ID: 16374 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Duplicate +Status: Closed Bug Type: Session related Operating System: Linux PHP Version: 4.1.2 New Comment:
This bug has been fixed in CVS. In case this was a PHP problem, snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. In case this was a documentation problem, the fix will show up soon at http://www.php.net/manual/. In case this was a PHP.net website problem, the change will show up on the PHP.net site and on the mirror sites in short time. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2002-04-02 09:41:22] [EMAIL PROTECTED] It seems this is a duplicate of #14080 ------------------------------------------------------------------------ [2002-04-01 10:47:09] [EMAIL PROTECTED] Hello, This is what I coded in a PHP page: echo " <Script language=\"Javascript\">getDivTag(\"id=\\\"backID\\\" class=\\\"galbb\\\"\",\n"; echo " \"<a href=\\\"Javascript:load('../index.html');\\\">\\\n"; echo " <img src=\\\"../back.gif\\\" alt=\\\"Leave picture gallery\\\">\\\n"; echo " </a>\");</script>"; This is what the browser got: <Script language="Javascript">getDivTag("id=\"backID\" class=\"galbb\"", "<a href="\?PHPSESSID=711e2d88c69e1320557bd47ae88d62a2""Javascript:load('../index.html');">\ <img src=\"../back.gif\" alt=\"Leave picture gallery\">\ </a>");</script> instead of ...href=\"Javascript:load('../index.html')\"... It seems, that PHP was thinking the \ is a incorrectly specified href attribut value and therefore replaced it by \?PHPSESSID=... The same problem still exists if instead a call to a Javascript function the direct uri is specified: href=\"..\index.html\". I guess PHP doesn't do a context base analyse, but simply searches for href=. This seems sensible to me, since it's the easiest way. I suggest to do a special case treatment, and look if \" follows a href attribut. In that case the href may be within a Javascript string and the replacement should be done using \" as delimiters. I also suggest not to add " if the programmer forgot them. I suggest in that case to write a warning during compilation (if that exists), because it href= may be within a string in a Javascript statement. Adding " would cause the string to terminate, which would unsettle the javascript statement. I can't garantuee I'm using the latest PHP version. I use a provider. I'm going to install the latest PHP version on my localhost. Then I'll update this bugreport. Until then, you could treat it as FYI. Unfortunatelly I can't get an exact configuration of PHP from my provider until next week, I got to call them. I checked all bug reports 'session related'. Are there all bugs reported since 4.0? Go on like that, I really appreciate your work!! Gr�goire Braun Switzerland ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=16374&edit=1
