PHP :: Bug #18340 :: session management without cookies inserts not-XHTML-conform INPUT

Bug #18340

session management without cookies inserts not-XHTML-conform INPUT

Submitted:

2002-07-14 15:46 UTC

Modified:

2003-06-02 05:28 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

hnt at gmx dot at

Assigned:

Status:

Closed

Package:

Session related

PHP Version:

4.2.1

OS:

Linux 2.4.18

Private report:

CVE-ID:

None

View Developer Edit

[2002-07-14 15:46 UTC] hnt at gmx dot at

I am using php 4.2.1
The session.use_trans_sid is set to "1" and url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=action"

Still the output is not Xhtml 1.0 Strict Valid

-- w3 Validator output --
Error: element "input" not allowed here; possible cause is an inline element containing a block-level element
--
the incorrect line is
<form method="post" action="index.php?phpdiaryID=88e24d5c84040f8f3f5b1cd12e4fc9a2"><input type="hidden" name="phpdiaryID" value="88e24d5c84040f8f3f5b1cd12e4fc9a2" /><p><input type="hidden" name="a" value="login" />

As you can see, there is a "<p>" there. PHP should place the hidden input-field after the <p> then it should be perfectly ok...

Patches

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-07-14 15:51 UTC] hnt at gmx dot at

By "without cookies" I meant when the browser does not accept the sessionID cookie and php rewrites the document to maintain state

[2002-07-14 17:47 UTC] sniper@php.net

Duplicate of: http://bugs.php.net/bug.php?id=13472

[2002-07-14 17:59 UTC] hnt at gmx dot at

Around when can a fix be expected?
It is a bit annoying because the suggested workaround from bugreport #13472 is Transitional-conform but wont validate against Strict :-(

[2002-07-14 18:02 UTC] sniper@php.net

Just remove the 'form=fake..' from the ini setting
and add the session id 'manually' in your code.

About when this will be fixed..well..not very soon I guess.
(I myself don't know the related code at all to be able to fix it..)

[2002-09-29 20:14 UTC] sniper@php.net

This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

[2003-06-02 02:46 UTC] xanthor at fr dot fm

I'm using PHP 4.3.2 and the bug is still here...

[2003-06-02 05:28 UTC] sniper@php.net

In php.ini:

session.use_trans_sid = 0

or

url_rewriter.tags = " a=href,area=href,frame=src,input=src,fieldset="

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Mon Aug 19 02:01:28 2024 UTC