ID: 15653 Comment by: djik at libertysurf dot fr Reported By: teilo+php at teilo dot net Status: Bogus Bug Type: Session related Operating System: Debian GNU Linux PHP Version: 4.1.1 New Comment:
> We just use legacy one for compatibility. Compatibility with what??! It will be more compatible with all HTML version with & (and <div><input ...></div> in the forms). Previous Comments: ------------------------------------------------------------------------ [2002-02-21 20:28:52] [EMAIL PROTECTED] Of course we know the default is not correct. We just use legacy one for compatibility. I might change default for 4.2.0. ------------------------------------------------------------------------ [2002-02-21 12:12:43] teilo+php at teilo dot net But then the *default* (just '&') is wrong surely? http://www.php.net/manual/en/function.ini-set.php#AEN56526 grep arg_sep php.ini ;arg_separator.output = "&" ;arg_separator.input = ";&" IIRC even XHTML need to escape the & ------------------------------------------------------------------------ [2002-02-21 11:57:23] [EMAIL PROTECTED] `grep arg_separator php.ini` this *is* bogus. ------------------------------------------------------------------------ [2002-02-21 11:49:24] teilo+php at teilo dot net This is not a support question. It is a bug report for PHP!! PHP is creating INVALID code. try the following code with trans.sid enabled -- test.php <?php session_start(); print <<< EOF <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd";> <HTML> <HEAD><TITLE>PHP bug</TITLE> <BODY> <H1>PHP BUG</H1> <A HREF="/anotherfile.php?foo=bar">This will cause invalid HTML after trans_sid has done its work</A> </BODY> </HTML> EOF; -- end test.php -- output from test.php <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd";> <html> <head><title>PHP bug</title> <body> <h1>PHP BUG</h1> <a HREF="/anotherfile.php?foo=bar&PHPSESSID=d9ddfafa45d6ed0208ed436fe9bda137">This will cause invalid HTML after trans_sid has done its work</a> </body> </html> -- end output from test.php check the link ref <a HREF="/anotherfile.php?foo=bar&PHPSESSID=d9ddfafa45d6ed0208ed436fe9bda137"> that is *invalid* HTML & the *must* be escaped. <SNIP> Another common error occurs when including a URL which contains an ampersand ("&"): <!-- This is invalid! --> <a href="foo.cgi?chapter=1§ion=2">...</a> This example generates an error for "unknown entity section" because the "&" is assumed to begin an entity . In many cases, browsers will recover safely from the error, but the example used here will cause the link to fail in Netscape 3.x (but not other versions of Netscape) since it will assume that the author intended to write §ion, which is equivalent to �ion. To avoid problems with both validators and browsers, always use & in place of &: <a href="foo.cgi?chapter=1&section=2">...</a> </SNIP> see http://www.htmlhelp.com/tools/validator/problems.html#amp I suggest you look at the HTML 4.01 spec sec 12.2 http://www.w3.org/TR/html401/struct/links.html#h-12.2 <!ATTLIST A ... name CDATA #IMPLIED -- named link end -- ... > <!ENTITY % URI "CDATA" -- a Uniform Resource Identifier, see [URI] --> * CDATA is a sequence of characters from the document character set and may include character entities. User agents should interpret attribute values as follows: !!----> * Replace character entities with characters, * Ignore line feeds, * Replace each carriage return or tab with a single space. ------------------------------------------------------------------------ [2002-02-21 02:38:24] [EMAIL PROTECTED] The bug system is not the appropriate forum for asking support questions. For a list of a range of more appropriate places to ask for help using PHP, please visit http://www.php.net/support.php ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/15653 -- Edit this bug report at http://bugs.php.net/?id=15653&edit=1
