ID: 43311 Comment by: judas dot iscariote at gmail dot com Reported By: crrodriguez at suse dot de Status: Open Bug Type: *General Issues Operating System: Irrelevant PHP Version: 5.3CVS-2007-11-16 (CVS) New Comment:
corrected/working patch is here now (previuos had errors ..I should test patches before submitting them :) ) http://www.flyspray.org/patches/setcookie-4096btyesonly.patch Previous Comments: ------------------------------------------------------------------------ [2007-11-16 01:30:40] crrodriguez at suse dot de Description: ------------ The following report caught my attention http://www.securityfocus.com/archive/1/483705 That is indeed a bug in Konqueror, but if you look the "reproduce code" it says. Reproduce code: --------------- <?php ini_set("memory_limit","200M"); setcookie("hi_fox", str_repeat("A",19999999)); ?> Expected result: ---------------- PHP limiting the cookie size to what both the spec says and other browsers do, that is name_len + value_len not larger than 4096 bytes. http://www.15seconds.com/faq/Cookies/388.htm http://wp.netscape.com/newsref/std/cookie_spec.html E-Warning "Cookie cannot store more than %d bytes of data" Actual result: -------------- PHP setting a 200MB cookie anyway. patch here : http://rafb.net/p/zs0ojA57.html ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=43311&edit=1