Test: /tests/basic/bug79699.phpt - Version 7.4.6 
| Security #79699 | PHP parses encoded cookie names so malicious `__Host-` cookies can be sent | ||||
|---|---|---|---|---|---|
| Submitted: | 2020-06-14 19:37:08 | Modified: | 2020-09-29 06:12:51 | ||
| From: | fletchto99 | Assigned: | stas | ||
| Status: | Closed | Package: | HTTP related | ||
| PHP Version: | 7.4.7 | OS: | macOS (but should affect any) | ||
There is 1 diff reported by users for this test.
| Count | Diff |
|---|---|
2 (100%) |
001+ array(2) {
002+ ["__Host-evil"]=>
001- array(4) {
002- ["__%48ost-evil"]=>
004+ ["foo"]=>
005+ string(3) "baz"
004- ["__Host-evil"]=>
005- string(4) "good"
006- ["%66oo"]=>
007- string(3) "baz"
008- ["foo"]=>
009- string(3) "bar"
|