Apologies if this is the wrong list.
I've just been running into some wierd issues regarding the header()
function, which I'm not 100% sure if it's desired behaviour or not.
Basically, we have a few variables such as:
$var = "foo=1&bar=2";
Now this variable gets used in 2 cases. The first is as a direct link
in an <a href>. The second is as an automatic redirect using header
("Location: blah"); This works great, but in an order to make this page
fully html/xhtml compliant, we've been changing $var so that it's:
$var = "foo=1&bar=2";
Now, for the first case - this works absolutly fine.
For the second case however, header passes the full variable without
resolving & to &.
I can't figure out if this is desired or not, if it's not, I'll happily
draft up a patch to alter the behaviour - I just want to make sure
before I do.
Cheers,
--
Gareth Ardron
I can't figure out if this is desired or not, if it's not, I'll happily
draft up a patch to alter the behaviour - I just want to make sure
before I do.
Why should header()
start parsing its argument? its only job is to add its
argument to the HTTP headers, nothing more, nothing less.
It's the browser job to parse the & entity into the character '&'.
--
Tal Peer
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x253D2947
Key Fingerprint: C0B1 D91D 7323 6C0F 227A CBD6 D635 E53D 253D 2947
Zitat von Tal Peer tal@php.net:
I can't figure out if this is desired or not, if it's not, I'll happily
draft up a patch to alter the behaviour - I just want to make sure
before I do.Why should
header()
start parsing its argument? its only job is to add
its
argument to the HTTP headers, nothing more, nothing less.
It's the browser job to parse the & entity into the character '&'.
Beside that, HTTP headers have nothing to do with XHTML, so this behaviour
is absolutely correct.
Jan.
--
http://www.horde.org - The Horde Project
http://www.ammma.de - discover your knowledge
http://www.tip4all.de - Deine private Tippgemeinschaft
I can't figure out if this is desired or not, if it's not, I'll
happily
draft up a patch to alter the behaviour - I just want to make sure
before I do.Why should
header()
start parsing its argument? its only job is to
add
its
argument to the HTTP headers, nothing more, nothing less.
It's the browser job to parse the & entity into the character
'&'.
mmmkay, that's cool.
Gareth Ardron wrote:
$var = "foo=1&bar=2";
To clarify:
You should use $var = "foo=1&bar=2"; and then $var for header()
but
htmlspecialchar($var) for your href:
- HTTP-Headers must not be html-encoded.
- HTML-Attributes on the other hand have to be html-encoded.
Even though most browsers work with hrefs without html-encoding and some
browsers might understand & in HTTP-Headers this is not conforming
to the standards.
- Chris
Gareth Ardron wrote:
$var = "foo=1&bar=2";
To clarify:
You should use $var = "foo=1&bar=2"; and then $var forheader()
but
htmlspecialchar($var) for your href:
- HTTP-Headers must not be html-encoded.
- HTML-Attributes on the other hand have to be html-encoded.
Even though most browsers work with hrefs without html-encoding and some
browsers might understand & in HTTP-Headers this is not conforming
to the standards.
Actually, & is the way you need to write it if you are going to be
perfectly standards-compliant. It's just that nobody does this. You can
make PHP understand this by setting the separator in your php.ini file to
&
-Rasmus