From: Operating system: Ubuntu 10.04.3 LTS PHP version: Irrelevant Package: Session related Bug Type: Bug Bug description:trans-sid enabled; PHPSESSID inserted after end of href on links
Description: ------------ In more detail, OS: Linux 2.6.32-32-server x86_64 #62-Ubuntu SMP Wed Apr 20 22:07:43 UTC 2011 PHP 5.3.2-1ubuntu4.9 with Suhosin-Patch (cli) (built: May 3 2011 00:45:52) This is the standard PHP package from Ubuntu Lucid's "main" repo. I did not compile it. I have enabled the trans- sid option. When generating a long list of links, occasionally the trans-sid function will miss the end of the "href" attribute and add "?PHPSESSID=73...07" outside the closing double quote mark. eg: <td><a href="index.php? area=gallery&page=edit_photo&file=gallery_36.jpg&PHPSESSID=73...07"><img src="images/edit.png" />gallery_36.jpg</a></td> ... <td><a href="index.php?area=gallery&page=edit_photo&file=gallery_37.jpg"? PHPSESSID=73...07><img src="images/edit.png" />gallery_37.jpg</a></td> Note that since it is outside the quote mark, it is generated with a "?" instead of "&". This reliably happens on the "gallery_37.jpg" link, and the "gallery_18.jpg" link, and a few others. Test script: --------------- The relevant loop: while ($row = mysql_fetch_assoc($result)) { $file = sanitise_html($row["filename"]); $title = sanitise_html($row["title"]); ?> <tr> <td><a href="index.php?area=gallery&page=edit_photo&file=<?=$file?>"><img src="images/edit.png" /><?=$file?></a></td> <td><?=$title?></td> <td><a href="index.php?area=gallery&page=delete_photo&file=<?=$file?>"><img src="images/delete.png" /></a></td> </tr> <? } Expected result: ---------------- In the example above, I would expect: &PHPSESSID=73...07 to be added to the end of every link, in the proper place, *inside* the end of the href attribute. Actual result: -------------- On some links, the PHPSESSID appears *outside* the end of the href attribute. This causes the PHPSESSID not to be included in the link. -- Edit bug report at https://bugs.php.net/bug.php?id=55444&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=55444&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=55444&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=55444&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=55444&r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=55444&r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=55444&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=55444&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=55444&r=needscript Try newer version: https://bugs.php.net/fix.php?id=55444&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=55444&r=support Expected behavior: https://bugs.php.net/fix.php?id=55444&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=55444&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=55444&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=55444&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=55444&r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=55444&r=dst IIS Stability: https://bugs.php.net/fix.php?id=55444&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=55444&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=55444&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=55444&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=55444&r=mysqlcfg