php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #7854 trans-sid inserts "
Submitted: 2000-11-16 14:02 UTC Modified: 2000-11-17 11:31 UTC
From: hartmut at six dot de Assigned: sas (profile)
Status: Closed Package: Session related
PHP Version: 4.0 Latest CVS (16/11/2000) OS: *
Private report: No CVE-ID: None
 [2000-11-16 14:02 UTC] hartmut at six dot de
the transparent rewriter seems to miss-identify the following
javascript code as html?

sascha?

<?php  
  session_start();
  session_register("i");
  $i++;
?>
<html>
<head>
<script language="javascript">
function MM_swapImgRestore() { //v3.0
  var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++)
  x.src=x.oSrc;
}
</script>
</head>
<body>
<a href="abc.php">hallo <?= $i ?></a>
</body>
</html>


becomes 



<html>
<head>
<script language="javascript">
function MM_swapImgRestore() { //v3.0
  var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x="a[i])&&x.oSrc;i++)"
  x.src="x.oSrc;"
}
</script>
</head>
<body>
<a href="abc.php?PHPSESSID=05391ddf955070ea18e6cc2a44e9a9f2">hallo 1</a>
</body>
</html>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-11-17 11:31 UTC] sas@php.net
Fixed in CVS. Thanks for your report.
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Fri Dec 09 02:05:54 2022 UTC