|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2007-11-10 09:50 UTC] rinat at avtorif dot ru
Description:
------------
URL rewrite mechanism just add variables in existing links, but not replace.
Reproduce code:
---------------
<script>
if (navigator.cookieEnabled) alert('To take effect, please turn off cookie support in your browser!');
</script>
<a href="/?sid=qfa0pr1tdrs5quuiglsd239s03">correct link</a><br />
<a href="/?sid=qfa0pr1tdrs5quuiglsd239s03&sid=qfa0pr1tdrs5quuiglsd239s03">incorrect link?</a><br />
<form action="/"><input type="hidden" name="sid" value="qfa0pr1tdrs5quuiglsd239s03" />
<input type="hidden" name="sid" value="qfa0pr1tdrs5quuiglsd239s03" />
<input type="submit">
</form>
Expected result:
----------------
<script>
if (navigator.cookieEnabled) alert('To take effect, please turn off cookie support in your browser!');
</script>
<a href="/?sid=qfa0pr1tdrs5quuiglsd239s03">correct link</a><br />
<a href="/?sid=qfa0pr1tdrs5quuiglsd239s03">incorrect link?</a><br />
<form action="/">
<input type="hidden" name="sid" value="qfa0pr1tdrs5quuiglsd239s03" />
<input type="submit">
</form>
Actual result:
--------------
<script>
if (navigator.cookieEnabled) alert('To take effect, please turn off cookie support in your browser!');
</script>
<a href="/?sid=qfa0pr1tdrs5quuiglsd239s03">correct link</a><br />
<a href="/?sid=qfa0pr1tdrs5quuiglsd239s03&sid=qfa0pr1tdrs5quuiglsd239s03">incorrect link?</a><br />
<form action="/"><input type="hidden" name="sid" value="qfa0pr1tdrs5quuiglsd239s03" />
<input type="hidden" name="sid" value="qfa0pr1tdrs5quuiglsd239s03" />
<input type="submit">
</form>
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Fri Oct 24 02:00:01 2025 UTC |
Sorry, correct Reproduce code here: ---------------------------------- <? session_name('sid'); session_start(); $sid = session_id(); if (SID) output_add_rewrite_var(session_name(), session_id()); ?> <script> if (navigator.cookieEnabled) alert('To take effect, please turn off cookie support in your browser!'); </script> <a href="/">correct link</a><br /> <a href="/?sid=<?=$sid?>">incorrect link?</a><br /> <form action="/"> <input type="hidden" name="sid" value="<?=$sid?>" /> <input type="submit"> </form>