PHP :: Bug #16736 :: trans-sid breaks when GET string includes colon

Bug #16736	trans-sid breaks when GET string includes colon
Submitted:	2002-04-22 15:34 UTC	Modified:	2002-04-23 04:21 UTC
From:	carljm at goshen dot edu	Assigned:
Status:	Not a bug	Package:	Session related
PHP Version:	4.1.2	OS:	RedHat Linux 7.2
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2002-04-22 15:34 UTC] carljm at goshen dot edu

It appears that if the already-existing GET string of a URl includes the colon character (:), trans-sid will not add the session id to that URL.  This problem is demonstrated by this short demo script:

<?php
session_start();
echo $_SESSION['counter']++;
?>                                                         
<a href="test.php?somevar[key:3]=value">Bad Link</a>

The incorrect behavior occurs whether the colon appears in the attribute name or in the value.  If the colon is removed from the GET string, the link is rewritten correctly.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-04-23 04:21 UTC] sander@php.net

A colon is not an allowed character in GET urls. Replace it with the appropriate %xxx value or use urlencode().

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Jun 02 02:01:29 2024 UTC