View Issue Details

IDProjectCategoryView StatusLast Update
0006477OXID eShop (all versions)4.07. Source code, Testpublic2020-02-26 09:13
Reporterstg Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version4.10.0 / 5.3.0 
Fixed in Version6.1.0 
Summary0006477: oxUtilsServer::getOxCookie has side effects on $_COOKIE
DescriptiongetOxCookie uses the following line to clear Special Characters from Cookie Values:

$sValue = oxRegistry::getConfig()->checkParamSpecialChars($_COOKIE[$sName]);

checkParamSpecialChars uses call by reference and thus changes $_COOKIE. In certain cases (json_data f.e.), this happens whith every call.
Steps To ReproduceInsert the following code somewhere in your shop:

    $aTestData = array(
        "title" => "Jau!",
        "band" => "Fury in the Slaughterhouse",
        "year" => 1990
    );

    $oUtilsServer = oxRegistry::get("oxUtilsServer");
    $oUtilsServer->setOxCookie('wont_forget', json_encode($aTestData), time() + 600, '/');

    var_export($_COOKIE['wont_forget']); echo "\n";
    var_export($oUtilsServer->getOxCookie('wont_forget')); echo "\n";
    var_export($oUtilsServer->getOxCookie('wont_forget')); echo "\n";
    var_export($oUtilsServer->getOxCookie('wont_forget')); echo "\n";
    var_export($oUtilsServer->getOxCookie('wont_forget')); echo "\n";
    var_export($oUtilsServer->getOxCookie('wont_forget')); echo "\n";
    var_export($oUtilsServer->getOxCookie('wont_forget')); echo "\n";
    var_export($_COOKIE['wont_forget']); echo "\n";
Additional InformationThe code replaces HTML special characters and produces something like the following:

'{"title":"Jau!","band":"Fury in the Slaughterhouse","year":1990}'
'{"title":"Jau!","band":"Fury in the Slaughterhouse","year":1990}'
'{"title":"Jau!","band":"Fury in the Slaughterhouse","year":1990}'
'{"title":"Jau!","band":"Fury in the Slaughterhouse","year":1990}'
'{"title":"Jau!","band":"Fury in the Slaughterhouse","year":1990}'
'{"title":"Jau!","band":"Fury in the Slaughterhouse","year":1990}'
'{"title":"Jau!","band":"Fury in the Slaughterhouse","year":1990}'
'{"title":"Jau!","band":"Fury in the Slaughterhouse","year":1990}'
TagsNo tags attached.
ThemeNot defined
BrowserNot defined
PHP Version5.6
Database VersionNot defined

Relationships

duplicate of 0005307 resolvedbenjamin.joerger Cookies are changed by checkParamSpecialChars's several times 

Activities

stg

2016-08-12 16:38

reporter   ~0011732

Same issue as id=5307

Sorry for duplicating.

mf

2016-08-15 13:42

developer   ~0011738

https://bugs.oxid-esales.com/view.php?id=5307

robert blank

2016-10-05 14:45

reporter   ~0011822

The bugfix introduced a BC break and must be reverted.

This bug cannot be fixed in v5.3
The right way to fix this bug in v6.0 is to create a separate method in v5.3 and deprecate the current method checkParamSpecialChars().
In v6.0 do not change the current method, but replace it by the new one and delete the current method checkParamSpecialChars()