|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #5877 single quote non-compliance
Submitted: 2000-07-31 19:09 UTC Modified: 2000-08-01 09:30 UTC
From: dietricha at subpop dot com Assigned:
Status: Closed Package: Session related
PHP Version: 4.0.1 OS: Debian Linux (slink), Apache 1.3
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: dietricha at subpop dot com
New email:
PHP Version: OS:


 [2000-07-31 19:09 UTC] dietricha at subpop dot com
when using php 4.0.1 compiled with --enable-trans-sid:

this script:
print "<a href='test.php'>";

prints this:
<a href='test.php'&PHPSESSID=23hj2hj3j3jhhk2k>
and session id is not propagated.

php4 isn't acknowledging single quotes to be valid delimiters of href attribute values.

Note from W3C HTML 4.01 specification:
"By default, SGML requires that all attribute values be delimited using either double quotation marks (ASCII decimal 34) or single quotation marks (ASCII decimal 39). Single quote marks can be included within the attribute value when the value is delimited by double quote marks, and vice versa."


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2000-07-31 19:21 UTC]
hold on for another day, help is on the way :)

 [2000-07-31 20:38 UTC] dietricha at subpop dot com
sorry that's apache 1.3.12, not apache 1.3
 [2000-07-31 22:08 UTC] dietricha at subpop dot com
sorry that's apache 1.3.12, not apache 1.3
 [2000-08-01 09:28 UTC]
fixed in latest CVS
 [2000-08-01 09:30 UTC]
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Wed Jun 07 10:03:41 2023 UTC