|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2001-11-19 12:47 UTC] bate@php.net
[2001-12-19 22:54 UTC] yohgaki@php.net
[2002-01-24 15:15 UTC] fischer at ms-net dot de
[2002-02-03 20:00 UTC] yohgaki@php.net
[2002-09-25 05:41 UTC] sas@php.net
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sat Apr 19 22:01:26 2025 UTC |
I came across the bug described in Bug-ID #8311 with 4.03pl1 on our old Server, so I transfered it to the new Server running 4.0.6 and the behaviour is nearly the same. This: <?php session_start(); $somevar = "<a href=\"javascript:;\" onClick=window.open(\"/hardware/somevar.php?hinfoid=".$somevar_id."\",\"chgti\",\"location=0,directories=0,status=0,menubar=0,scrollbars=0,toolbar=0,width=450,height=470\");>Badlink</a>"; echo $somevar; ?> produces this: <a href="javascript:;" onClick="window.open(""/hardware/somevar.php?hinfoid=","chgti","location=0,directories=0,status=0,menubar=0,scrollbars=0,toolbar=0,width=450,height=470");>Badlink</a> Without the session, the Output is normal, both with 4.0.3pl1 and 4.06. The only difference is that 4.0.6 does a few less quotes than 4.0.3pl1. Trans-SID is enabled, PHP is running as an Apache-Module