PHP :: Bug #25248 :: SESSION encoding in urls should use HTML entities not ampersands

Bug #25248	SESSION encoding in urls should use HTML entities not ampersands
Submitted:	2003-08-26 06:06 UTC	Modified:	2003-08-26 06:31 UTC
From:	js at nomensa dot com	Assigned:
Status:	Not a bug	Package:	Output Control
PHP Version:	4.3.2	OS:	all
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	js at nomensa dot com
New email:
PHP Version:		OS:

New Comment:

[2003-08-26 06:06 UTC] js at nomensa dot com

Description:
------------
When cookies are disabled php encodes a session id in the output urls.

It currently uses single ampersands '&' but this is illegal in XHTML (and slightly illegal in HTML), the ampersand character in <a> links etc should be encoded as the entity '&amp;'.

Additionally semi-colons could also be used to get around this whole mess.

Actually, I prefer semi-colons. It would be good if PHP supported this.

Reproduce code:
---------------
Go to this link with cookies off:

http://alastc.homeip.net/alastairc/page.php



Expected result:
----------------
Url should be encoded properly:

Should be written as:

<li><a href="page.php?domain=&amp;type=news&amp;PHPSESSID=ef38d5d3bc286f6e1de5581003d710d5">News</a></li>

Actual result:
--------------
Links are written illegally:

<li><a href="page.php?domain=&amp;type=news&PHPSESSID=ef38d5d3bc286f6e1de5581003d710d5">News</a></li>


This fails the DTD check under XHTML 1.0 (strict)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-08-26 06:31 UTC] derick@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

See the php.ini setting arg_separator.output

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Dec 26 23:01:28 2024 UTC