ID: 25676
Updated by: [email]daveyphp.net[/email]
Reported By: [email]daveyphp.net[/email]
-Status: Bogus
+Status: Open
Bug Type: Session related
Operating System: WinXP/FreeBSD
PHP Version: 4CVS-2003-09-26 (stable)


Previous Comments:
------------------------------------------------------------------------

[2003-09-27 08:36:22] [email]sniperphp.net[/email]

RTFM "Note: If you want XHTML conformity, remove the form entry and
use the <fieldset> tags around your form fields."

------------------------------------------------------------------------

[2003-09-26 23:20:55] [email]daveyphp.net[/email]

Description:
------------
Despite there being no form=fakeentry or form= (as I understand it,
providing no value is the same as giving fakeentry) in
url_rewriter.tags the form hidden element for the PHPSESSID is still
output.

I am trying to use form=action as the url_rewriter.tags and whilst this
IS rewritten correctly, the hidden element is still being inserted. It
seems that the fallback mechanism is faulty.

This has been tested on several builds:
PHP 4.3.3RC4 WinXP
Latest Snapshot (200309270130) WinXP

PHP 4.3.3 FreeBSD
Latest Snapshot (200309270130) FreeBSD

I have also had someone reporting the CORRECT behaviour on Debian with
latest CVS so its quite the puzzle...

- Davey

Reproduce code:
---------------
<?php
session_start();
setcookie('PHPSESSID','',0); /* needed if session.use_cookies is still
on */
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Untitled</title>
</head>
<body>
<?php
ini_set('url_rewriter.tags','a=href,area=href,fram e=src,input=src,form=action,foo=bar');
echo ini_get("url_rewriter.tags") . "<br />";
if(isset($_GET)) {
var_dump($_GET);
}
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get">
<p>
Foo: <input type="text" name="foo" value="" />
<br />
Bar: <input type="text" name="bar" value="" />
<br />
<input type="submit" value="Test!" />
</p>
<foo href="foo.php" bar="null" />
</form>
</body>
</html>

Expected result:
----------------
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Untitled</title>
</head>

<body>
a=href,area=href,frame=src,input=src,form=action,f oo=bar<br
/>array(0) {
}
<form
action="/test/url_rewrite_form_action.php?PHPSESSID=6a5b43d2aef8 e2e3158e44fbd3df5d9d"
method="get"><input type="hidden" name="PHPSESSID"
value="6a5b43d2aef8e2e3158e44fbd3df5d9d" />
<p>
Foo: <input type="text" name="foo" value="" />
<br />
Bar: <input type="text" name="bar" value="" />
<br />

<input type="submit" value="Test!" />
</p>
<foo href="foo.php"
bar="null?PHPSESSID=6a5b43d2aef8e2e3158e44fbd3df5d 9d" />
</form>
</body>
</html>

Actual result:
--------------
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Untitled</title>
</head>

<body>
a=href,area=href,frame=src,input=src,form=action,f oo=bar<br
/>array(0) {
}
<form
action="/test/url_rewrite_form_action.php?PHPSESSID=6a5b43d2aef8 e2e3158e44fbd3df5d9d"
method="get"><input type="hidden" name="PHPSESSID"
value="6a5b43d2aef8e2e3158e44fbd3df5d9d" />
<p>
Foo: <input type="text" name="foo" value="" />
<br />
Bar: <input type="text" name="bar" value="" />
<br />

<input type="submit" value="Test!" />
</p>
<foo href="foo.php"
bar="null?PHPSESSID=6a5b43d2aef8e2e3158e44fbd3df5d 9d" />
</form>
</body>
</html>


------------------------------------------------------------------------


--
Edit this bug report at [url]http://bugs.php.net/?id=25676&edit=1[/url]