From: js at nomensa dot com Operating system: all PHP version: 4.3.2 PHP Bug Type: Output Control Bug description: SESSION encoding in urls should use HTML entities not ampersands
Description: ------------ When cookies are disabled php encodes a session id in the output urls. It currently uses single ampersands '&' but this is illegal in XHTML (and slightly illegal in HTML), the ampersand character in <a> links etc should be encoded as the entity '&'. Additionally semi-colons could also be used to get around this whole mess. Actually, I prefer semi-colons. It would be good if PHP supported this. Reproduce code: --------------- Go to this link with cookies off: http://alastc.homeip.net/alastairc/page.php Expected result: ---------------- Url should be encoded properly: Should be written as: <li><a href="page.php?domain=&type=news&PHPSESSID=ef38d5d3bc286f6e1de5581003d710d5">News</a></li> Actual result: -------------- Links are written illegally: <li><a href="page.php?domain=&type=news&PHPSESSID=ef38d5d3bc286f6e1de5581003d710d5">News</a></li> This fails the DTD check under XHTML 1.0 (strict) -- Edit bug report at http://bugs.php.net/?id=25248&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=25248&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=25248&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=25248&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=25248&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=25248&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=25248&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=25248&r=support Expected behavior: http://bugs.php.net/fix.php?id=25248&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=25248&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=25248&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=25248&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=25248&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=25248&r=dst IIS Stability: http://bugs.php.net/fix.php?id=25248&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=25248&r=gnused
