MFB:

Fixed handling of multiple cookies with the same name.
	Added support for cookies into run-tests.php

ext/filter/filter.c

@@ -370,6 +370,16 @@ static unsigned int php_sapi_filter(int arg, char *var, char **val, unsigned int
 			break;
 	}
 
+	/* 
+	 * According to rfc2965, more specific paths are listed above the less specific ones.
+	 * If we encounter a duplicate cookie name, we should skip it, since it is not possible
+	 * to have the same (plain text) cookie name for the same path and we should not overwrite
+	 * more specific cookies with the less specific ones.
+	*/
+	if (arg == PARSE_COOKIE && orig_array_ptr && zend_symtable_exists(Z_ARRVAL_P(orig_array_ptr), var, strlen(var)+1)) {
+		return 0;
+	}
+
 	if (array_ptr) {
 		/* Make a copy of the variable name, as php_register_variable_ex seems to
 		 * modify it */

ext/filter/tests/041.phpt

@@ -0,0 +1,32 @@
+--TEST--
+COOKIE multiple cookie test
+--INI--
+filter.default=stripped
+filter.default_flags=0
+--COOKIE--
+abc=dir; def=true; abc=root; xyz="foo bar";
+--FILE--
+<?php 
+var_dump($_COOKIE);
+var_dump(filter_has_var(INPUT_COOKIE, "abc"));
+var_dump(filter_input(INPUT_COOKIE, "abc"));
+var_dump(filter_input(INPUT_COOKIE, "def"));
+var_dump(filter_input(INPUT_COOKIE, "xyz"));
+var_dump(filter_has_var(INPUT_COOKIE, "bogus"));
+var_dump(filter_input(INPUT_COOKIE, "xyz", FILTER_SANITIZE_SPECIAL_CHARS));
+?>
+--EXPECT--
+array(3) {
+  ["abc"]=>
+  string(3) "dir"
+  ["def"]=>
+  string(4) "true"
+  ["xyz"]=>
+  string(17) "&#34;foo bar&#34;"
+}
+bool(true)
+string(3) "dir"
+string(4) "true"
+string(9) ""foo bar""
+bool(false)
+string(17) "&#34;foo bar&#34;"

main/php_variables.c

@@ -511,7 +511,7 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data)
 				var++;
 			}
 			if (var == val || *var == '\0') {
-				goto next_cookie;
+				goto next_var;
 			}
 		}
 

run-tests.php

@@ -968,13 +968,14 @@ TEST $file
 		'TEST'   => '',
 		'SKIPIF' => '',
 		'GET'    => '',
+		'COOKIE' => '',
 		'POST_RAW' => '',
 		'POST'   => '',
 		'UPLOAD' => '',
 		'ARGS'   => '',
 	);
 
-	$fp = @fopen($file, "rt") or error("Cannot open test file: $file");
+	$fp = fopen($file, "rt") or error("Cannot open test file: $file");
 
 	$borked = false;
 	$bork_info = '';
@@ -1062,7 +1063,7 @@ TEST $file
 	$tested = trim($section_text['TEST']);
 
 	/* For GET/POST tests, check if cgi sapi is available and if it is, use it. */
-	if ((!empty($section_text['GET']) || !empty($section_text['POST']))) {
+	if (!empty($section_text['GET']) || !empty($section_text['POST']) || !empty($section_text['POST_RAW']) || !empty($section_text['COOKIE'])) {
 		if (!strncasecmp(PHP_OS, "win", 3) && file_exists(dirname($php) ."/php-cgi.exe")) {
 			$old_php = $php;
 			$php = realpath(dirname($php) ."/php-cgi.exe") .' -C ';
@@ -1341,6 +1342,12 @@ TEST $file
 	$env['PATH_TRANSLATED'] = $test_file;
 	$env['SCRIPT_FILENAME'] = $test_file;
 
+	if (array_key_exists('COOKIE', $section_text)) {
+		$env['HTTP_COOKIE'] = trim($section_text['COOKIE']);
+	} else {
+		$env['HTTP_COOKIE'] = '';
+	}
+
 	$args = $section_text['ARGS'] ? ' -- '.$section_text['ARGS'] : '';
 
 	if (array_key_exists('POST_RAW', $section_text) && !empty($section_text['POST_RAW'])) {
@@ -1400,6 +1407,7 @@ QUERY_STRING    = " . $env['QUERY_STRING'] . "
 REDIRECT_STATUS = " . $env['REDIRECT_STATUS'] . "
 REQUEST_METHOD  = " . $env['REQUEST_METHOD'] . "
 SCRIPT_FILENAME = " . $env['SCRIPT_FILENAME'] . "
+HTTP_COOKIE     = " . $env['HTTP_COOKIE'] . "
 COMMAND $cmd
 ";