ID:               43311
 Comment by:       judas dot iscariote at gmail dot com
 Reported By:      crrodriguez at suse dot de
 Status:           Open
 Bug Type:         *General Issues
 Operating System: Irrelevant
 PHP Version:      5.3CVS-2007-11-16 (CVS)
 New Comment:

corrected/working patch is here now (previuos had errors ..I should
test patches before submitting them :) ) 

http://www.flyspray.org/patches/setcookie-4096btyesonly.patch


Previous Comments:
------------------------------------------------------------------------

[2007-11-16 01:30:40] crrodriguez at suse dot de

Description:
------------
The following report caught my attention 

http://www.securityfocus.com/archive/1/483705

That is indeed a bug in Konqueror, but if you look the "reproduce code"
it says.

Reproduce code:
---------------
<?php

ini_set("memory_limit","200M");

setcookie("hi_fox", str_repeat("A",19999999));

?>

Expected result:
----------------
PHP limiting the cookie size to what both the spec says and other
browsers do, that is name_len + value_len not larger than 4096 bytes.

http://www.15seconds.com/faq/Cookies/388.htm

http://wp.netscape.com/newsref/std/cookie_spec.html


E-Warning "Cookie cannot store more than %d bytes of data"

Actual result:
--------------
PHP setting a 200MB cookie anyway.


patch here : http://rafb.net/p/zs0ojA57.html


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=43311&edit=1

Reply via email to