Bugs item #504020, was opened at 2002-01-15 11:29
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=106121&aid=504020&group_id=6121
Category: All databases
Group: User Authentication
Status: Open
Resolution: None
Priority: 5
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Nobody/Anonymous (nobody)
Summary: phpwiki with phpsessid's breaks URL's
Initial Comment:
If transparent session id's are compiled into php, and
a user who has cookies blocked to your site either:
* Views a page and clicks "edit"
* Views pages while VIRTUAL_PATH is false and clicks on
another linked page
The URL's get FUBAR:
http://server/wiki/index.php/Oracle%20Applications&?PHPSESSID=243fc4338a9871d6bb3f28d3f9ec6985#63;action=edit
if you notice the "&" on the URL, it tries to edit a
page called "Oracle Applications&", instead of having
the PHPSESSID as a variable.
I'm aware that phpwiki doesn't do any special PHPSESSID
handling, but I couldn't uncover the issue with this
bug in a cursory look.. I just commented out all the
session handling since we don't need it inside this
organization.
Tested with both 1.3.0-jeffs-hacks and
1.3.2-jeffs-hacks, as well as Mozilla 0.9.7, Netscape
4.7, and Opera 6.0
----------------------------------------------------------------------
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=106121&aid=504020&group_id=6121
|
