PHP :: Bug #27392 :: with SSL connection filled forms become empty

Bug #27392	with SSL connection filled forms become empty
Submitted:	2004-02-25 07:35 UTC	Modified:	2004-02-25 07:43 UTC
From:	php at as-n dot de	Assigned:
Status:	Not a bug	Package:	Apache related
PHP Version:	Irrelevant	OS:	Linux
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2004-02-25 07:35 UTC] php at as-n dot de

Description:
------------
Hello,

I run the oscommerce shop an have the problem, that a lot of filled in forms become empty when the form was send.
Credit card information or order status update are empty but the customer has filled in this fileds.
When I update an order I set the status from open to proccesing, but somethimes the shop changed the status to nothing, I only see a empty field.
The same is when customers try to log in, the fill in the correct username and password but the shop doesn't accept it, maybe he sees only empty fields.

I think this proplem is only with SSL and (maybe) with IE but I'm not shure.
 

Reproduce code:
---------------
[25/Feb/2004:08:46:02 +0100] "POST /catalog/checkout_confirmation.php?osCsid=930b87aba4b795ddc9df4cfdba7facbb HTTP/1.1" 200 53327
[25/Feb/2004:08:46:05 +0100] "POST /catalog/checkout_process.php?osCsid=930b87aba4b795ddc9df4cfdba7facbb HTTP/1.1" 302 5
[25/Feb/2004:08:46:05 +0100] "GET /catalog/checkout_success.php?osCsid=930b87aba4b795ddc9df4cfdba7facbb HTTP/1.1" 200 40505
[25/Feb/2004:08:46:07 +0100] "banktransfer_blz=XXX&banktransfer_bankname=XXX&banktransfer_number=1251450413&banktransfer_owner=XXX&banktransfer_status=&banktransfer_prz=96&banktransfer_fax=&x=54&y=14POST /catalog/checkout_success.php/action/update?osCsid=930b87aba4b795ddc9df4cfdba7facbb HTTP/1.1" 302 5
[25/Feb/2004:08:46:08 +0100] "x=40&y=11GET /catalog/default.php?osCsid=930b87aba4b795ddc9df4cfdba7facbb HTTP/1.1" 200 57589

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-02-25 07:43 UTC] edink@php.net

This is not a PHP bug. Its a known issue with latest security update for IE:

http://www.microsoft.com/downloads/details.aspx?FamilyId=254EB128-5053-48A7-8526-BD38215C74B2&displaylang=en

[2004-03-07 17:44 UTC] bayleaf at shaw dot ca

I had the same problem with oscommerce, trying using SSL.  The problem is that the <form action=> attribute is often being rendered as "http://...", rather than "https://..."

I don't know this code well enough to know what the *correct* solution is.  However, calling tep_href_link() with 'SSL' as the third arg worked for me as a temporary solution.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat May 04 21:01:32 2024 UTC