| Bug #13472 | input type=hidden should be in a fieldset if there is one (XHTML and trans sid) | ||||
|---|---|---|---|---|---|
| Submitted: | 28 Sep 2001 4:12am UTC | Modified: | 5 Feb 2003 4:00pm UTC | ||
| From: | mat at dioxine dot com | Assigned to: | |||
| Status: | Closed | Category: | Session related | ||
| Version: | 4.3.0 | OS: | Any | ||
| Votes: | 32 | Avg. Score: | 4.6 ± 0.7 | Reproduced: | 30 of 30 (100.0%) |
| Same Version: | 11 (36.7%) | Same OS: | 21 (70.0%) | ||
[28 Sep 2001 4:12am UTC] mat at dioxine dot com
[5 Dec 2001 10:22am UTC] sander@php.net
Not a bug. Making it a feature request.
[5 Dec 2001 1:22pm UTC] mat at dioxine dot com
hum... not a bug ? PHP is not rewriting html code well, so I'd call it a bug :-) Anyway... any chance to get it fixed soon ? That shouldnt be /that/ hard to do, since you just have to write the input after the first fieldset if there is one, or jst after the form is there isnt any...
[7 Dec 2001 9:16am UTC] sander@php.net
Reclassified back to session-related because Yasuo persuaded me to call it a bug ;)
[3 Mar 2002 7:34am UTC] ebola at psychoholics dot org
anyone know how long before this is fixed or if there is any known workaround?
[3 Mar 2002 8:04am UTC] mat at dioxine dot com
I could not find any suitable workaround :( I hope this will be fixed soon, cause this is really killing me...
[3 Mar 2002 8:08am UTC] ebola at psychoholics dot org
Notice .. any blocklevel tag is affected .. not just fieldset and as such any solution to this problem should take this issue into account.
[4 Mar 2002 5:43am UTC] hholzgra@php.net
as a workaround in php.ini: url_rewriter.tags = "...,form=fakeentry" change it to url_rewriter.tags = "...,form=action" to have the id added to the action url instead of being added as a hidden field gives you legal xhtml, but session id is always a GET parameter, even with method=POST ...
[5 Mar 2002 8:07am UTC] mpillard at ens dot uvsq dot fr
Most people cannot access their host's php.ini... Another workaround ? :)
[5 Mar 2002 8:16am UTC] hholzgra@php.net
you can modify this using .htaccess if your provider allows that or change it at runtime usint ini_set()
[6 Mar 2002 3:05am UTC] yohgaki@php.net
Version update and added comment to summary
[19 Jul 2002 7:56pm UTC] no dot th at nk dot you
Yep - this one is annoying me too. Could the input not be held in its own div /div tag pair? That would make it legal. Cheers, David Bond
[1 Aug 2002 12:32pm UTC] Martin at Skipsey dot com
I've tried using the following:
ini_set("url_rewriter.tags", "a=href,area=href,form=action");
However, now get the session BOTH in the action and in a fake entry.
Any suggestions?
[23 Sep 2002 9:04pm UTC] nielsene at mit dot edu
I don't know if I should submit this as a new bug, or if its part of this one, but the <input> element added should be empty ie <input stuff /> in order to be valid xhtml in addition to the fieldset issue. Probably should be a php.ini option, similar to being able to change argument_seperator.output from & to &.
[25 Sep 2002 6:11am UTC] sas@php.net
Fixed in 4.3 CVS. Thanks for your report.
[3 Dec 2002 11:00pm UTC] ebola at psychoholics dot org
to: sas@php.net is this bug fixed entirely? re: [3 Mar 8:08am] ebola@psychoholics.org Notice .. any blocklevel tag is affected .. not just fieldset and as such any solution to this problem should take this issue into account.
[5 Jan 2003 7:10pm UTC] node at nodefall dot de
is this really fixed????? i have php 4.3 and php add the input tag directly after the form tag! the only _fix_ i found is a comment in the php.ini ; to URLs. If you want XHTML conformity, remove the form entry.
[8 Jan 2003 5:07pm UTC] php at jough dot com
It looks like they fixed the openness of input tags, i.e. - the tags close like <input /> rather than <input> but the hidden input field is still automatically inserted *outside* of a block-level element. It's a mistake to automatically force the hidden input field on us to begin with. Is there a way to turn JUST that part of the trans-id off? This bug is still very much a problem in 4.3
[8 Jan 2003 7:07pm UTC] node at nodefall dot de
so could anybody reopen this bug... or create a new one?
[12 Jan 2003 3:38pm UTC] nicos@php.net
Opened again.
[5 Feb 2003 4:00pm UTC] sniper@php.net
The adding of the hidden input field can now be turned off by just removing the 'form=' entry from url_rewriter.tags
[5 Feb 2003 7:10pm UTC] xanthor at xanthor dot tk
And if we can't access php.ini ?
[8 Feb 2003 5:05pm UTC] node at nodefall dot de
I won't disable this feature!!!!!!!! Where is the Problem to add a <div> ??? Could you please reopen this BUG! THX
[3 Mar 2003 7:25pm UTC] vmizuba at queens dot org
"removing the 'form=' entry from url_rewriter.tags" does not solve the problem if: 1) session.use_cookies is "off" (forms need this hidden tag) 2) there is no access to php.ini. The solution is a matter of moving the hidden tag inserted below a block-level element as it was pointed out above. how do we get this bug reopened AND fixed correctly? TIA
[5 Mar 2003 2:36am UTC] node at nodefall dot de
just open a new one... this seems to be the only way
[25 May 2003 2:42pm UTC] harrydeboer at home dot nl
PHP writes an extra <input type="hidden" etc /> in my code, which is html 4.01 strict. But in html 4.01 strict there should not be a closing slash, so the code becomes invalid. Is there any way to solve that without changing php.ini?
[14 Nov 2003 4:20pm UTC] yallis at surr dot no
I don't know if this bug has been fixed, but many of us is still stuck on hosts with "outdated" software. I solved this problem by putting this lines in my .htaccess: <IfModule mod_php4.c> php_value arg_separator.output "&" php_value url_rewriter.tags "a=href,area=href,frame=src,input=src" </IfModule> ..and put the hidden form value where I wanted it with <input type="hidden" name="PHPSESSID" value="<?php echo session_id(); ?>" /> Seem to work properly and my XHTML1.1 is valid.
[30 Jan 2004 6:12am UTC] ebola at psychoholics dot org
I am going to test this very soon and will be fairly surprised if it isn't fixed. I'll test on latest 4.x and 5.x. Maybe a patch if i get some free time. Good night.
[18 Apr 2004 11:19am UTC] gareth at blueshadow dot org dot uk
How about, finding a form's first <input> tag, and inserting the hidden field just in front of that... That way, if the author has put their first input tag in a valid place, PHP won't change that, and if it isn't in a compliant place, again, PHP won't make it any more or less valid... Just my $0.02
[21 Apr 2004 5:21am UTC] paulc at 4-life dot net
I'm also getting this problem. Is there a possible fix without having to edit the php.ini file?
[26 Aug 2004 1:51am UTC] glenjamin at gmail dot com
i've found that removing the form= and using fieldset=fakeentry worked fine for me on php 4.3.6
