alindeman Wed Apr 2 07:39:07 2003 EDT
Modified files:
/phpdoc/en/reference/session reference.xml
Log:
Fix bug #23001
Index: phpdoc/en/reference/session/reference.xml
diff -u phpdoc/en/reference/session/reference.xml:1.32
phpdoc/en/reference/session/reference.xml:1.33
--- phpdoc/en/reference/session/reference.xml:1.32 Sat Mar 29 11:33:48 2003
+++ phpdoc/en/reference/session/reference.xml Wed Apr 2 07:39:07 2003
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.32 $ -->
+<!-- $Revision: 1.33 $ -->
<reference id="ref.session">
<title>Session handling functions</title>
<titleabbrev>Sessions</titleabbrev>
@@ -355,18 +355,17 @@
Hello visitor, you have seen this page <?php echo $count; ?> times.<p>
-To continue, <A HREF="nextpage.php?<?php echo SID?>">click here</A>
+To continue, <A HREF="nextpage.php?<?php echo strip_tags (SID)?>">click here</A>
]]>
</programlisting>
</example>
</para>
<para>
- The <literal><?php echo SID?></literal>
- (<literal><?=SID?></literal> can be used if
- <link linkend="ini.short-open-tag">short_open_tag</link> is enabled) is
- necessary to preserve the session id in the case that the user has
- disabled cookies.
- The <literal><?=SID?></literal> is not necessary, if
+ The <function>strip_tags</function> is used when printing the SID
+ in order to prevent XSS related attacks.
+ </para>
+ <para>
+ Printing the SID, like shown above, is not necessary if
<link linkend="install.configure.enable-trans-sid">
<literal>--enable-trans-sid</literal></link> was used to compile PHP.
</para>
--
PHP Documentation Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
