php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #50308 session id not appended properly for empty anchor tags
Submitted: 2009-11-27 01:57 UTC Modified: 2013-06-27 22:38 UTC
From: Dormilich at netscape dot net Assigned:
Status: Closed Package: Session related
PHP Version: 5.4/5.5 OS: Linux
Private report: No CVE-ID: None
 [2009-11-27 01:57 UTC] Dormilich at netscape dot net
Description:
------------
I created a Suckerfish Dropdown Menu via XSLT, which contains empty 
anchor elements (<a href="?"/>). If Cookies are disabled the Session 
ID should be appended at the end of the href attribute value (URL) but 
it is appended after the closing slash of the element, rendering the 
XHTML invalid.

However, "normal" hyperlinks (<a href="?">link text</a>) are not 
affected.


Configure Command:
'./configure' '--prefix=/usr/local/php5' '--with-config-file-
path=/etc/php5' '--with-openssl' '--with-xsl' '--with-xmlrpc' '--
enable-mbstring' '--enable-mbregex' '--enable-wddx' '--with-
gettext=/usr' '--with-mysql=/usr/local/mysql' '--with-
mysqli=/usr/local/mysql/bin/mysql_config' '--with-mcrypt=/usr/lib64/' 
'--with-apache=../apache_current/' '--with-freetype-dir=/usr/local' '-
-with-t1lib=/usr/local' '--with-gd' '--enable-gd-native-ttf' '--with-
jpeg-dir=/usr/local' '--enable-exif' '--with-png-dir=/usr/local/lib' 
'--with-zlib' '--with-curl' '--enable-bcmath' '--enable-calendar' '--
enable-discard-path' '--enable-shared' '--enable-force-cgi-redirect' 
'--with-pdo-mysql=/usr/local/mysql' '--enable-soap'

Reproduce code:
---------------
<a href="site.php?id=this"/>

Expected result:
----------------
<a href="site.php?id=this&amp;PHPSESSID=3d?d4"/>

Actual result:
--------------
<a href="site.php?id=this"/&amp;PHPSESSID=3d?d4>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-11-30 14:27 UTC] Dormilich at netscape dot net
this can be worked around by adding another attribute after the href attribute:
<a href="site.php?id=this" title="currently"/>
 [2010-12-01 16:29 UTC] jani@php.net
-Package: Feature/Change Request +Package: Session related
 [2013-06-27 22:38 UTC] yohgaki@php.net
-Status: Open +Status: Analyzed -Type: Feature/Change Request +Type: Bug -PHP Version: 5.2.11 +PHP Version: 5.4/5.5
 [2013-06-27 22:38 UTC] yohgaki@php.net
This is ext/standard/url_scanner_ex.re bug. This can be checked as follows

$ ./sapi/cgi/php-cgi -d session.use_trans_sid=1 -d session.use_only_cookies=0
<?php
session_start();
?>

<a href="site.php?id=this" />   
<a href="site.php?id=this"/>                         

X-Powered-By: PHP/5.4.18-dev
Set-Cookie: PHPSESSID=7ccd5541724e6c476d0742bc12884faa; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-type: text/html


<a href="site.php?id=this&PHPSESSID=7ccd5541724e6c476d0742bc12884faa" />
<a href="site.php?id=this"/&PHPSESSID=7ccd5541724e6c476d0742bc12884faa>
 [2013-07-17 15:32 UTC] arpad@php.net
Automatic comment on behalf of arraypad@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e6ae977082bcff9c2ef0db4db58df2b07561c0a1
Log: Fixed bug #50308 - session id not appended properly for empty anchor tags
 [2013-07-17 15:32 UTC] arpad@php.net
-Status: Analyzed +Status: Closed
 [2014-10-07 23:18 UTC] stas@php.net
Automatic comment on behalf of arraypad@gmail.com
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=e6ae977082bcff9c2ef0db4db58df2b07561c0a1
Log: Fixed bug #50308 - session id not appended properly for empty anchor tags
 [2014-10-07 23:29 UTC] stas@php.net
Automatic comment on behalf of arraypad@gmail.com
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=e6ae977082bcff9c2ef0db4db58df2b07561c0a1
Log: Fixed bug #50308 - session id not appended properly for empty anchor tags
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 14:01:32 2024 UTC