Bug #55444 [Opn]: trans-sid enabled; PHPSESSID inserted after end of href on links

kalle Mon, 22 Aug 2011 07:05:49 -0700

Edit report at https://bugs.php.net/bug.php?id=55444&edit=1


 ID:                 55444
 Updated by:         [email protected]
 Reported by:        fatman at crackmonkey dot us
 Summary:            trans-sid enabled; PHPSESSID inserted after end of
                     href on links
 Status:             Open
 Type:               Bug
 Package:            Session related
 Operating System:   Ubuntu 10.04.3 LTS
 PHP Version:        Irrelevant
 Block user comment: N
 Private report:     N

 New Comment:

Upgrade PHP first, we don't support 5.3.2 anymore


Previous Comments:
------------------------------------------------------------------------
[2011-08-17 22:33:42] fatman at crackmonkey dot us

Description:
------------
In more detail, OS:
Linux 2.6.32-32-server x86_64 #62-Ubuntu SMP Wed Apr 20 22:07:43 UTC 2011 

PHP 5.3.2-1ubuntu4.9 with Suhosin-Patch (cli) (built: May  3 2011 00:45:52)

This is the standard PHP package from Ubuntu Lucid's "main" repo. I did not 
compile it. I have enabled the trans-
sid option.

When generating a long list of links, occasionally the trans-sid function will 
miss the end of the "href" 
attribute and add "?PHPSESSID=73...07" outside the closing double quote mark. 
eg:

<td><a href="index.php?
area=gallery&page=edit_photo&file=gallery_36.jpg&amp;PHPSESSID=73...07"><img 
src="images/edit.png" />gallery_36.jpg</a></td> 
...
<td><a href="index.php?area=gallery&page=edit_photo&file=gallery_37.jpg"?
PHPSESSID=73...07><img 
src="images/edit.png" />gallery_37.jpg</a></td> 

Note that since it is outside the quote mark, it is generated with a "?" 
instead 
of "&amp;". This reliably 
happens on the "gallery_37.jpg" link, and the "gallery_18.jpg" link, and a few 
others.

Test script:
---------------
The relevant loop:

      while ($row = mysql_fetch_assoc($result)) {
         $file = sanitise_html($row["filename"]);
         $title = sanitise_html($row["title"]);
?>
               <tr>
                  <td><a 
href="index.php?area=gallery&page=edit_photo&file=<?=$file?>"><img 
src="images/edit.png" /><?=$file?></a></td>
                  <td><?=$title?></td>
                  <td><a 
href="index.php?area=gallery&page=delete_photo&file=<?=$file?>"><img 
src="images/delete.png" /></a></td>
               </tr>
<?
      }

Expected result:
----------------
In the example above, I would expect:

&amp;PHPSESSID=73...07

to be added to the end of every link, in the proper place, *inside* the end of 
the 
href attribute.

Actual result:
--------------
On some links, the PHPSESSID appears *outside* the end of the href attribute. 
This 
causes the PHPSESSID not to be included in the link.


------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=55444&edit=1

Bug #55444 [Opn]: trans-sid enabled; PHPSESSID inserted after end of href on links

Reply via email to