From: naplanetu at gmail dot com Operating system: PHP version: Irrelevant PHP Bug Type: Documentation problem Bug description: Incorrect man recommendation
Description: ------------ http://www.php.net/manual/en/ref.session.php#session.idpassing Example 3. Counting the number of hits of a single user ... <p> To continue, <a href="nextpage.php?<?php echo strip_tags(SID); ?>">click here</a>. </p> The strip_tags() is used when printing the SID in order to prevent XSS related attacks. It's incorrect to use strip_tags() to prevent XSS. You should use htmlspecialchars(). -- Edit bug report at http://bugs.php.net/?id=40203&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=40203&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=40203&r=trysnapshot52 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=40203&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=40203&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=40203&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=40203&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=40203&r=needscript Try newer version: http://bugs.php.net/fix.php?id=40203&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=40203&r=support Expected behavior: http://bugs.php.net/fix.php?id=40203&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=40203&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=40203&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=40203&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=40203&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=40203&r=dst IIS Stability: http://bugs.php.net/fix.php?id=40203&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=40203&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=40203&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=40203&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=40203&r=mysqlcfg
