|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #4495 trans-sid failure on forms
Submitted: 2000-05-18 05:20 UTC Modified: 2000-05-18 11:08 UTC
From: jamestkirkiii at hotmail dot com Assigned:
Status: Closed Package: Session related
PHP Version: 4.0 Release Candidate 2 OS: FreeBSD 4.0
Private report: No CVE-ID: None
 [2000-05-18 05:20 UTC] jamestkirkiii at hotmail dot com
I've compiled PHP4 RC2 with --enable-trans-sid, and PHP4 RC2 correctly appends the session stuff for normal <a href... tags, but doesn't do it to <form action=... tags.  Another minor quirk/annoyance is for self-editable sites, when the code comes up in a <textarea> tag, if it has any embedded href's which references pages within the site, it appends the session info to them.

<form method="post" action="page.php">
<textarea cols="75" rows="20" name="content" wrap="off">
<a href="pageview.php?action=view&pageid=26&parentid=25&PHPSESSID=0cad334cada0fbcc8d181c68b05c2896" class="normal">Link</a></textarea>

Notice it appends the session info to a link embeded in a textarea tag.

BTW, thanks for the AWESOME product!


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2000-05-18 11:08 UTC] joey at cvs dot php dot net
PHP should not add the sid to the action of a form, at least,
not one using the POST method...I guess some would argue
on whether on not to do it under GET.

In either case, just add an <input type="hidden"> to get the 
desired effect
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Tue Mar 28 10:03:44 2023 UTC