1 files changed, 7 insertions, 3 deletions
diff --git a/treat_data.c b/treat_data.c
index 9f80cb2..15e721d 100644
--- a/treat_data.c
+++ b/treat_data.c
@@ -139,9 +139,13 @@ SAPI_TREAT_DATA_FUNC(suhosin_treat_data)
        var = php_strtok_r(res, separator, &strtok_buf);
        
        while (var) {
-                /* Overjump plain whitespace */
+                
-                while (*var && *var == ' ') var++;
+                if (arg == PARSE_COOKIE) {
+                        /* Remove leading spaces from cookie names, needed for multi-cookie header where ; can be followed by a space */
+                        while (isspace(*var)) {
+                                var++;
+                        }
+                }
                val = strchr(var, '=');
                
 #if PHP_VERSION_ID >= 50311

diff --git a/treat_data.c b/treat_data.c index 9f80cb2..15e721d 100644 --- a/treat_data.c +++ b/treat_data.c
@@ -139,9 +139,13 @@ SAPI_TREAT_DATA_FUNC(suhosin_treat_data)
139	var = php_strtok_r(res, separator, &strtok_buf);	139	var = php_strtok_r(res, separator, &strtok_buf);
140		140
141	while (var) {	141	while (var) {
142	/* Overjump plain whitespace */	142
143	while (var && var == ' ') var++;	143	if (arg == PARSE_COOKIE) {
144		144	/* Remove leading spaces from cookie names, needed for multi-cookie header where ; can be followed by a space */
		145	while (isspace(*var)) {
		146	var++;
		147	}
		148	}
145	val = strchr(var, '=');	149	val = strchr(var, '=');
146		150
147	#if PHP_VERSION_ID >= 50311	151	#if PHP_VERSION_ID >= 50311