php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #5877 single quote non-compliance
Submitted: 2000-07-31 19:09 UTC Modified: 2000-08-01 09:30 UTC
From: dietricha at subpop dot com Assigned:
Status: Closed Package: Session related
PHP Version: 4.0.1 OS: Debian Linux (slink), Apache 1.3
Private report: No CVE-ID: None
 [2000-07-31 19:09 UTC] dietricha at subpop dot com
when using php 4.0.1 compiled with --enable-trans-sid:

this script:
<?
print "<a href='test.php'>";
?>

prints this:
<a href='test.php'&PHPSESSID=23hj2hj3j3jhhk2k>
and session id is not propagated.

php4 isn't acknowledging single quotes to be valid delimiters of href attribute values.

Note from W3C HTML 4.01 specification:
"By default, SGML requires that all attribute values be delimited using either double quotation marks (ASCII decimal 34) or single quotation marks (ASCII decimal 39). Single quote marks can be included within the attribute value when the value is delimited by double quote marks, and vice versa."


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-07-31 19:21 UTC] hholzgra@php.net
hold on for another day, help is on the way :)


 [2000-07-31 20:38 UTC] dietricha at subpop dot com
sorry that's apache 1.3.12, not apache 1.3
 [2000-07-31 22:08 UTC] dietricha at subpop dot com
sorry that's apache 1.3.12, not apache 1.3
 [2000-08-01 09:28 UTC] hholzgra@php.net
fixed in latest CVS
 [2000-08-01 09:30 UTC] hholzgra@php.net
closed
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Wed Aug 10 23:05:51 2022 UTC