php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #27965 invalid HTML is created after adding session id to URL's
Submitted: 2004-04-12 14:36 UTC Modified: 2004-04-12 14:45 UTC
From: rch at online dot lt Assigned:
Status: Not a bug Package: Session related
PHP Version: 4.3.4 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
 [2004-04-12 14:36 UTC] rch at online dot lt 
Description:
------------
Invalid HTML is created after adding session ids to URL's.   
E.g.:  
<a  
href="/p/index.php?action=article&amp;article_id=7&sid=4ecaf17fb3db7aa3782b6ad8d87f9488">more</a>  
& before "sid" (session id name changed from default) is  
invalid as it marks start of HTML entity in HTML syntax.    
This fails to validate a page with formal syntax checker on  
validator.w3.org for example. You should use &amp; form of  
escaping instead when adding session ids to references in  
the HTML output.  
 
You may suggest changing arg_separator as in #15504, but 
most people don't have access to system wide php.ini 
configuration file on web hosting accounts, and it looks 
unreasonable to me that special hacking is needed just to 
get a valid HTML output. 
 
 

Expected result:
----------------
/p/index.php?action=article&amp;article_id=7&amp;sid=4ecaf17fb3db7aa3782b6ad8d87f9488 

Actual result:
--------------
/p/index.php?action=article&amp;article_id=7&sid=4ecaf17fb3db7aa3782b6ad8d87f9488

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-04-12 14:45 UTC] sniper@php.net 
The ini option is there for this and this is not gonna change.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Dec 04 20:00:01 2025 UTC