Edit report at https://bugs.php.net/bug.php?id=50308&edit=1
ID: 50308
Updated by: ar...@php.net
Reported by: Dormilich at netscape dot net
Summary: session id not appended properly for empty anchor
tags
-Status: Analyzed
+Status: Closed
Type: Bug
Package: Session related
Operating System: Linux
PHP Version: 5.4/5.5
Block user comment: N
Private report: N
New Comment:
Automatic comment on behalf of array...@gmail.com
Revision:
http://git.php.net/?p=php-src.git;a=commit;h=e6ae977082bcff9c2ef0db4db58df2b07561c0a1
Log: Fixed bug #50308 - session id not appended properly for empty anchor tags
Previous Comments:
------------------------------------------------------------------------
[2013-06-27 22:38:26] yohg...@php.net
This is ext/standard/url_scanner_ex.re bug. This can be checked as follows
$ ./sapi/cgi/php-cgi -d session.use_trans_sid=1 -d session.use_only_cookies=0
<?php
session_start();
?>
<a href="site.php?id=this" />
<a href="site.php?id=this"/>
X-Powered-By: PHP/5.4.18-dev
Set-Cookie: PHPSESSID=7ccd5541724e6c476d0742bc12884faa; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-type: text/html
<a href="site.php?id=this&PHPSESSID=7ccd5541724e6c476d0742bc12884faa" />
<a href="site.php?id=this"/&PHPSESSID=7ccd5541724e6c476d0742bc12884faa>
------------------------------------------------------------------------
[2009-11-30 14:27:42] Dormilich at netscape dot net
this can be worked around by adding another attribute after the href attribute:
<a href="site.php?id=this" title="currently"/>
------------------------------------------------------------------------
[2009-11-27 01:57:18] Dormilich at netscape dot net
Description:
------------
I created a Suckerfish Dropdown Menu via XSLT, which contains empty
anchor elements (<a href="
"/>). If Cookies are disabled the Session
ID should be appended at the end of the href attribute value (URL) but
it is appended after the closing slash of the element, rendering the
XHTML invalid.
However, "normal" hyperlinks (<a href="
">link text</a>) are not
affected.
Configure Command:
'./configure' '--prefix=/usr/local/php5' '--with-config-file-
path=/etc/php5' '--with-openssl' '--with-xsl' '--with-xmlrpc' '--
enable-mbstring' '--enable-mbregex' '--enable-wddx' '--with-
gettext=/usr' '--with-mysql=/usr/local/mysql' '--with-
mysqli=/usr/local/mysql/bin/mysql_config' '--with-mcrypt=/usr/lib64/'
'--with-apache=../apache_current/' '--with-freetype-dir=/usr/local' '-
-with-t1lib=/usr/local' '--with-gd' '--enable-gd-native-ttf' '--with-
jpeg-dir=/usr/local' '--enable-exif' '--with-png-dir=/usr/local/lib'
'--with-zlib' '--with-curl' '--enable-bcmath' '--enable-calendar' '--
enable-discard-path' '--enable-shared' '--enable-force-cgi-redirect'
'--with-pdo-mysql=/usr/local/mysql' '--enable-soap'
Reproduce code:
---------------
<a href="site.php?id=this"/>
Expected result:
----------------
<a href="site.php?id=this&PHPSESSID=3d
d4"/>
Actual result:
--------------
<a href="site.php?id=this"/&PHPSESSID=3d
d4>
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=50308&edit=1
