From: [EMAIL PROTECTED]
Operating system: Linux
PHP version: 4.1.2
PHP Bug Type: Session related
Bug description: Automatic Session ID replacement adds at a wrong place session ID in
Javascript
Hello,
This is what I coded in a PHP page:
echo " <Script
language=\"Javascript\">getDivTag(\"id=\\\"backID\\\"
class=\\\"galbb\\\"\",\n";
echo " \"<a
href=\\\"Javascript:load('../index.html');\\\">\\\n";
echo " <img src=\\\"../back.gif\\\" alt=\\\"Leave
picture gallery\\\">\\\n";
echo " </a>\");</script>";
This is what the browser got:
<Script language="Javascript">getDivTag("id=\"backID\"
class=\"galbb\"",
"<a
href="\?PHPSESSID=711e2d88c69e1320557bd47ae88d62a2""Javascript:load('../index.html');">\
<img src=\"../back.gif\" alt=\"Leave picture gallery\">\
</a>");</script>
instead of ...href=\"Javascript:load('../index.html')\"...
It seems, that PHP was thinking the \ is a incorrectly specified href
attribut value and therefore replaced it by \?PHPSESSID=...
The same problem still exists if instead a call to a Javascript function
the direct uri is specified:
href=\"..\index.html\".
I guess PHP doesn't do a context base analyse, but simply searches for
href=. This seems sensible to me, since it's the easiest way.
I suggest to do a special case treatment, and look if \" follows a href
attribut. In that case the href may be within a Javascript string and the
replacement should be done using \" as delimiters.
I also suggest not to add " if the programmer forgot them. I suggest in
that case to write a warning during compilation (if that exists), because
it href= may be within a string in a Javascript statement. Adding " would
cause the string to terminate, which would unsettle the javascript
statement.
I can't garantuee I'm using the latest PHP version. I use a provider. I'm
going to install the latest PHP version on my localhost. Then I'll update
this bugreport. Until then, you could treat it as FYI.
Unfortunatelly I can't get an exact configuration of PHP from my provider
until next week, I got to call them.
I checked all bug reports 'session related'. Are there all bugs reported
since 4.0?
Go on like that, I really appreciate your work!!
Grégoire Braun
Switzerland
--
Edit bug report at http://bugs.php.net/?id=16374&edit=1
--
Fixed in CVS: http://bugs.php.net/fix.php?id=16374&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=16374&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=16374&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=16374&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=16374&r=support
Expected behavior: http://bugs.php.net/fix.php?id=16374&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=16374&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=16374&r=submittedtwice
