PHP :: Bug #5877 :: single quote non-compliance

Bug #5877	single quote non-compliance
Submitted:	2000-07-31 19:09 UTC	Modified:	2000-08-01 09:30 UTC
From:	dietricha at subpop dot com	Assigned:
Status:	Closed	Package:	Session related
PHP Version:	4.0.1	OS:	Debian Linux (slink), Apache 1.3
Private report:	No	CVE-ID:	None

View Developer Edit

[2000-07-31 19:09 UTC] dietricha at subpop dot com

when using php 4.0.1 compiled with --enable-trans-sid:

this script:
<?
print "<a href='test.php'>";
?>

prints this:
<a href='test.php'&PHPSESSID=23hj2hj3j3jhhk2k>
and session id is not propagated.

php4 isn't acknowledging single quotes to be valid delimiters of href attribute values.

Note from W3C HTML 4.01 specification:
"By default, SGML requires that all attribute values be delimited using either double quotation marks (ASCII decimal 34) or single quotation marks (ASCII decimal 39). Single quote marks can be included within the attribute value when the value is delimited by double quote marks, and vice versa."

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2000-07-31 19:21 UTC] hholzgra@php.net

hold on for another day, help is on the way :)

[2000-07-31 20:38 UTC] dietricha at subpop dot com

sorry that's apache 1.3.12, not apache 1.3

[2000-07-31 22:08 UTC] dietricha at subpop dot com

sorry that's apache 1.3.12, not apache 1.3

[2000-08-01 09:28 UTC] hholzgra@php.net

fixed in latest CVS

[2000-08-01 09:30 UTC] hholzgra@php.net

closed

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Feb 05 16:01:30 2025 UTC