From 424eec077256edbed079988cfa4dccab5b979536 Mon Sep 17 00:00:00 2001
From: Michael Wallner <mike@php.net>
Date: Sat, 11 Feb 2006 14:33:31 +0000
Subject: [PATCH] - rather use a list of disallowed chars - fix "foo\s+"

---
 http_api.c | 38 ++++++++++++++++++++------------------
 1 file changed, 20 insertions(+), 18 deletions(-)

diff --git a/http_api.c b/http_api.c
index de1984a..7762f20 100644
--- a/http_api.c
+++ b/http_api.c
@@ -185,32 +185,28 @@ PHP_HTTP_API STATUS _http_parse_cookie(const char *list, HashTable *items TSRMLS
 			case ST_KEY:
 				switch (*c)
 				{
-					default:
-						if (!isalnum(*c)) {
-							goto failure;
-						}
-					case '.':
-					case '_':
-					case '$':
-					case '@':
-						if (!key) {
-							key = c;
-						}
+					case ',':
+					case '\r':
+					case '\n':
+					case '\t':
+					case '\013':
+					case '\014':
+						goto failure;
 					break;
 					
-					case ' ':
+					case '=':
 						if (key) {
 							keylen = c - key;
-							st = ST_ASSIGN;
+							st = ST_VALUE;
+						} else {
+							goto failure;
 						}
 					break;
 					
-					case '=':
+					case ' ':
 						if (key) {
 							keylen = c - key;
-							st = ST_VALUE;
-						} else {
-							goto failure;
+							st = ST_ASSIGN;
 						}
 					break;
 					
@@ -220,13 +216,19 @@ PHP_HTTP_API STATUS _http_parse_cookie(const char *list, HashTable *items TSRMLS
 							st = ST_ADD;
 						}
 					break;
+					
+					default:
+						if (!key) {
+							key = c;
+						}
+					break;
 				}
 			break;
 				
 			case ST_ASSIGN:
 				if (*c == '=') {
 					st = ST_VALUE;
-				} else if (*c == ';') {
+				} else if (!*c || *c == ';') {
 					st = ST_ADD;
 				} else if (*c != ' ') {
 					goto failure;
-- 
2.30.2