hash_find(&client->request.headers, "Cookie", sizeof("Cookie"), (void**)&val)) with: if (FAILURE == zend_hash_find(&client->request.headers, "Cookie", sizeof("Cookie"), (void**)&val) && FAILURE == zend_hash_find(&client- >request.headers, "cookie", sizeof("cookie"), (void**)&val)) And cookies then worked correctly even with lowercase header field. I never developed in C so I wont be able to produce a full patch. The above snippet is not a suggestion on how to fix it, just pointing where the bug is. In the same file I see there are other headers checked in the same way. I also noticed that even if it doesnt fill the $_COOKIE superglobal it does put the cookie header in $_SERVER['HTTP_COOKIE'], so its already case-insensitive in some code. Looking around about this I found this bug on other projects but I didnt found it here, other sources for reference: https://github.com/symfony/symfony/issues/8278 https://github.com/37signals/pow/issues/319 Test script: --------------- echo '<?php var_dump($_COOKIE);' > index.php php -S 127.0.0.1:8080 curl http://127.0.0.1:8080 -H 'Cookie: foo=bar' curl http://127.0.0.1:8080 -H 'cookie: foo=bar' Expected result: ---------------- the two curl request return the same output Actual result: -------------- > curl http://127.0.0.1:8080 -H 'Cookie: foo=bar' array(1) { ["foo"]=> string(3) "bar" } > curl http://127.0.0.1:8080 -H 'cookie: foo=bar' array(0) { } -- Edit bug report at https://bugs.php.net/bug.php?id=65633&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=65633&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=65633&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=65633&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=65633&r=fixed Fixed in release: https://bugs.php.net/fix.php?id=65633&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=65633&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=65633&r=needscript Try newer version: https://bugs.php.net/fix.php?id=65633&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=65633&r=support Expected behavior: https://bugs.php.net/fix.php?id=65633&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=65633&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=65633&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=65633&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=65633&r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=65633&r=dst IIS Stability: https://bugs.php.net/fix.php?id=65633&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=65633&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=65633&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=65633&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=65633&r=mysqlcfg