PHP :: Bug #18776 :: using & instead of "&" causes malformed HTTP

Bug #18776	using & instead of "&" causes malformed HTTP_REFERER
Submitted:	2002-08-07 06:11 UTC	Modified:	2002-08-07 06:18 UTC
From:	rob at pipgroup dot com	Assigned:
Status:	Not a bug	Package:	Variables related
PHP Version:	4.2.2	OS:	Win2K
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2002-08-07 06:11 UTC] rob at pipgroup dot com

when using "&#38;" instead of "&" to separate variables passed through a url causes HTTP_REFERER to include all the url after the first &#38;.

According to the W3C &#38; should be used to avoid confusion with & being used as a character entity identifier.

This is a big problem when passing variables out of a page for processing on a second page which then uses a header() redirect back to the original page.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-08-07 06:18 UTC] markonen@php.net

Actually I think that W3C recommends either &amp; or just a semicolon as the parameter separator.

You are encountering a user agent issue. PHP doesn't parse the Referer header; it's there exactly like the user agent sent it.

User agents generally know that a "&amp;" in a href attribute be decoded and a plain "&" sent to the server when accessing the location. It seems that your browser doesn't do this for &#38;.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Mon Apr 29 20:01:30 2024 UTC