php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #50308 session id not appended properly for empty anchor tags
Submitted: 2009-11-27 01:57 UTC Modified: 2013-06-27 22:38 UTC
From: Dormilich at netscape dot net Assigned:
Status: Closed Package: Session related
PHP Version: 5.4/5.5 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
 [2009-11-27 01:57 UTC] Dormilich at netscape dot net 
Description:
------------
I created a Suckerfish Dropdown Menu via XSLT, which contains empty 
anchor elements (<a href="?"/>). If Cookies are disabled the Session 
ID should be appended at the end of the href attribute value (URL) but 
it is appended after the closing slash of the element, rendering the 
XHTML invalid.

However, "normal" hyperlinks (<a href="?">link text</a>) are not 
affected.


Configure Command:
'./configure' '--prefix=/usr/local/php5' '--with-config-file-
path=/etc/php5' '--with-openssl' '--with-xsl' '--with-xmlrpc' '--
enable-mbstring' '--enable-mbregex' '--enable-wddx' '--with-
gettext=/usr' '--with-mysql=/usr/local/mysql' '--with-
mysqli=/usr/local/mysql/bin/mysql_config' '--with-mcrypt=/usr/lib64/' 
'--with-apache=../apache_current/' '--with-freetype-dir=/usr/local' '-
-with-t1lib=/usr/local' '--with-gd' '--enable-gd-native-ttf' '--with-
jpeg-dir=/usr/local' '--enable-exif' '--with-png-dir=/usr/local/lib' 
'--with-zlib' '--with-curl' '--enable-bcmath' '--enable-calendar' '--
enable-discard-path' '--enable-shared' '--enable-force-cgi-redirect' 
'--with-pdo-mysql=/usr/local/mysql' '--enable-soap'

Reproduce code:
---------------
<a href="site.php?id=this"/>

Expected result:
----------------
<a href="site.php?id=this&amp;PHPSESSID=3d?d4"/>

Actual result:
--------------
<a href="site.php?id=this"/&amp;PHPSESSID=3d?d4>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-11-30 14:27 UTC] Dormilich at netscape dot net 
this can be worked around by adding another attribute after the href attribute:
<a href="site.php?id=this" title="currently"/>
 [2010-12-01 16:29 UTC] jani@php.net
-Package: Feature/Change Request +Package: Session related
 [2013-06-27 22:38 UTC] yohgaki@php.net
-Status: Open +Status: Analyzed -Type: Feature/Change Request +Type: Bug -PHP Version: 5.2.11 +PHP Version: 5.4/5.5
 [2013-06-27 22:38 UTC] yohgaki@php.net 
This is ext/standard/url_scanner_ex.re bug. This can be checked as follows

$ ./sapi/cgi/php-cgi -d session.use_trans_sid=1 -d session.use_only_cookies=0
<?php
session_start();
?>

<a href="site.php?id=this" />   
<a href="site.php?id=this"/>                         

X-Powered-By: PHP/5.4.18-dev
Set-Cookie: PHPSESSID=7ccd5541724e6c476d0742bc12884faa; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-type: text/html


<a href="site.php?id=this&PHPSESSID=7ccd5541724e6c476d0742bc12884faa" />
<a href="site.php?id=this"/&PHPSESSID=7ccd5541724e6c476d0742bc12884faa>
 [2013-07-17 15:32 UTC] arpad@php.net 
Automatic comment on behalf of arraypad@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e6ae977082bcff9c2ef0db4db58df2b07561c0a1
Log: Fixed bug #50308 - session id not appended properly for empty anchor tags
 [2013-07-17 15:32 UTC] arpad@php.net
-Status: Analyzed +Status: Closed
 [2014-10-07 23:18 UTC] stas@php.net 
Automatic comment on behalf of arraypad@gmail.com
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=e6ae977082bcff9c2ef0db4db58df2b07561c0a1
Log: Fixed bug #50308 - session id not appended properly for empty anchor tags
 [2014-10-07 23:29 UTC] stas@php.net 
Automatic comment on behalf of arraypad@gmail.com
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=e6ae977082bcff9c2ef0db4db58df2b07561c0a1
Log: Fixed bug #50308 - session id not appended properly for empty anchor tags
 [2015-07-10 11:33 UTC] spam2 at rhsoft dot net 
Related To: Bug #70039
 [2015-07-10 13:21 UTC] spam2 at rhsoft dot net 
Related To: Bug #70039
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 15:01:30 2024 UTC