PHP :: Bug #17297 :: TEXTAREA and PHPSESSID

Bug #17297	TEXTAREA and PHPSESSID
Submitted:	2002-05-17 17:03 UTC	Modified:	2002-05-17 18:53 UTC
From:	needleboy at play-ground dot net	Assigned:
Status:	Not a bug	Package:	Session related
PHP Version:	4.1.2	OS:	winME
Private report:	No	CVE-ID:	None

View Developer Edit

[2002-05-17 17:03 UTC] needleboy at play-ground dot net

i didna compile PHP

the php session adds ?PHPSESSID vars into html inside a textarea, which causes hassles when you're using a textarea to store html code in the db.

perhaps this has been dealt with, and if so, i apologise, but i couldna find it.

in advance, thankyou

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-05-17 18:08 UTC] sniper@php.net

Please add an example piece of HTML which can be used to 
reproduce this.

[2002-05-17 18:31 UTC] needleboy at play-ground dot net

<textarea><a href="index.html">link</a></textarea>

will be rendered to

<textarea><a href="index.html?PHPSESSID=sdhf87akjdasjd878a8sf...">link</a></textarea>

with cookies turned off, but php sessions used

thankyou for the swift response

[2002-05-17 18:53 UTC] sniper@php.net

This is not bug but pretty much the expected behaviour.
You should use htmlentities() on the data for <textarea>

--Jani

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Nov 30 11:00:02 2025 UTC