ID: 13472
Comment by: gareth at blueshadow dot org dot uk
Reported By: mat at dioxine dot com
Status: Closed
Bug Type: Session related
Operating System: Any
PHP Version: 4.3.0
New Comment:
How about, finding a form's first <input> tag, and inserting the hidden
field just in front of that...
That way, if the author has put their first input tag in a valid place,
PHP won't change that, and if it isn't in a compliant place, again, PHP
won't make it any more or less valid...
Just my $0.02
Previous Comments:
------------------------------------------------------------------------
[2004-01-30 06:12:31] ebola at psychoholics dot org
I am going to test this very soon and will be fairly surprised if it
isn't fixed. I'll test on latest 4.x and 5.x. Maybe a patch if i get
some free time.
Good night.
------------------------------------------------------------------------
[2003-11-14 16:20:04] yallis at surr dot no
I don't know if this bug has been fixed, but many of us is still stuck
on hosts with "outdated" software. I solved this problem by putting
this lines in my .htaccess:
<IfModule mod_php4.c>
php_value arg_separator.output "&"
php_value url_rewriter.tags "a=href,area=href,frame=src,input=src"
</IfModule>
..and put the hidden form value where I wanted it with
<input type="hidden" name="PHPSESSID" value="<?php echo session_id();
?>" />
Seem to work properly and my XHTML1.1 is valid.
------------------------------------------------------------------------
[2003-05-25 14:42:06] harrydeboer at home dot nl
PHP writes an extra <input type="hidden" etc /> in my code, which is
html 4.01 strict. But in html 4.01 strict there should not be a closing
slash, so the code becomes invalid.
Is there any way to solve that without changing php.ini?
------------------------------------------------------------------------
[2003-03-05 02:36:54] node at nodefall dot de
just open a new one... this seems to be the only way
------------------------------------------------------------------------
[2003-03-03 19:25:31] vmizuba at queens dot org
"removing the 'form=' entry from url_rewriter.tags" does
not solve the problem if: 1) session.use_cookies is "off"
(forms need this hidden tag) 2) there is no access to
php.ini. The solution is a matter of moving the hidden tag
inserted below a block-level element as it was pointed out
above. how do we get this bug reopened AND fixed correctly?
TIA
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/13472
--
Edit this bug report at http://bugs.php.net/?id=13472&edit=1
