PHP :: Bug #17297 :: TEXTAREA and PHPSESSID

Bug #17297	TEXTAREA and PHPSESSID
Submitted:	2002-05-17 17:03 UTC	Modified:	2002-05-17 18:53 UTC
From:	needleboy at play-ground dot net	Assigned:
Status:	Not a bug	Package:	Session related
PHP Version:	4.1.2	OS:	winME
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	needleboy at play-ground dot net
New email:
PHP Version:		OS:

New Comment:

[2002-05-17 17:03 UTC] needleboy at play-ground dot net

i didna compile PHP

the php session adds ?PHPSESSID vars into html inside a textarea, which causes hassles when you're using a textarea to store html code in the db.

perhaps this has been dealt with, and if so, i apologise, but i couldna find it.

in advance, thankyou

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-05-17 18:08 UTC] sniper@php.net

Please add an example piece of HTML which can be used to 
reproduce this.

[2002-05-17 18:31 UTC] needleboy at play-ground dot net

<textarea><a href="index.html">link</a></textarea>

will be rendered to

<textarea><a href="index.html?PHPSESSID=sdhf87akjdasjd878a8sf...">link</a></textarea>

with cookies turned off, but php sessions used

thankyou for the swift response

[2002-05-17 18:53 UTC] sniper@php.net

This is not bug but pretty much the expected behaviour.
You should use htmlentities() on the data for <textarea>

--Jani

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Jul 12 10:01:33 2025 UTC