php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #50308 session id not appended properly for empty anchor tags
Submitted: 2009-11-27 01:57 UTC Modified: 2013-06-27 22:38 UTC
From: Dormilich at netscape dot net Assigned:
Status: Closed Package: Session related
PHP Version: 5.4/5.5 OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: Dormilich at netscape dot net
New email:
PHP Version: OS:

 

 [2009-11-27 01:57 UTC] Dormilich at netscape dot net
Description:
------------
I created a Suckerfish Dropdown Menu via XSLT, which contains empty 
anchor elements (<a href="?"/>). If Cookies are disabled the Session 
ID should be appended at the end of the href attribute value (URL) but 
it is appended after the closing slash of the element, rendering the 
XHTML invalid.

However, "normal" hyperlinks (<a href="?">link text</a>) are not 
affected.


Configure Command:
'./configure' '--prefix=/usr/local/php5' '--with-config-file-
path=/etc/php5' '--with-openssl' '--with-xsl' '--with-xmlrpc' '--
enable-mbstring' '--enable-mbregex' '--enable-wddx' '--with-
gettext=/usr' '--with-mysql=/usr/local/mysql' '--with-
mysqli=/usr/local/mysql/bin/mysql_config' '--with-mcrypt=/usr/lib64/' 
'--with-apache=../apache_current/' '--with-freetype-dir=/usr/local' '-
-with-t1lib=/usr/local' '--with-gd' '--enable-gd-native-ttf' '--with-
jpeg-dir=/usr/local' '--enable-exif' '--with-png-dir=/usr/local/lib' 
'--with-zlib' '--with-curl' '--enable-bcmath' '--enable-calendar' '--
enable-discard-path' '--enable-shared' '--enable-force-cgi-redirect' 
'--with-pdo-mysql=/usr/local/mysql' '--enable-soap'

Reproduce code:
---------------
<a href="site.php?id=this"/>

Expected result:
----------------
<a href="site.php?id=this&amp;PHPSESSID=3d?d4"/>

Actual result:
--------------
<a href="site.php?id=this"/&amp;PHPSESSID=3d?d4>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-11-30 14:27 UTC] Dormilich at netscape dot net
this can be worked around by adding another attribute after the href attribute:
<a href="site.php?id=this" title="currently"/>
 [2010-12-01 16:29 UTC] jani@php.net
-Package: Feature/Change Request +Package: Session related
 [2013-06-27 22:38 UTC] yohgaki@php.net
-Status: Open +Status: Analyzed -Type: Feature/Change Request +Type: Bug -PHP Version: 5.2.11 +PHP Version: 5.4/5.5
 [2013-06-27 22:38 UTC] yohgaki@php.net
This is ext/standard/url_scanner_ex.re bug. This can be checked as follows

$ ./sapi/cgi/php-cgi -d session.use_trans_sid=1 -d session.use_only_cookies=0
<?php
session_start();
?>

<a href="site.php?id=this" />   
<a href="site.php?id=this"/>                         

X-Powered-By: PHP/5.4.18-dev
Set-Cookie: PHPSESSID=7ccd5541724e6c476d0742bc12884faa; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-type: text/html


<a href="site.php?id=this&PHPSESSID=7ccd5541724e6c476d0742bc12884faa" />
<a href="site.php?id=this"/&PHPSESSID=7ccd5541724e6c476d0742bc12884faa>
 [2013-07-17 15:32 UTC] arpad@php.net
Automatic comment on behalf of arraypad@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e6ae977082bcff9c2ef0db4db58df2b07561c0a1
Log: Fixed bug #50308 - session id not appended properly for empty anchor tags
 [2013-07-17 15:32 UTC] arpad@php.net
-Status: Analyzed +Status: Closed
 [2014-10-07 23:18 UTC] stas@php.net
Automatic comment on behalf of arraypad@gmail.com
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=e6ae977082bcff9c2ef0db4db58df2b07561c0a1
Log: Fixed bug #50308 - session id not appended properly for empty anchor tags
 [2014-10-07 23:29 UTC] stas@php.net
Automatic comment on behalf of arraypad@gmail.com
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=e6ae977082bcff9c2ef0db4db58df2b07561c0a1
Log: Fixed bug #50308 - session id not appended properly for empty anchor tags
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 14:01:30 2024 UTC