From bf0508fabfbfa2fa778edbf5b94d5c54a952156d Mon Sep 17 00:00:00 2001 From: Vadim Zhestikov Date: Thu, 18 Dec 2025 16:45:21 -0800 Subject: Improved $cookie_ evaluation. In case "Cookie" header is sent by client, multiple cookie pairs were incorrectly split by a semicolon and comma. Now they are split by a semicolon only. For example, next variables will be found for "Cookie: a=b, c=d; e=f": - $cookie_a: "b, c=d" - $cookie_e: "f" Closes #1042 on GitHub. --- src/http/ngx_http_variables.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/http/ngx_http_variables.c') diff --git a/src/http/ngx_http_variables.c b/src/http/ngx_http_variables.c index dd69bcfcd..37cd0d287 100644 --- a/src/http/ngx_http_variables.c +++ b/src/http/ngx_http_variables.c @@ -1088,7 +1088,7 @@ ngx_http_variable_cookie(ngx_http_request_t *r, ngx_http_variable_value_t *v, s.len = name->len - (sizeof("cookie_") - 1); s.data = name->data + sizeof("cookie_") - 1; - if (ngx_http_parse_multi_header_lines(r, r->headers_in.cookie, &s, &cookie) + if (ngx_http_parse_cookie_lines(r, r->headers_in.cookie, &s, &cookie) == NULL) { v->not_found = 1; -- cgit