From e586b7df4e575d7d5e017b4134bdac9b297b667b Mon Sep 17 00:00:00 2001
From: Angus Johnston
Date: Fri, 5 Dec 2025 13:57:32 +0000
Subject: Fix url_encode cookie flag in php_setcookie call

setcookie() is always URL encoded, urlencode is only turned off for setrawcookie().
Turning it off breaks cookies that have a value containing certain characters (namely spaces)
https://github.com/php/php-src/blob/685e99655ae97c667950f7f7d176985958718f56/ext/standard/head.c#L97---
 src/sp_cookie_encryption.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/sp_cookie_encryption.c b/src/sp_cookie_encryption.c
index 888d217..0c14c70 100644
--- a/src/sp_cookie_encryption.c
+++ b/src/sp_cookie_encryption.c
@@ -218,7 +218,7 @@ PHP_FUNCTION(sp_setcookie) {
     partitioned = false;
   }
   if (php_setcookie(name, (value_enc ? value_enc : value), expires, path,
-                    domain, secure, httponly, samesite, partitioned, false) == SUCCESS) {
+                    domain, secure, httponly, samesite, partitioned, 1) == SUCCESS) {
 #endif
     RETVAL_TRUE;
   } else {
-- 
cgit v1.3