php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #37835 URL rewriting uses raw value of arg_separator.output, not HTML-escaped value
Submitted: 2006-06-18 06:37 UTC Modified: 2006-06-19 07:57 UTC
From: ma499 at doc dot ic dot ac dot uk Assigned:
Status: Not a bug Package: Session related
PHP Version: 5.1.4 OS: n/a
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: ma499 at doc dot ic dot ac dot uk
New email:
PHP Version: OS:

 

 [2006-06-18 06:37 UTC] ma499 at doc dot ic dot ac dot uk 
Description:
------------
Was previously submitted here and deemed to be bogus:
http://bugs.php.net/bug.php?id=30049

But I think reviwer of original report (nlopess@php.net) 
misunderstood. This issue is not bogus.

As reviewer stated, PHPSESSID is appended later, so is not 
translated to &. Hence, in order to produce valid HTML/
XHTML output arg_seperator.output must be set to & and 
is standard practice 

Up until PHP5 this has not been a problem as nothing else 
uses arg_seperator.output.

BUT such a configuration now causes a problem with the new 
http_build_query() in PHP5. The output of that function will 
no longer be valid should the developer want to use in, for 
example, a Location: header (where the & should not be 
escaped).

This is therefore a bug. I would suggest the problem is with 
the transid code which shoudl escape it's &PHPSESSID output 
to &PHPSESSID.

Reproduce code:
---------------
See http://bugs.php.net/bug.php?id=30049

Expected result:
----------------
See http://bugs.php.net/bug.php?id=30049

Actual result:
--------------
See http://bugs.php.net/bug.php?id=30049

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-06-19 07:57 UTC] mike@php.net 
http_build_query() in PHP-5.1+ has an optional third "arg_separator" argument.

I suggest, if at all, this is a documentation problem.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Apr 03 06:01:28 2025 UTC