From: nick at terado dot co dot uk Operating system: Debian PHP version: 4.3.10 PHP Bug Type: Session related Bug description: Valid XHTML output
Description: ------------ Firstly, this relates to bug #23694 I warrant this being reopened. Upsetting the validity of a webpages code by using php is a bug. The method to correct this is neither logical nor sensible. The requirement should not be on the server administrator to dictate what HTML version should be used to create webpages. There are two problems here: 1. first ampersands withing url query strings when modified to append the session information. 2. Forms, where a hidden session id input tag will be inserted, however not enclosed by a block level element. Details and Resolution: 1. The recommended fix so far by the php team is to enable in php.ini the modifier arg_separator.output="&". Firstly, modification of the php.ini is restrictive. Secondly, using & in HTML 4 works also, it is standard practice to encode ampersands properly and there is no reason at all not to have this enabled by default. If there is any other reason, then just as you would output <br> as <br /> then you should output correctly & as & when using XHTML. However, I repeat using & should be default practice. 2. The recommended fix given so far is to change to url_rewriter.tags = "a=href,area=href,frame=src,input=src,fieldset=" therefore, omitting form=fakeentry. Again, the practice of modifying (if possible) the php.ini to set the HTML is bad news and restrictive. Also by now omitting the form= setting of the modifier we now cant guarantee the session variable will be added, fieldset is not the only choice of block level element within the form element. Therefore, to complement this often an empty <fieldset> must be inserted, simply to accommodate the session variable addition. There are simple fixes to this. If the HTML version is known then <fieldset> can be output around the hidden element. This is no way upset layout, having no content or white space nothing is output and no shifting on the webpage occurs. Secondly, <div> can be used. This therefore allows backwards compatibility and can be output as a rule. However, I wouldnt know how older browsers would deal with the div - that is whether it would cause spacing issues. However, the point here is this should be a default or transparent action, the effort to "fix" this is nothing more than asking the coder to hack there way out of what exists as a bug. This may not be a bug in performance or operation of php itself, but when php itself is outputting HTML and this output is incorrect, this completely warrants a bug report being opened. The solutions recommended are both not fixes and have other problems associated with them. The solution to this seems quite simple however. Nick -- Edit bug report at http://bugs.php.net/?id=32619&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=32619&r=trysnapshot4 Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=32619&r=trysnapshot50 Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=32619&r=trysnapshot51 Fixed in CVS: http://bugs.php.net/fix.php?id=32619&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=32619&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=32619&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=32619&r=needscript Try newer version: http://bugs.php.net/fix.php?id=32619&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=32619&r=support Expected behavior: http://bugs.php.net/fix.php?id=32619&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=32619&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=32619&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=32619&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=32619&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=32619&r=dst IIS Stability: http://bugs.php.net/fix.php?id=32619&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=32619&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=32619&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=32619&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=32619&r=mysqlcfg
