PHP :: Bug #55444 :: trans-sid enabled; PHPSESSID inserted after end of href on links

Bug #55444

trans-sid enabled; PHPSESSID inserted after end of href on links

Submitted:

2011-08-17 22:33 UTC

Modified:

2013-02-18 00:34 UTC

Votes:	4
Avg. Score:	4.0 ± 0.7
Reproduced:	3 of 3 (100.0%)
Same Version:	1 (33.3%)
Same OS:	0 (0.0%)

From:

fatman at crackmonkey dot us

Assigned:

Status:

No Feedback

Package:

Session related

PHP Version:

Irrelevant

OS:

Ubuntu 10.04.3 LTS

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	fatman at crackmonkey dot us
New email:
PHP Version:		OS:

New Comment:

[2011-08-17 22:33 UTC] fatman at crackmonkey dot us

Description:
------------
In more detail, OS:
Linux 2.6.32-32-server x86_64 #62-Ubuntu SMP Wed Apr 20 22:07:43 UTC 2011 

PHP 5.3.2-1ubuntu4.9 with Suhosin-Patch (cli) (built: May  3 2011 00:45:52)

This is the standard PHP package from Ubuntu Lucid's "main" repo. I did not 
compile it. I have enabled the trans-
sid option.

When generating a long list of links, occasionally the trans-sid function will 
miss the end of the "href" 
attribute and add "?PHPSESSID=73...07" outside the closing double quote mark. 
eg:

<td><a href="index.php?
area=gallery&page=edit_photo&file=gallery_36.jpg&amp;PHPSESSID=73...07"><img 
src="images/edit.png" />gallery_36.jpg</a></td> 
...
<td><a href="index.php?area=gallery&page=edit_photo&file=gallery_37.jpg"?
PHPSESSID=73...07><img 
src="images/edit.png" />gallery_37.jpg</a></td> 

Note that since it is outside the quote mark, it is generated with a "?" instead 
of "&amp;". This reliably 
happens on the "gallery_37.jpg" link, and the "gallery_18.jpg" link, and a few 
others.

Test script:
---------------
The relevant loop:

      while ($row = mysql_fetch_assoc($result)) {
         $file = sanitise_html($row["filename"]);
         $title = sanitise_html($row["title"]);
?>
               <tr>
                  <td><a href="index.php?area=gallery&page=edit_photo&file=<?=$file?>"><img src="images/edit.png" /><?=$file?></a></td>
                  <td><?=$title?></td>
                  <td><a href="index.php?area=gallery&page=delete_photo&file=<?=$file?>"><img src="images/delete.png" /></a></td>
               </tr>
<?
      }

Expected result:
----------------
In the example above, I would expect:

&amp;PHPSESSID=73...07

to be added to the end of every link, in the proper place, *inside* the end of the 
href attribute.

Actual result:
--------------
On some links, the PHPSESSID appears *outside* the end of the href attribute. This 
causes the PHPSESSID not to be included in the link.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-08-22 14:05 UTC] kalle@php.net

Upgrade PHP first, we don't support 5.3.2 anymore

[2011-08-22 14:07 UTC] kalle@php.net

-Status: Open +Status: Feedback

[2011-08-22 14:07 UTC] kalle@php.net

(pressed Enter by accident)

... if the problem persists in 5.3.7 or the upcoming patch level release 5.3.8 then change the status of the bug back to Open

[2011-11-16 19:49 UTC] dimitriy at remerov dot ru

Was able to reproduce on different installations on 5.3.6 and 5.3.5.
If I place link before broken one, then this new one becomes broken.

Unfortunately can't test in other versions due to complication installation.


Relevant part HTML (5th link is broken, but there are links before that HTML):

...					
<a href="a?PHPSESSID=c5e10c3bb9d776c7b618531d31bb44ae">
	abcdefghijkjlmopqrstuvwxyz
</a>
<a href="b?PHPSESSID=c5e10c3bb9d776c7b618531d31bb44ae">
	abcdefghijkjlmopqrstuvwxyz
</a>
<a href="c?PHPSESSID=c5e10c3bb9d776c7b618531d31bb44ae">
	abcdefghijkjlmopqrstuvwxyz
</a>
<a href="d?PHPSESSID=c5e10c3bb9d776c7b618531d31bb44ae">
	abcdefghijkjlmopqrstuvwxyz
</a>
<a href="e"?PHPSESSID=c5e10c3bb9d776c7b618531d31bb44ae>

	abcdefghijkjlmopqrstuvwxyz
</a>
<a href="f?PHPSESSID=c5e10c3bb9d776c7b618531d31bb44ae">
	abcdefghijkjlmopqrstuvwxyz
</a>
...
--------------

Relevant code:


// add start
if (strpos($url_item, 'translation') !== false) { // to make it around 17th link 
on page
	?>
<a href="<?= "a" ?>">
	abcdefghijkjlmopqrstuvwxyz
</a>
<a href="<?= "b" ?>">
	abcdefghijkjlmopqrstuvwxyz
</a>
<a href="<?= "c" ?>">
	abcdefghijkjlmopqrstuvwxyz
</a>
<a href="<?= "d" ?>">
	abcdefghijkjlmopqrstuvwxyz
</a>
<a href="<?= "e" ?>">
	abcdefghijkjlmopqrstuvwxyz
</a>
<a href="<?= "f" ?>">
	abcdefghijkjlmopqrstuvwxyz
</a>
	<?php
}
// add end

----

[2012-12-14 09:39 UTC] freynder at gmail dot com

Experienced the same issue in PHP 5.3.10. I have a long list of links and they 
look all correct except for 1. 

Code:
<a href="/admin/field/edit/params/id/<?= $field['field_id'] ?>/client/<?= $id ?
>" class="edit">Edit</a>

Result:
<a href="/admin/field/edit/params/id/632/client/32"?
PHPSESSID=gs0p9jd4er5fm1ojhg7tbq5m75 class="edit">Edit</a>

[2013-02-18 00:34 UTC] php-bugs at lists dot php dot net

No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Oct 24 18:00:01 2025 UTC