From:
Operating system: Ubuntu 10.04.3 LTS
PHP version: Irrelevant
Package: Session related
Bug Type: Bug
Bug description:trans-sid enabled; PHPSESSID inserted after end of href on links
Description:
------------
In more detail, OS:
Linux 2.6.32-32-server x86_64 #62-Ubuntu SMP Wed Apr 20 22:07:43 UTC 2011
PHP 5.3.2-1ubuntu4.9 with Suhosin-Patch (cli) (built: May 3 2011
00:45:52)
This is the standard PHP package from Ubuntu Lucid's "main" repo. I did not
compile it. I have enabled the trans-
sid option.
When generating a long list of links, occasionally the trans-sid function
will
miss the end of the "href"
attribute and add "?PHPSESSID=73...07" outside the closing double quote
mark.
eg:
<td><a href="index.php?
area=gallery&page=edit_photo&file=gallery_36.jpg&PHPSESSID=73...07"><img
src="images/edit.png" />gallery_36.jpg</a></td>
...
<td><a href="index.php?area=gallery&page=edit_photo&file=gallery_37.jpg"?
PHPSESSID=73...07><img
src="images/edit.png" />gallery_37.jpg</a></td>
Note that since it is outside the quote mark, it is generated with a "?"
instead
of "&". This reliably
happens on the "gallery_37.jpg" link, and the "gallery_18.jpg" link, and a
few
others.
Test script:
---------------
The relevant loop:
while ($row = mysql_fetch_assoc($result)) {
$file = sanitise_html($row["filename"]);
$title = sanitise_html($row["title"]);
?>
<tr>
<td><a
href="index.php?area=gallery&page=edit_photo&file=<?=$file?>"><img
src="images/edit.png" /><?=$file?></a></td>
<td><?=$title?></td>
<td><a
href="index.php?area=gallery&page=delete_photo&file=<?=$file?>"><img
src="images/delete.png" /></a></td>
</tr>
<?
}
Expected result:
----------------
In the example above, I would expect:
&PHPSESSID=73...07
to be added to the end of every link, in the proper place, *inside* the end
of the
href attribute.
Actual result:
--------------
On some links, the PHPSESSID appears *outside* the end of the href
attribute. This
causes the PHPSESSID not to be included in the link.
--
Edit bug report at https://bugs.php.net/bug.php?id=55444&edit=1
--
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=55444&r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=55444&r=trysnapshot53
Try a snapshot (trunk):
https://bugs.php.net/fix.php?id=55444&r=trysnapshottrunk
Fixed in SVN:
https://bugs.php.net/fix.php?id=55444&r=fixed
Fixed in SVN and need be documented:
https://bugs.php.net/fix.php?id=55444&r=needdocs
Fixed in release:
https://bugs.php.net/fix.php?id=55444&r=alreadyfixed
Need backtrace:
https://bugs.php.net/fix.php?id=55444&r=needtrace
Need Reproduce Script:
https://bugs.php.net/fix.php?id=55444&r=needscript
Try newer version:
https://bugs.php.net/fix.php?id=55444&r=oldversion
Not developer issue:
https://bugs.php.net/fix.php?id=55444&r=support
Expected behavior:
https://bugs.php.net/fix.php?id=55444&r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=55444&r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=55444&r=submittedtwice
register_globals:
https://bugs.php.net/fix.php?id=55444&r=globals
PHP 4 support discontinued:
https://bugs.php.net/fix.php?id=55444&r=php4
Daylight Savings: https://bugs.php.net/fix.php?id=55444&r=dst
IIS Stability:
https://bugs.php.net/fix.php?id=55444&r=isapi
Install GNU Sed:
https://bugs.php.net/fix.php?id=55444&r=gnused
Floating point limitations:
https://bugs.php.net/fix.php?id=55444&r=float
No Zend Extensions:
https://bugs.php.net/fix.php?id=55444&r=nozend
MySQL Configuration Error:
https://bugs.php.net/fix.php?id=55444&r=mysqlcfg
