php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #4495 trans-sid failure on forms
Submitted: 2000-05-18 05:20 UTC Modified: 2000-05-18 11:08 UTC
From: jamestkirkiii at hotmail dot com Assigned:
Status: Closed Package: Session related
PHP Version: 4.0 Release Candidate 2 OS: FreeBSD 4.0
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: jamestkirkiii at hotmail dot com
New email:
PHP Version: OS:

 

 [2000-05-18 05:20 UTC] jamestkirkiii at hotmail dot com
I've compiled PHP4 RC2 with --enable-trans-sid, and PHP4 RC2 correctly appends the session stuff for normal <a href... tags, but doesn't do it to <form action=... tags.  Another minor quirk/annoyance is for self-editable sites, when the code comes up in a <textarea> tag, if it has any embedded href's which references pages within the site, it appends the session info to them.

<form method="post" action="page.php">
<textarea cols="75" rows="20" name="content" wrap="off">
<a href="pageview.php?action=view&pageid=26&parentid=25&PHPSESSID=0cad334cada0fbcc8d181c68b05c2896" class="normal">Link</a></textarea>

Notice it appends the session info to a link embeded in a textarea tag.

BTW, thanks for the AWESOME product!

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-05-18 11:08 UTC] joey at cvs dot php dot net
PHP should not add the sid to the action of a form, at least,
not one using the POST method...I guess some would argue
on whether on not to do it under GET.

In either case, just add an <input type="hidden"> to get the 
desired effect
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Thu Aug 11 05:05:45 2022 UTC