php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #19162 Downloading a page from cvs.php.net with wget inserts Horde session into file
Submitted: 2002-08-28 18:57 UTC Modified: 2002-09-04 04:25 UTC
From: pgod@php.net Assigned:
Status: Not a bug Package: Website problem
PHP Version: 4.2.2 OS: unknown
Private report: No CVE-ID: None
 [2002-08-28 18:57 UTC] pgod@php.net
I wanted to download a file from cvs.php.net, therefore I pointed wget to it, but the file in cvs and the downloaded file differ in a strange way.

This is how to reproduce the issue:

Please open
http://cvs.php.net/co.php/php-gtk-web/include/layout.php
in your browser, and find the function 'make_link' (line 125).

Line 126 reads

return sprintf("<a href=\"%s\"%s%s>%s</a>",


This remains true also if you download the file layout.php by opening this in a browser:
http://cvs.php.net/co.php/php-gtk-web/include/layout.php?p=1

But if you, like me, download the file by giving this url to the wget program (version 1.5.3, SuSE Linux 7.1), the same line in the downloaded file reads

return sprintf("<a href="\?Horde=89d711fe32dcdbf0b8c32996c43ca0e2""%s\"%s%s>%s</a>",

The random looking session id remains the same with every download.

Hard to say wether this has to do with Horde/Chora, PHP Session Management or wget, as only the wget part lies on my site.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-08-28 21:31 UTC] alan_k@php.net
 lynx -source "http://cvs.php.net/co.php/php-gtk-web/include/layout.php?p=1" | gunzip | more

works ok,

I guess because wget does not support gzip'd gets, it reverts to a non zip call, in which case the session handler will do it's work..

the work around for this would be to turn the session handler off on the raw get calls in horde...

Therefore changing it to a website issue (there is nothing wrong as far as I can see with the session handler - eg. expected behavior..)

has horde got a bug tracker we can pass it on to....
 [2002-08-29 04:21 UTC] pgod@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

Yes, they have one, i will submit the bug there, and close this one.
 [2002-08-30 00:57 UTC] chagenbu@php.net
I'm 99.9% sure that it's because session.use_trans_sid is turned on for cvs.php.net, so it's rewriting the page on the fly, whether we want it to or not. So try turning that off before throwing this at us.
 [2002-09-04 00:12 UTC] kalowsky@php.net
I'm unable to reproduce this using wget v 1.8.1 on FreeBSD 4.6.  I'm willing to bet this is a bug in the earlier versions of wget, and is probably fixed in a more recent release.  Try updating your wget :)
 [2002-09-04 04:25 UTC] pgod@php.net
I update my wget to 1.8.2 (latest available version), and the error remains. Tried it on another server, again wget 1.8.2, same error, yet another server, this time wget 1.7, error remains. Well, you use FreeBSD, I Linux, but it's hard to believe that this has something to do with it.
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Mon Nov 28 12:05:52 2022 UTC