PHP :: Bug #18179 :: trans-sid: Invalid XHTML 1.1 Output (hidden field)

Bug #18179

trans-sid: Invalid XHTML 1.1 Output (hidden field)

Submitted:

2002-07-05 06:17 UTC

Modified:

2002-09-26 12:07 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

akorthaus at web dot de

Assigned:

Status:

Closed

Package:

Session related

PHP Version:

4.1.2

OS:

Unix

Private report:

CVE-ID:

None

View Add Comment Developer Edit

[2002-07-05 06:17 UTC] akorthaus at web dot de

PHP is compiled with --enable-trans-sid.  
If I use sessions, a hidden field like <input tpe="hidden" name="PHPSESSID" value="234234kkldslkj32jkll3k"> is put between every <form></form>. 

The <input> is added DIRECTLY behind the first <form>-tag.
That?s nice, but in XHTML 1.1 <form><input></form> isn?t allowed anymore, you must use something like <form><div><input></div></form>, but this is not possible.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-07-05 06:34 UTC] markonen@php.net

The name attribute on the input tag isn't supported in 
XHTML 1.1 either. This unfortunately means that XHTML 1.1 
compliant output isn't practically possible since most 
browsers don't yet support input tags identified by the id 
attribute.

XHTML 1.0 compliant output would be possible, however, with 
the change you suggest.

[2002-07-05 06:38 UTC] sniper@php.net

You're aware of course that you can turn this off
with url_rewriter.tags directive in php.ini by removing
the 'form=fakeentry' ?

[2002-07-05 06:43 UTC] akorthaus at web dot de

No! name ist allowed in <input>, but nut in <form>. My first problem ist the same in XHTML 1.0 strict. 

Here is a link where I had this problem(line 20):
http://validator.w3.org/check?uri=http%3A%2F%2Fforum.knet-systems.de&charset=%28detect+automatically%29&doctype=%28detect+automatically%29

[2002-07-05 06:46 UTC] hholzgra@php.net

Duplicate of #13472

http://bugs.php.net/bug.php?id=13472

[2002-07-05 06:49 UTC] akorthaus at web dot de

Oh, sorry! I asked so many people and nobody knew....
But ist would be nice if some day this would work correctly :) 
Another question: Is it possible to add the SessionID to header("Location:...") by trans-sid automatically?

[2002-07-05 06:52 UTC] sniper@php.net

still duplicate..and there is no way yet to automatically get the SID in header()

[2002-07-05 06:56 UTC] akorthaus at web dot de

I?ve not found it myself, sorry.

But the given solution there is not correct:

  url_rewriter.tags = "...,form=fakeentry"

change it to 

  url_rewriter.tags = "...,form=action"


First of all you may not mix GET and POST, also there may not be any parameters in the action link!

I know, some Browser support this, but not every browser and the fact that it is supported doesn?t make usage correct!

[2002-07-05 07:06 UTC] sniper@php.net

This is duplicate, please don't change the status again
or add any more comments. We know this already.

[2002-09-26 12:07 UTC] sniper@php.net

This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat May 18 07:01:33 2024 UTC