|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #5877 single quote non-compliance
Submitted: 2000-07-31 19:09 UTC Modified: 2000-08-01 09:30 UTC
From: dietricha at subpop dot com Assigned:
Status: Closed Package: Session related
PHP Version: 4.0.1 OS: Debian Linux (slink), Apache 1.3
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
45 + 31 = ?
Subscribe to this entry?

 [2000-07-31 19:09 UTC] dietricha at subpop dot com
when using php 4.0.1 compiled with --enable-trans-sid:

this script:
print "<a href='test.php'>";

prints this:
<a href='test.php'&PHPSESSID=23hj2hj3j3jhhk2k>
and session id is not propagated.

php4 isn't acknowledging single quotes to be valid delimiters of href attribute values.

Note from W3C HTML 4.01 specification:
"By default, SGML requires that all attribute values be delimited using either double quotation marks (ASCII decimal 34) or single quotation marks (ASCII decimal 39). Single quote marks can be included within the attribute value when the value is delimited by double quote marks, and vice versa."


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2000-07-31 19:21 UTC]
hold on for another day, help is on the way :)

 [2000-07-31 20:38 UTC] dietricha at subpop dot com
sorry that's apache 1.3.12, not apache 1.3
 [2000-07-31 22:08 UTC] dietricha at subpop dot com
sorry that's apache 1.3.12, not apache 1.3
 [2000-08-01 09:28 UTC]
fixed in latest CVS
 [2000-08-01 09:30 UTC]
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Tue Jun 06 17:03:39 2023 UTC