php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #7253 URL rewriter causing problems
Submitted: 2000-10-16 13:14 UTC Modified: 2000-10-16 14:14 UTC
From: sean at fojar dot com Assigned:
Status: Closed Package: Session related
PHP Version: 4.0.3pl1 OS: RH Linux 6.2 kernel 2.2.16
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2000-10-16 13:14 UTC] sean at fojar dot com 
The fact that the URL rewriter for transparent session ID propagation now apparently replaces single quotes with double quotes and appends the session ID to IMG tags is causing problems with JavaScript.

For example, the line:
var x = "<img src='test.jpg'>";

is re-written as:
var x = "<img src="test.jpg?PHPSESSID=blah">";

and the browser's JavaScript interpreter thinks that the question mark indicates a conditional.

If I try and use escaped doublequotes instead, i.e.:
var x = "<img src=\"test.jpg\">";

it is re-written as:
var x = "<img src="\?PHPSESSID=blah""test.jpg\">";

This happens with PHP 4.0.3 and 4.0.3pl2.  I'm using apache 1.3.14 and mod_ssl 2.7.0 compiled against OpenSSL 0.9.6.

I'm using the stock php.ini-optimized, the only things I've changed in it are the Register Globals option (turned it on), the include_path (set it to /usr/local/apache/htdocs/include), and session.use_trans_sid (turned it on).

This bug creates JavaScript errors in both Netscape and IE.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-10-16 14:14 UTC] sas@php.net 
The rewriter has been changed to not rewrite <img> tags by default. That is user configurable now.
 [2003-02-05 18:54 UTC] xanthor at xanthor dot tk 
The bug exists also with hyperlinks tag

For exemple :
If I write :

<script type="text/javascript">
<!--
pipo = '<a href=\"bla\">plop</a>';
-->
</script>

I obtain : 
<script type="text/javascript">
<!--
pipo = '<a href=\"bla\"?PHPSESSID=******>plop</a>';
-->
 [2003-04-27 18:42 UTC] no at emailaddress dot com 
It happens to me to! my site is very complex and all of it is javascript. 

like he said earlier:

[5 Feb 6:54pm CST] xanthor at xanthor dot tk 
The bug exists also with hyperlinks tag

For exemple :
If I write :

<script type="text/javascript">
<!--
pipo = '<a href=\"bla\">plop</a>';
-->
</script>

I obtain : 
<script type="text/javascript">
<!--
pipo = '<a href=\"bla\"?PHPSESSID=******>plop</a>';
-->

i get the ?PHPSESSID after the \"

also, i cant seem to disable the url_rewriter.tags
i leave it as 
url_rewriter.tags = ""
or i commment it ou but it still wont work

the serious problem are the forms
it adds a hidden tag with quotes that mess up my javascript

please help me on these 2 problems

thank you
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Mon Apr 29 01:01:30 2024 UTC