ID: 15653 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Bogus Bug Type: Session related Operating System: Debian GNU Linux PHP Version: 4.1.1 New Comment:
But then the *default* (just '&') is wrong surely? http://www.php.net/manual/en/function.ini-set.php#AEN56526 grep arg_sep php.ini ;arg_separator.output = "&" ;arg_separator.input = ";&" IIRC even XHTML need to escape the & Previous Comments: ------------------------------------------------------------------------ [2002-02-21 11:57:23] [EMAIL PROTECTED] `grep arg_separator php.ini` this *is* bogus. ------------------------------------------------------------------------ [2002-02-21 11:49:24] [EMAIL PROTECTED] This is not a support question. It is a bug report for PHP!! PHP is creating INVALID code. try the following code with trans.sid enabled -- test.php <?php session_start(); print <<< EOF <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd";> <HTML> <HEAD><TITLE>PHP bug</TITLE> <BODY> <H1>PHP BUG</H1> <A HREF="/anotherfile.php?foo=bar">This will cause invalid HTML after trans_sid has done its work</A> </BODY> </HTML> EOF; -- end test.php -- output from test.php <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd";> <html> <head><title>PHP bug</title> <body> <h1>PHP BUG</h1> <a HREF="/anotherfile.php?foo=bar&PHPSESSID=d9ddfafa45d6ed0208ed436fe9bda137">This will cause invalid HTML after trans_sid has done its work</a> </body> </html> -- end output from test.php check the link ref <a HREF="/anotherfile.php?foo=bar&PHPSESSID=d9ddfafa45d6ed0208ed436fe9bda137"> that is *invalid* HTML & the *must* be escaped. <SNIP> Another common error occurs when including a URL which contains an ampersand ("&"): <!-- This is invalid! --> <a href="foo.cgi?chapter=1§ion=2">...</a> This example generates an error for "unknown entity section" because the "&" is assumed to begin an entity . In many cases, browsers will recover safely from the error, but the example used here will cause the link to fail in Netscape 3.x (but not other versions of Netscape) since it will assume that the author intended to write §ion, which is equivalent to �ion. To avoid problems with both validators and browsers, always use & in place of &: <a href="foo.cgi?chapter=1&section=2">...</a> </SNIP> see http://www.htmlhelp.com/tools/validator/problems.html#amp I suggest you look at the HTML 4.01 spec sec 12.2 http://www.w3.org/TR/html401/struct/links.html#h-12.2 <!ATTLIST A ... name CDATA #IMPLIED -- named link end -- ... > <!ENTITY % URI "CDATA" -- a Uniform Resource Identifier, see [URI] --> * CDATA is a sequence of characters from the document character set and may include character entities. User agents should interpret attribute values as follows: !!----> * Replace character entities with characters, * Ignore line feeds, * Replace each carriage return or tab with a single space. ------------------------------------------------------------------------ [2002-02-21 02:38:24] [EMAIL PROTECTED] The bug system is not the appropriate forum for asking support questions. For a list of a range of more appropriate places to ask for help using PHP, please visit http://www.php.net/support.php ------------------------------------------------------------------------ [2002-02-20 21:52:31] [EMAIL PROTECTED] When using sessions and trans_sid is enabled local links are re-written to include the SID. However this re-writing just appends &<sessionname>=SID. However to comply with HTML standards this needs to be &<sessionname>=SID (netscape 3.x can't handle these types of links either!) php4 from debian testing (4.1.1-2) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=15653&edit=1
