Hello Jani,

I happily repeat myself until you actually read my comments.

There is a cookie 0 format defined by Netscape
- no quoted strings and only ; as separator

and a cookie 1 format defined by RFC 2109/2965
- with quoted_strings
- and with , and ; as separator

PHP understood up to today only Netscape version 0 cookies. Now thanks to your patch it behaves like a mixture of version 0 and version 1 cookies.

This is VERY VERY VERY bad. Magic RFC unconform features always cause problems when interoperating with other software. In this case f.e. with flawed technology like mod_security.

A) Either remove , as separator again
or
B) implement proper handling of quoted strings
or
C) give people one reason more to bitch about PHP


Stefan

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php



Reply via email to