diff options
| author | Stefan Esser | 2014-02-12 19:31:03 +0100 |
|---|---|---|
| committer | Stefan Esser | 2014-02-12 19:31:03 +0100 |
| commit | 5775082d4c034dbff101b32a8a0ef860cd24ec34 (patch) | |
| tree | bad71b93174ec22f30fa73139c1275f7f224ad74 | |
| parent | 7b3cfa84ff15cc0d4d84f33974c8120aaad0246f (diff) | |
Only remove whitespace for COOKIE
| -rw-r--r-- | treat_data.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/treat_data.c b/treat_data.c index 9f80cb2..15e721d 100644 --- a/treat_data.c +++ b/treat_data.c | |||
| @@ -139,9 +139,13 @@ SAPI_TREAT_DATA_FUNC(suhosin_treat_data) | |||
| 139 | var = php_strtok_r(res, separator, &strtok_buf); | 139 | var = php_strtok_r(res, separator, &strtok_buf); |
| 140 | 140 | ||
| 141 | while (var) { | 141 | while (var) { |
| 142 | /* Overjump plain whitespace */ | 142 | |
| 143 | while (*var && *var == ' ') var++; | 143 | if (arg == PARSE_COOKIE) { |
| 144 | 144 | /* Remove leading spaces from cookie names, needed for multi-cookie header where ; can be followed by a space */ | |
| 145 | while (isspace(*var)) { | ||
| 146 | var++; | ||
| 147 | } | ||
| 148 | } | ||
| 145 | val = strchr(var, '='); | 149 | val = strchr(var, '='); |
| 146 | 150 | ||
| 147 | #if PHP_VERSION_ID >= 50311 | 151 | #if PHP_VERSION_ID >= 50311 |