PHP :: Doc Bug #23001 :: Bug in documentation of SESSIONs

Doc Bug #23001	Bug in documentation of SESSIONs
Submitted:	2003-04-01 05:52 UTC	Modified:	2003-04-02 06:39 UTC
From:	sesser@php.net	Assigned:
Status:	Closed	Package:	Documentation problem
PHP Version:	5CVS-2003-04-01 (dev)	OS:	*
Private report:	No	CVE-ID:	None

View Developer Edit

[2003-04-01 05:52 UTC] sesser@php.net

Documentation suggest to output SID with a simple
echo -> vulnerable to Cross Site Scripting

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-04-01 17:14 UTC] alindeman@php.net

What do you suggest be done with it?

[2003-04-02 03:35 UTC] sesser@php.net

Do whatever you like strip_tags(),urlencode(),html_entities()

just replace the simple  echo SID stuff.

[2003-04-02 06:39 UTC] alindeman@php.net

This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

[2020-02-07 06:12 UTC] phpdocbot@php.net

Automatic comment on behalf of alindeman
Revision: http://git.php.net/?p=doc/en.git;a=commit;h=1f146b0a2a1bb8c0ea1c0719e7d7df11efcd4e2e
Log: Fix bug #23001

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Aug 06 10:00:02 2025 UTC