php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #9699 URL with anchor reference parsing error
Submitted: 2001-03-12 06:12 UTC Modified: 2001-03-16 17:26 UTC
From: muffle at immortalcurse dot com Assigned:
Status: Closed Package: HTTP related
PHP Version: 4.0.4pl1 OS: Win 2000
Private report: No CVE-ID: None
 [2001-03-12 06:12 UTC] muffle at immortalcurse dot com
This bug affects how variables are parsed from the URL, in instances when the header() function is used to forward the browser. Eg. if the following code was used in a script:

header("Location: index.php?variable=blah")

Then index.php would be parsed and PHP would assign $variable == blah. However, if the user adds a HTML anchor reference onto the end, eg:

header("Location: index.php?variable=blah#1")

Then the web browser would still parse it fine, but PHP will assign $variable == blah#1. If the user refreshes the browser window (eg., the location header isn't being used to laod the script) then it works fine, so this bug is limtied to the header() function only.

Fix:

The script writer can add an & before the # character in the URL, eg:

index.html?variable=blah&#1

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-03-16 17:26 UTC] sniper@php.net
Can't reproduce. Try latest CVS build from http://www.php4win.de/

--Jani

 [2004-05-06 20:52 UTC] azz0r at wuggawoo dot co dot uk
I get this bug too.

I can literally do;

[php]echo $forum_properties['base_url']."/thread/$tid/$pages#$pq->pid";
header("Location: ".$forum_properties['base_url']."/thread/$tid/$pages#$pq->pid");
success_box('Post Added', "index/thread/$tid/$pages#$pq->pid");[/php]

results in

[php]//http://forumz.wuggawoo.co.uk/index/thread/5/5#6890
//redirects to [url]http://forumz.wuggawoo.co.uk/index/thread/5/5[/url]
//redirectrs to [url]http://forumz.wuggawoo.co.uk/index/thread/5/5#6890[/url][/php]

I tried the &# solution but it didnt work, it just goes to /&
 [2004-05-10 20:31 UTC] azz0r at wuggawoo dot co dot uk
Unon further inspection and testing the thing that knocks the header command out is a file field in the form.

Without a file field it forwards correctly, else it drops anchors.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 21:01:27 2024 UTC