ID: 42869 Updated by: [EMAIL PROTECTED] Reported By: mpub at meiners-online dot de -Status: Assigned +Status: Closed Bug Type: Output Control Operating System: Linux PHP Version: 5.2.4 Assigned To: iliaa New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2007-10-05 16:11:36] mpub at meiners-online dot de Description: ------------ When I use output_add_rewrite_var($key, $value), it also adds a hidden field containing $key and $value to forms which have an absolute URL as action-attribute of the form-tag. The transparent session-ID support (using the directive session.use_trans_sid) is also affected. I also reported this problem as 42804 in the session-section and was a bit shocked about the answer that I simply shouldn't use the feature and the classification "bogus". This section is maybe better anyway. The configure-line of my provider: ../configure --program-suffix=5 --with-pear=/usr/local/lib/php5 --with-config-file-path=/usr/local/lib/php5 --with-libxml-dir=/usr/local/php5 --with-mysqli=/usr/local/mysql/bin/mysql_config --enable-soap --with-xsl=/usr/local/php5 --enable-mbstring=all --with-curl=/usr/local/php5 --with-mcrypt=/usr/local/php5 --with-gd --with-pdo-mysql=/usr/local/mysql --with-freetype-dir --with-libxml-dir=/usr/local/php5 --with-mysql=/usr/local/mysql --with-zlib --enable-debug=no --enable-safe-mode=no --enable-discard-path=no --with-png-dir=/usr/lib --enable-track-vars --with-db --with-gdbm --enable-force-cgi-redirect --with-ttf=/usr/ --enable-ftp --enable-dbase --enable-memory-limit --enable-calendar --enable-wddx --with-jpeg-dir=/usr/src/kundenserver/jpeg-6b --enable-bcmath --enable-gd-imgstrttf --enable-shmop --enable-mhash --with-mhash=/usr/src/kundenserver/mhash-0.8.9/ --with-openssl --enable-xslt --with-xslt-sablot --with-dom --with-dom-xslt --with-dom-exslt --with-imap --with-iconv=/usr/local --with-bz2 --with-gettext --enable-exif --with-idn --with-sqlite --enable-sqlite-utf8 Reproduce code: --------------- output_add_rewrite_var('sessionID','12345'); ?> Type in your city to get to know how you can find us: <form action="http://www.carRoutes.com/search.php";> <input type="text" name="city" /> <input type="submit" /> </form> <?php Expected result: ---------------- I expect to get the form unchanged as output because the manual says "Please note that absolute URLs (http://example.com/..) aren't rewritten." Actual result: -------------- The output is: Type in your city to get to know how you can find us: <form action="http://www.carRoutes.com/search.php";><input type="hidden" name="sessionID" value="12345" /> <input type="text" name="city" /> <input type="submit" /> </form> ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=42869&edit=1
