php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #9699 URL with anchor reference parsing error
Submitted: 2001-03-12 06:12 UTC Modified: 2001-03-16 17:26 UTC
From: muffle at immortalcurse dot com Assigned:
Status: Closed Package: HTTP related
PHP Version: 4.0.4pl1 OS: Win 2000
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: muffle at immortalcurse dot com
New email:
PHP Version: OS:

 

 [2001-03-12 06:12 UTC] muffle at immortalcurse dot com
This bug affects how variables are parsed from the URL, in instances when the header() function is used to forward the browser. Eg. if the following code was used in a script:

header("Location: index.php?variable=blah")

Then index.php would be parsed and PHP would assign $variable == blah. However, if the user adds a HTML anchor reference onto the end, eg:

header("Location: index.php?variable=blah#1")

Then the web browser would still parse it fine, but PHP will assign $variable == blah#1. If the user refreshes the browser window (eg., the location header isn't being used to laod the script) then it works fine, so this bug is limtied to the header() function only.

Fix:

The script writer can add an & before the # character in the URL, eg:

index.html?variable=blah&#1

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-03-16 17:26 UTC] sniper@php.net
Can't reproduce. Try latest CVS build from http://www.php4win.de/

--Jani

 [2004-05-06 20:52 UTC] azz0r at wuggawoo dot co dot uk
I get this bug too.

I can literally do;

[php]echo $forum_properties['base_url']."/thread/$tid/$pages#$pq->pid";
header("Location: ".$forum_properties['base_url']."/thread/$tid/$pages#$pq->pid");
success_box('Post Added', "index/thread/$tid/$pages#$pq->pid");[/php]

results in

[php]//http://forumz.wuggawoo.co.uk/index/thread/5/5#6890
//redirects to [url]http://forumz.wuggawoo.co.uk/index/thread/5/5[/url]
//redirectrs to [url]http://forumz.wuggawoo.co.uk/index/thread/5/5#6890[/url][/php]

I tried the &# solution but it didnt work, it just goes to /&
 [2004-05-10 20:31 UTC] azz0r at wuggawoo dot co dot uk
Unon further inspection and testing the thing that knocks the header command out is a file field in the form.

Without a file field it forwards correctly, else it drops anchors.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Nov 22 16:01:30 2024 UTC