ID: 10519
Updated by: bbonev
Status: Open
Bug Type: Variables related
PHP Version: 4.0.4pl1
Assigned To: 

think about cookies the same way as GET data or POST data - they are at the same level 
and can be spoofed very easy with a cURL client for example. one can tell his client 
what cookie with what value to pass for a given request

the issue here is not security but programmers comfort. but when one uses the short 
representations of variables she must be aware of the GPC order setting.

i think this is the same like overriding a post variable with a get one.

do you think this bug shall be closed?

Previous Comments:

[2001-04-26 21:35:49] [EMAIL PROTECTED]


If you access this page with the command line arguement 


print_r will show cookie[three] in $HTTP_COOKIE_VARS.

Just a bit of incongrous material, but for some sites could cause problems if cookies 
are spoofed thusly.



ATTENTION! Do NOT reply to this email!
To reply, use the web interface found at

PHP Development Mailing List <>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to