#27965 [NEW]: invalid HTML is created after adding session id to URL's

Mon, 12 Apr 2004 11:36:27 -0700 

From:             rch at online dot lt
Operating system: Linux
PHP version:      4.3.4
PHP Bug Type:     Session related
Bug description:  invalid HTML is created after adding session id to URL's

Description:
------------
Invalid HTML is created after adding session ids to URL's.   

E.g.:  

<a  

href="/p/index.php?action=article&amp;article_id=7&sid=4ecaf17fb3db7aa3782b6ad8d87f9488">more</a>
 

& before "sid" (session id name changed from default) is  

invalid as it marks start of HTML entity in HTML syntax.    

This fails to validate a page with formal syntax checker on  

validator.w3.org for example. You should use &amp; form of  

escaping instead when adding session ids to references in  

the HTML output.  

 

You may suggest changing arg_separator as in #15504, but 

most people don't have access to system wide php.ini 

configuration file on web hosting accounts, and it looks 

unreasonable to me that special hacking is needed just to 

get a valid HTML output. 

 

 

Expected result:
----------------
/p/index.php?action=article&amp;article_id=7&amp;sid=4ecaf17fb3db7aa3782b6ad8d87f9488


Actual result:
--------------
/p/index.php?action=article&amp;article_id=7&sid=4ecaf17fb3db7aa3782b6ad8d87f9488


-- 
Edit bug report at http://bugs.php.net/?id=27965&edit=1
-- 
Try a CVS snapshot (php4):  http://bugs.php.net/fix.php?id=27965&r=trysnapshot4
Try a CVS snapshot (php5):  http://bugs.php.net/fix.php?id=27965&r=trysnapshot5
Fixed in CVS:               http://bugs.php.net/fix.php?id=27965&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=27965&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=27965&r=needtrace
Need Reproduce Script:      http://bugs.php.net/fix.php?id=27965&r=needscript
Try newer version:          http://bugs.php.net/fix.php?id=27965&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=27965&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=27965&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=27965&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=27965&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=27965&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=27965&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=27965&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=27965&r=isapi
Install GNU Sed:            http://bugs.php.net/fix.php?id=27965&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=27965&r=float

Reply via email to