Edit report at https://bugs.php.net/bug.php?id=50308&edit=1
ID: 50308
Updated by: yohg...@php.net
Reported by: Dormilich at netscape dot net
Summary: session id not appended properly for empty anchor
tags
-Status: Open
+Status: Analyzed
-Type: Feature/Change Request
+Type: Bug
Package: Session related
Operating System: Linux
-PHP Version: 5.2.11
+PHP Version: 5.4/5.5
Block user comment: N
Private report: N
New Comment:
This is ext/standard/url_scanner_ex.re bug. This can be checked as follows
$ ./sapi/cgi/php-cgi -d session.use_trans_sid=1 -d session.use_only_cookies=0
<?php
session_start();
?>
<a href="site.php?id=this" />
<a href="site.php?id=this"/>
X-Powered-By: PHP/5.4.18-dev
Set-Cookie: PHPSESSID=7ccd5541724e6c476d0742bc12884faa; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-type: text/html
<a href="site.php?id=this&PHPSESSID=7ccd5541724e6c476d0742bc12884faa" />
<a href="site.php?id=this"/&PHPSESSID=7ccd5541724e6c476d0742bc12884faa>
Previous Comments:
------------------------------------------------------------------------
[2009-11-30 14:27:42] Dormilich at netscape dot net
this can be worked around by adding another attribute after the href attribute:
<a href="site.php?id=this" title="currently"/>
------------------------------------------------------------------------
[2009-11-27 01:57:18] Dormilich at netscape dot net
Description:
------------
I created a Suckerfish Dropdown Menu via XSLT, which contains empty
anchor elements (<a href="
"/>). If Cookies are disabled the Session
ID should be appended at the end of the href attribute value (URL) but
it is appended after the closing slash of the element, rendering the
XHTML invalid.
However, "normal" hyperlinks (<a href="
">link text</a>) are not
affected.
Configure Command:
'./configure' '--prefix=/usr/local/php5' '--with-config-file-
path=/etc/php5' '--with-openssl' '--with-xsl' '--with-xmlrpc' '--
enable-mbstring' '--enable-mbregex' '--enable-wddx' '--with-
gettext=/usr' '--with-mysql=/usr/local/mysql' '--with-
mysqli=/usr/local/mysql/bin/mysql_config' '--with-mcrypt=/usr/lib64/'
'--with-apache=../apache_current/' '--with-freetype-dir=/usr/local' '-
-with-t1lib=/usr/local' '--with-gd' '--enable-gd-native-ttf' '--with-
jpeg-dir=/usr/local' '--enable-exif' '--with-png-dir=/usr/local/lib'
'--with-zlib' '--with-curl' '--enable-bcmath' '--enable-calendar' '--
enable-discard-path' '--enable-shared' '--enable-force-cgi-redirect'
'--with-pdo-mysql=/usr/local/mysql' '--enable-soap'
Reproduce code:
---------------
<a href="site.php?id=this"/>
Expected result:
----------------
<a href="site.php?id=this&PHPSESSID=3d
d4"/>
Actual result:
--------------
<a href="site.php?id=this"/&PHPSESSID=3d
d4>
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=50308&edit=1
