PHP :: Bug #21093 :: PHPSESSID not being added to form action="" if input type="image" used

Bug #21093	PHPSESSID not being added to form action="" if input type="image" used
Submitted:	2002-12-19 03:28 UTC	Modified:	2003-01-01 06:22 UTC
From:	jc at mega-bucks dot co dot jp	Assigned:
Status:	Closed	Package:	Session related
PHP Version:	4.2.3	OS:	Red Hat Linux 7.2
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	jc at mega-bucks dot co dot jp
New email:
PHP Version:		OS:

New Comment:

[2002-12-19 03:28 UTC] jc at mega-bucks dot co dot jp

I have session.auto_start = 1 in my php.ini. I find that the SID is not being added to a form's action="" value if the form contains a <input type="image"> tag ...

This is a serious bug as it causes sessions to be lost if <input type="image"> buttons are used in a form.

Pasted below is the output of PHP for one of my page swhere I use a form and in it there is an <input type="image"> tag. As you can see the SID is added to the src="" of the image but not to the action="" field of the form, where I believe it is the right place to put it ...

Jc

<form name="write" action="/hashi/html/market/market.html" method="GET" style="margin:0px";>
<input type="hidden" name="write_review" value="true">
<input type="hidden" name="body" value="details">
<input type="hidden" name="pid" value="489000401024">
<table width="650" border="0" cellspacing="0" cellpadding="0">
 <tr valign="top"> 
  <td width="65"> 
   <div class="marginleft20"><img src="img/yajirushi_review.gif" width="25" height="42" alt=""></div>
  </td>
  <td width="445" valign="bottom"><span class="size12">̴???ˤʤäƸ??ޤ??????????ʴ?ư??ʤ??⥫?????ޡ????ӥ塼?ؽ???ߤޤ???????????ޡ????ӥ塼?Ǥϥ桼??????????ȿ?????????????????ޤ???</span></td>
  <td width="140" valign="bottom" align="right"><input type="image" name="toukou" src="img/b_writereview.gif?PHPSESSID=046e74dbd20eca0eb4f2fce3896dbc5e" width="118" height="23" alt="???ӥ塼??????" border="0"></td>
 </tr>

</table>
</form>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-12-19 18:52 UTC] iliaa@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php4-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-latest.zip

[2003-01-01 04:21 UTC] jc at mega-bucks dot co dot jp

I installed 4.3.0 and could not recreate the bug. The session ID is now correctly added as a <input type="hidden" ...> field inside the <form> </form> tags.

Still curious as to what was causing the bug, but since it's fixed I'm quite happy to leave it at that.

Thanks!

[2003-01-01 06:22 UTC] derick@php.net

Reported fixed, so we cloase it.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Sep 12 11:00:01 2025 UTC