View Issue Details

WikiRelated ChangesetsJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0012552mantisbtauthenticationpublic2010-11-23 09:542011-04-05 14:23
Reporterdregad Assigned Todhx  
PrioritylowSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Versiongit trunk 
Target Version1.2.5Fixed in Version1.2.5 
Summary0012552: Use of a period "." in $g_cookie_prefix results in login error
Description

If the cookie prefix string contains a ".", then the following (misleading) error message is displayed on the login page:

Your browser either does not know how to handle cookies, or refuses to handle them.

In gpc_set_cookie, $p_name is correctly set to "TEST.1", but in $_COOKIE, the stored value (array index) is "TEST_1_STRING_COOKIE"

The easy and obvious workaround is to not use a "." in the prefix string, but this should at least be documented in config_defaults_inc.php.

Steps To Reproduce
  1. Define $g_cookie_prefix = "TEST.1" in config_inc.php
  2. Try to login
Additional Information

Note: the period "." is a valid char cookie name, per RFC 2965 and 2616 which defines the valid chars for cookies as
token = 1*<any CHAR except CTLs or separators>
separators = "(" | ")" | "<" | ">" | "@"
| "," | ";" | ":" | "\" | <">
| "/" | "[" | "]" | "?" | "="
| "{" | "}" | SP | HT
CTL = <any US-ASCII control character
(octets 0 - 31) and DEL (127)>

Someone else seems to have noticed this behavior of PHP (see user note under setcookie documentation http://php.net/manual/en/function.setcookie.php#99845).

Tagspatch
Attached Files
0001-Fix-12552-Period-should-not-be-used-in-g_cookie_pref.patch (804 bytes)    
From 341991eee9b32bf671047b8c33b01c8569d63d2b Mon Sep 17 00:00:00 2001
From: Damien Regad <damien.regad@merckserono.net>
Date: Tue, 23 Nov 2010 16:10:11 +0100
Subject: [PATCH] Fix #12552: Period should not be used in g_cookie_prefix

Modified comment in config_defaults_inc.php to document this
---
 config_defaults_inc.php |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/config_defaults_inc.php b/config_defaults_inc.php
index b3f8bd8..41341d7 100644
--- a/config_defaults_inc.php
+++ b/config_defaults_inc.php
@@ -2764,7 +2764,7 @@
 
 	/**
 	 * --- cookie prefix ---------------
-	 * set this to a unique identifier.  No spaces.
+	 * set this to a unique identifier.  No spaces or periods.
 	 * @global string $g_cookie_prefix
 	 */
 	$g_cookie_prefix		= 'MANTIS';
-- 
1.7.1
0001-Fix-12552-Period-should-not-be-used-in-g_cookie_pref.patch (804 bytes)   

Activities

dregad

dregad

2010-11-23 10:09

developer   ~0027459

I wonder if this behavior could be caused by PHP handling of external variables (http://us2.php.net/variables.external) which according to the note is converting spaces and dots to underscores.

But I'm not sure if it's the case, because Mantis behavior is not fully consistent, even though the error message on login page is the same:
$g_cookie_prefix = "TEST 2"
In gpc_set_cookie, $p_name is set to "TEST 2_STRING_COOKIE", but there is no value stored in $_COOKIE
dhx

dhx

2010-12-25 03:56

reporter   ~0027697

Committed, thanks Damien.

I also updated the docbook documentation to reflect this changed comment.

Related Changesets

MantisBT: master e45cfb8d

2010-11-23 10:10

Damien Regad

Committer: dhx


Details Diff		 Fix 0012552: Periods should not be used in g_cookie_prefix

Modified comment in config_defaults_inc.php to document this. The
administration guide documentation has also been updated.

Signed-off-by: David Hicks <hickseydr@optusnet.com.au>		 Affected Issues
0012552
mod - config_defaults_inc.php Diff File
mod - docbook/Admin_Guide/en-US/Configuration.xml Diff File

MantisBT: master-1.2.x e28dae6a

2010-11-23 10:10

Damien Regad

Committer: dhx


Details Diff		 Fix 0012552: Periods should not be used in g_cookie_prefix

Modified comment in config_defaults_inc.php to document this. The
administration guide documentation has also been updated.

Signed-off-by: David Hicks <hickseydr@optusnet.com.au>		 Affected Issues
0012552
mod - config_defaults_inc.php Diff File
mod - docbook/adminguide/en/configuration.sgml Diff File