Test: /tests/basic/bug79699.phpt - Version 7.4.11 
| Security #79699 | PHP parses encoded cookie names so malicious `__Host-` cookies can be sent | ||||
|---|---|---|---|---|---|
| Submitted: | 2020-06-14 19:37:08 | Modified: | 2020-09-29 06:12:51 | ||
| From: | fletchto99 | Assigned: | stas | ||
| Status: | Closed | Package: | HTTP related | ||
| PHP Version: | 7.4.7 | OS: | macOS (but should affect any) | ||
There are 2 different diffs reported by users for this test.
| Count | Diff |
|---|---|
1 (50%) |
001+ array(2) {
002+ ["__Host-evil"]=>
001- array(4) {
002- ["__%48ost-evil"]=>
004+ ["foo"]=>
005+ string(3) "baz"
004- ["__Host-evil"]=>
005- string(4) "good"
006- ["%66oo"]=>
007- string(3) "baz"
008- ["foo"]=>
009- string(3) "bar"
|
| 1 (50%) |
001+ Thu Dec 3 10:30:55 2020 (140347402811520): Fatal Error Unable to allocate shared memory segment of 134217728 bytes: unknown: Inappropriate ioctl for device (25)
001- array(4) {
002- ["__%48ost-evil"]=>
003- string(4) "evil"
004- ["__Host-evil"]=>
005- string(4) "good"
006- ["%66oo"]=>
007- string(3) "baz"
008- ["foo"]=>
009- string(3) "bar"
010- }
|