php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #5877 single quote non-compliance
Submitted: 2000-07-31 19:09 UTC Modified: 2000-08-01 09:30 UTC
From: dietricha at subpop dot com Assigned:
Status: Closed Package: Session related
PHP Version: 4.0.1 OS: Debian Linux (slink), Apache 1.3
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
49 - 27 = ?
Subscribe to this entry?

 
 [2000-07-31 19:09 UTC] dietricha at subpop dot com 
when using php 4.0.1 compiled with --enable-trans-sid:

this script:
<?
print "<a href='test.php'>";
?>

prints this:
<a href='test.php'&PHPSESSID=23hj2hj3j3jhhk2k>
and session id is not propagated.

php4 isn't acknowledging single quotes to be valid delimiters of href attribute values.

Note from W3C HTML 4.01 specification:
"By default, SGML requires that all attribute values be delimited using either double quotation marks (ASCII decimal 34) or single quotation marks (ASCII decimal 39). Single quote marks can be included within the attribute value when the value is delimited by double quote marks, and vice versa."

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-07-31 19:21 UTC] hholzgra@php.net 
hold on for another day, help is on the way :)
 [2000-07-31 20:38 UTC] dietricha at subpop dot com 
sorry that's apache 1.3.12, not apache 1.3
 [2000-07-31 22:08 UTC] dietricha at subpop dot com 
sorry that's apache 1.3.12, not apache 1.3
 [2000-08-01 09:28 UTC] hholzgra@php.net 
fixed in latest CVS
 [2000-08-01 09:30 UTC] hholzgra@php.net 
closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 08:01:28 2024 UTC