php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #23694 Hidden input for session is invalid XHTML
Submitted: 2003-05-19 06:57 UTC Modified: 2003-09-14 17:38 UTC
Votes:12
Avg. Score:4.8 ± 0.6
Reproduced:10 of 10 (100.0%)
Same Version:6 (60.0%)
Same OS:2 (20.0%)
From: max at taupe dot breezeland dot com Assigned:
Status: Not a bug Package: Session related
PHP Version: 4.3.2RC3 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
 [2003-05-19 06:57 UTC] max at taupe dot breezeland dot com 
When using session.use_trans_sid, a hidden input field containing the session name and ID is placed right after the <form> tag. But this makes the HTML invalid if you're using XHTML 1.1, or strict XHTML 1.0, because it needs to be in a <div> or a <fieldset> for example.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-05-19 07:14 UTC] derick@php.net 
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions. 

Thank you for your interest in PHP.

Can be configured in php.ini
 [2003-05-19 09:29 UTC] max at taupe dot breezeland dot com 
I'm not asking for support, I'm submiting a bug.
PHP adds an <input> tag, not framed by a block element.
So it's a bug.

(I know that it can be configured in php.ini, but fisrtly it isn't a good correction (because it merge 2 types of request, GET and POST), secondly because often we havn't any acces to php.ini, and finally, if you think taht it can be corrected, why does the default choise is the bug one ?)
 [2003-07-22 11:51 UTC] bruno at ubik-fr dot net 
Is that so difficult, writing <div><input type=..../></div> instead of <input type="hidden" /> ?
Or is there any other reason why you don't want to fix it ?
Setting session.trans_sid to 0 is a way (not always possible) to solve this problem but I just can't be sure that the user accept cookies.


Thanks.
 [2003-08-12 07:31 UTC] shane at aptest dot com 
Just a short followup note.  As editor if the XHTML Recommendations, I can confirm that the content models of XHTML 1.0 "Strict" and XHTML 1.1 both require that input elements be within a "block" element.  This has nothing to do with presentation - it has to do with document content structure and ready manipulation via the DOM.  Anyway, it would make sense to ensure that any form content elements emitted by php are wrapped within block elements to maintain the validity of the generated content.
 [2003-09-14 17:38 UTC] sas@php.net 
php.ini comment says it all:

; The URL rewriter will look for URLs in a defined set of HTML tags.
; form/fieldset are special; if you include them here, the rewriter will
; add a hidden <input> field with the info which is otherwise appended
; to URLs.  If you want XHTML conformity, remove the form entry.
; Note that all valid entries require a "=", even if no value follows.
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=,fieldset="
 [2004-06-10 16:13 UTC] djik at libertysurf dot fr 
OK so will you explain my provider he must set the php.ini this way?
I don't have acces to the php.ini! :-(
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri May 09 14:01:27 2025 UTC