Bug #64357 [Fbk->Csd]: PHP mangles expires header when session.cache_limiter is used

2013-06-27 Thread abxccd at msn dot com 
Edit report at https://bugs.php.net/bug.php?id=64357&edit=1

 ID: 64357
 User updated by:abxccd at msn dot com
 Reported by:abxccd at msn dot com
 Summary:PHP mangles expires header when
 session.cache_limiter is used
-Status: Feedback
+Status: Closed
 Type:   Bug
 Package:Output Control
 Operating System:   Ubuntu 12.10
 PHP Version:5.4.12
 Block user comment: N
 Private report: N

 New Comment:

I just tested against PHP 5.4.17RC1 on Ubuntu 13.04 64-bit and it seems to be 
fine.

It must have been fixed somewhere between 5.4.12 and 5.4.17.

Thanks for your help :)


Previous Comments:

[2013-06-27 22:11:52] yohg...@php.net

I forgot to session_start(), but it works. Waiting your feedback.

$  ./sapi/cgi/php-cgi 
https://bugs.php.net/bug.php?id=64357&edit=1

[PHP-BUG] Bug #64357 [NEW]: PHP mangles expires header when session.cache_limiter is used

2013-03-05 Thread abxccd at msn dot com 
From: abxccd at msn dot com
Operating system: Ubuntu 12.10
PHP version:  5.4.12
Package:  Output Control
Bug Type: Bug
Bug description:PHP mangles expires header when session.cache_limiter is used

Description:

If session.cache_limiter in php.ini has any of these values: public,
private,  or nocache, the expires header will be mangled if we try to set
one at a later stage.

To replication, first, set your session.cache_limiter to private or any of
the above values, or do it using session_cache_limiter. Then, run the test
script. Then, inspect the response headers with a tool like FireBug.

Test script:
---
https://bugs.php.net/bug.php?id=64357&edit=1
-- 
Try a snapshot (PHP 5.4):   
https://bugs.php.net/fix.php?id=64357&r=trysnapshot54
Try a snapshot (PHP 5.3):   
https://bugs.php.net/fix.php?id=64357&r=trysnapshot53
Try a snapshot (trunk): 
https://bugs.php.net/fix.php?id=64357&r=trysnapshottrunk
Fixed in SVN:   https://bugs.php.net/fix.php?id=64357&r=fixed
Fixed in release:   https://bugs.php.net/fix.php?id=64357&r=alreadyfixed
Need backtrace: https://bugs.php.net/fix.php?id=64357&r=needtrace
Need Reproduce Script:  https://bugs.php.net/fix.php?id=64357&r=needscript
Try newer version:  https://bugs.php.net/fix.php?id=64357&r=oldversion
Not developer issue:https://bugs.php.net/fix.php?id=64357&r=support
Expected behavior:  https://bugs.php.net/fix.php?id=64357&r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=64357&r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=64357&r=submittedtwice
register_globals:   https://bugs.php.net/fix.php?id=64357&r=globals
PHP 4 support discontinued: https://bugs.php.net/fix.php?id=64357&r=php4
Daylight Savings:   https://bugs.php.net/fix.php?id=64357&r=dst
IIS Stability:  https://bugs.php.net/fix.php?id=64357&r=isapi
Install GNU Sed:https://bugs.php.net/fix.php?id=64357&r=gnused
Floating point limitations: https://bugs.php.net/fix.php?id=64357&r=float
No Zend Extensions: https://bugs.php.net/fix.php?id=64357&r=nozend
MySQL Configuration Error:  https://bugs.php.net/fix.php?id=64357&r=mysqlcfg

Bug #36795 [Com]: Inappropriate "unterminated entity reference" in DOMElement->setAttribute

2011-09-10 Thread abxccd at msn dot com 
Edit report at https://bugs.php.net/bug.php?id=36795&edit=1

 ID: 36795
 Comment by: abxccd at msn dot com
 Reported by:john at carney dot id dot au
 Summary:Inappropriate "unterminated entity reference" in
 DOMElement->setAttribute
 Status: Bogus
 Type:   Bug
 Package:DOM XML related
 Operating System:   *
 PHP Version:5.*, 6
 Block user comment: N
 Private report: N

 New Comment:

I am still seeing this bug in PHP 5.3.8


Previous Comments:

[2011-02-23 03:30:34] jan-bugreport at gmx dot de

With simpleXML, addChild($name, $value) works really weird (tested on 5.3.1 on 
win): in the value, the characters < and > are correctly esacped to < and 
> but ampersands cause the "unterminated entity reference" message. I would 
understand if it escaped nothing, or if it escaped everything, but this seems 
weird.

Also, no matter what the final decision about this bug will be, this should be 
documented really well in the SimpleXML docs. It is confusing and I could 
imagine it could cause security issues in some applications.


[2010-09-22 01:02:27] steven at navolutions dot com

I also had this issue, one thing that might not have been included in the 
original reproducing of the code is that the DOMElement may have been extended. 
I know mine is extended so Reproduce the code by extending the DOMElement 
class. I also extended the DOMDocuement class so try that too. So no the status 
is not Bogus, just to tested thoroughly.


[2010-04-09 14:01:23] rricha...@php.net

Behavior as defined by DOM specs. No warnings are issued are from either of the 
2 
examples in the reproduced code.

addChild() method described in later reports works are defined by specs. Use 
the 
simplexml property accessors for auto escaping.


[2010-02-04 18:23:10] jalday at delivery dot com

Still seeing this issue... 

$order_x->addChild('location', '1st & 52nd');

gives "Warning: SimpleXMLElement::addChild(): unterminated entity reference"

If I run it as

$order_x->addChild('location', htmlspecialchars('1st & 52nd'));

I have no problems.


[2009-10-22 16:28:09] gary dot malcolm at gmail dot com

I'm running PHP 5.2.9 on Linux and this bug is still alive and well making 
SimpleXml absolutely inappropriate for XML communications between systems.

$safe_value = preg_replace('/&(?!\w+;)/', '&', $value);
  return $sxml->addChild($name, $safe_value);

Is just plain wrong. I'm communicating user input directly to a bank as I can't 
know how the third party will parse their xml.




The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

https://bugs.php.net/bug.php?id=36795


-- 
Edit this bug report at https://bugs.php.net/bug.php?id=36795&edit=1