Will Munny Posted October 13, 2009 Share Posted October 13, 2009 I previously had my board 100 percent valid code... but I just upgraded to 3.0.4 and I get hundreds of errors. Most of them seem to cascade from an unescaped ampersand in session ID... eg...…e&module=global&section=login&s=128379128371' Where can I fix this? Link to comment Share on other sites More sharing options...
Will Munny Posted October 13, 2009 Author Share Posted October 13, 2009 Better still, here's a screengrab... Link to comment Share on other sites More sharing options...
Will Munny Posted October 13, 2009 Author Share Posted October 13, 2009 Oh no!!!... I also just noticed that 301 redirects are going to the session ID version of the URL... for example... /forum/12345-topic-title/page__s__18f0cce8a945cc9980a542 f6209171c0 Link to comment Share on other sites More sharing options...
Mat Barrie Posted October 13, 2009 Share Posted October 13, 2009 I believe that's a PHP function actually, called "cookieless sessions". And if it is, you're pretty much out of luck, because PHP adds the fraking things automatically, and PHP doesn't give a hoot about standards compliance. Link to comment Share on other sites More sharing options...
Will Munny Posted October 13, 2009 Author Share Posted October 13, 2009 Well I'm only seeing this after upgrading. Previously I had every topic page valid. Now I get hundreds of ampersand erros in cookie session id's... My browser doesn't display the cookeis but automates services, such as bots, validators, header checkers etc etc are seeing the sessions and the invaliud code. Link to comment Share on other sites More sharing options...
Mat Barrie Posted October 13, 2009 Share Posted October 13, 2009 Huzzah! Just make the following change to php.ini: And there you have it. Thanks to the W3C for the explanation and fix above.arg_separator.output = "&" If you don't want to support ugly cookieless session URLs at all, make this change: session.use_trans_sid = 0 Link to comment Share on other sites More sharing options...
Will Munny Posted October 13, 2009 Author Share Posted October 13, 2009 Splendid, thanks... what are the downsides of removing session URL's altogether? Link to comment Share on other sites More sharing options...
bfarber Posted October 13, 2009 Share Posted October 13, 2009 Actually, this isn't from PHP automatically. IPB 3 was not working properly when cookies weren't supported in the browser, which was fixed in 3.0.4. We'll have to look into why the ampersand isn't escaped, however. Link to comment Share on other sites More sharing options...
Will Munny Posted October 13, 2009 Author Share Posted October 13, 2009 Also, I just checked my php.ini file and I already have this in place. Further, session.use_trans_sid is off by default in my installation. So, I really don't know why I'm having this issue. Link to comment Share on other sites More sharing options...
bfarber Posted October 13, 2009 Share Posted October 13, 2009 FYI, think I found why the ampersand wasn't escaped in your browsing and fixed that. We can discuss the session id itself in the bug report. Link to comment Share on other sites More sharing options...
Will Munny Posted October 13, 2009 Author Share Posted October 13, 2009 Is it template level or core level patch?... I ask because I'm trying to find it too :D Link to comment Share on other sites More sharing options...
bfarber Posted October 13, 2009 Share Posted October 13, 2009 publicOutput.php Link to comment Share on other sites More sharing options...
Will Munny Posted October 13, 2009 Author Share Posted October 13, 2009 So I can just change... I just tested and now everything validates perfectly. Is this safe? Is it really as elementary as this?!!$url = preg_replace( "/s=([a-zA-Z0-9]{32})(&|&)/", '', $url ) . '&s=' . $matches[1]; to... $url = preg_replace( "/s=([a-zA-Z0-9]{32})(&|&)/", '', $url ) . '&s=' . $matches[1]; Link to comment Share on other sites More sharing options...
bfarber Posted October 13, 2009 Share Posted October 13, 2009 Yes. :) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.