php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #16374 Automatic Session ID replacement adds at a wrong place session ID in Javascript
Submitted: 2002-04-01 10:47 UTC Modified: 2002-09-26 12:02 UTC
From: sdf at dplanet dot ch Assigned:
Status: Closed Package: Session related
PHP Version: 4.1.2 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: sdf at dplanet dot ch
New email:
PHP Version: OS:

 

 [2002-04-01 10:47 UTC] sdf at dplanet dot ch 
Hello,

This is what I coded in a PHP page:

         echo "      <Script language=\"Javascript\">getDivTag(\"id=\\\"backID\\\" class=\\\"galbb\\\"\",\n";
         echo "         \"<a href=\\\"Javascript:load('../index.html');\\\">\\\n";
         echo "            <img src=\\\"../back.gif\\\" alt=\\\"Leave picture gallery\\\">\\\n";
         echo "         </a>\");</script>";

This is what the browser got: 

      <Script language="Javascript">getDivTag("id=\"backID\" class=\"galbb\"",
         "<a href="\?PHPSESSID=711e2d88c69e1320557bd47ae88d62a2""Javascript:load('../index.html');">\
            <img src=\"../back.gif\" alt=\"Leave picture gallery\">\
         </a>");</script>

instead of ...href=\"Javascript:load('../index.html')\"...

It seems, that PHP was thinking the \ is a incorrectly specified href attribut value and therefore replaced it by \?PHPSESSID=... 

The same problem still exists if instead a call to a Javascript function the direct uri is specified:
href=\"..\index.html\". 

I guess PHP doesn't do a context base analyse, but simply searches for href=. This seems sensible to me, since it's the easiest way. 

I suggest to do a special case treatment, and look if \" follows a href attribut. In that case the href may be within a Javascript string and the replacement should be done using \" as delimiters.

I also suggest not to add " if the programmer forgot them. I suggest in that case to write a warning during compilation (if that exists), because it href= may be within a string in a Javascript statement. Adding " would cause the string to terminate, which would unsettle the javascript statement.

I can't garantuee I'm using the latest PHP version. I use a provider. I'm going to install the latest PHP version on my localhost. Then I'll update this bugreport. Until then, you could treat it as FYI.

Unfortunatelly I can't get an exact configuration of PHP from my provider until next week, I got to call them.

I checked all bug reports 'session related'. Are there all bugs reported since 4.0?

Go on like that, I really appreciate your work!!

Gr?goire Braun
Switzerland

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-04-02 09:41 UTC] yohgaki@php.net 
It seems this is a duplicate of #14080
 [2002-09-26 12:02 UTC] sniper@php.net 
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Apr 25 12:01:31 2024 UTC