#25676 [NEW]: Form hidden input ouput when any form=* is in url_rewriter.tags

[EMAIL PROTECTED] Fri, 26 Sep 2003 20:23:03 -0700

From:             [EMAIL PROTECTED]
Operating system: WinXP/FreeBSD
PHP version:      4CVS-2003-09-26 (stable)
PHP Bug Type:     Session related
Bug description:  Form hidden input ouput when any form=* is in url_rewriter.tags


Description:
------------
Despite there being no form=fakeentry or form= (as I understand it,
providing no value is the same as giving fakeentry) in url_rewriter.tags
the form hidden element for the PHPSESSID is still output.

I am trying to use form=action as the url_rewriter.tags and whilst this IS
rewritten correctly, the hidden element is still being inserted. It seems
that the fallback mechanism is faulty.

This has been tested on several builds:
PHP 4.3.3RC4 WinXP
Latest Snapshot (200309270130) WinXP

PHP 4.3.3 FreeBSD
Latest Snapshot (200309270130) FreeBSD

I have also had someone reporting the CORRECT behaviour on Debian with
latest CVS so its quite the puzzle...

- Davey

Reproduce code:
---------------
<?php
        session_start();
        setcookie('PHPSESSID','',0); /* needed if session.use_cookies is still on
*/
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
<html xmlns="http://www.w3.org/1999/xhtml";>
        <head>
                <title>Untitled</title>
        </head>
        <body>
                <?php
                        
ini_set('url_rewriter.tags','a=href,area=href,frame=src,input=src,form=action,foo=bar');
                        echo ini_get("url_rewriter.tags") . "<br />";
                        if(isset($_GET)) {
                                var_dump($_GET);
                        }
                ?>
                <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get">
                        <p>
                                Foo: <input type="text" name="foo" value="" />
                                <br />
                                Bar: <input type="text" name="bar" value="" />
                                <br />
                                <input type="submit" value="Test!" />
                        </p>
                        <foo href="foo.php" bar="null" />
                </form>
        </body>
</html>

Expected result:
----------------
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
<html xmlns="http://www.w3.org/1999/xhtml";>
        <head>
                <title>Untitled</title>
        </head>

        <body>
                a=href,area=href,frame=src,input=src,form=action,foo=bar<br />array(0)
{
}
                <form
action="/test/url_rewrite_form_action.php?PHPSESSID=6a5b43d2aef8e2e3158e44fbd3df5d9d"
method="get"><input type="hidden" name="PHPSESSID"
value="6a5b43d2aef8e2e3158e44fbd3df5d9d" />
                        <p>
                                Foo: <input type="text" name="foo" value="" />
                                <br />
                                Bar: <input type="text" name="bar" value="" />
                                <br />

                                <input type="submit" value="Test!" />
                        </p>
                        <foo href="foo.php"
bar="null?PHPSESSID=6a5b43d2aef8e2e3158e44fbd3df5d9d" />
                </form>
</body>
</html>

Actual result:
--------------
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
<html xmlns="http://www.w3.org/1999/xhtml";>
        <head>
                <title>Untitled</title>
        </head>

        <body>
                a=href,area=href,frame=src,input=src,form=action,foo=bar<br />array(0)
{
}
                <form
action="/test/url_rewrite_form_action.php?PHPSESSID=6a5b43d2aef8e2e3158e44fbd3df5d9d"
method="get"><input type="hidden" name="PHPSESSID"
value="6a5b43d2aef8e2e3158e44fbd3df5d9d" />
                        <p>
                                Foo: <input type="text" name="foo" value="" />
                                <br />
                                Bar: <input type="text" name="bar" value="" />
                                <br />

                                <input type="submit" value="Test!" />
                        </p>
                        <foo href="foo.php"
bar="null?PHPSESSID=6a5b43d2aef8e2e3158e44fbd3df5d9d" />
                </form>
</body>
</html>

-- 
Edit bug report at http://bugs.php.net/?id=25676&edit=1
-- 
Try a CVS snapshot (php4):  http://bugs.php.net/fix.php?id=25676&r=trysnapshot4
Try a CVS snapshot (php5):  http://bugs.php.net/fix.php?id=25676&r=trysnapshot5
Fixed in CVS:               http://bugs.php.net/fix.php?id=25676&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=25676&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=25676&r=needtrace
Try newer version:          http://bugs.php.net/fix.php?id=25676&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=25676&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=25676&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=25676&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=25676&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=25676&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=25676&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=25676&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=25676&r=isapi
Install GNU Sed:            http://bugs.php.net/fix.php?id=25676&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=25676&r=float

#25676 [NEW]: Form hidden input ouput when any form=* is in url_rewriter.tags

Reply via email to