View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0004717 | OXID eShop (all versions) | 4.02. Session handling | public | 2012-11-19 15:30 | 2012-12-03 14:37 |
| Reporter | spurvis | Assigned To | |||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | resolved | Resolution | won't fix | ||
| Product Version | 4.6.5 revision 49955 | ||||
| Summary | 0004717: Injection of SID info into URL query can result in an invalid URL | ||||
| Description | Injection of SID info into the query string of a SEO URL that includes an anchor (#) will yield an invalid url. For example, the URL http://demoshop/About-Us/#test?lang=1 becomes http://demoshop/About-Us/force_sid=vp62ej417icb27m7nm5i5m5at5&#test?lang=1 The correct result would be http://demoshop/About-Us/#test?force_sid=vp62ej417icb27m7nm5i5m5at5&lang=1 | ||||
| Steps To Reproduce | 1. Create a link on a webpage that uses an anchor (I used a banner link pointing to an anchor on a CMS page) 2. Invoke a session (place something in the basket) 3. Use browser options to remove SID cookie and disable further cookies (used Firefox) 4. Refresh page with anchor link 5. Click link and notice the error page with "The requested page '<BAD-URL>' could not be found." | ||||
| Tags | No tags attached. | ||||
| Theme | Both | ||||
| Browser | All | ||||
| PHP Version | any | ||||
| Database Version | any | ||||
|
|
Hi, what we can see here, is that you have entered incorrect address for the url. It should have been http://demoshop/About-Us/?lang=1#test . You can read about adding anchtors to url at http://www.asymmetrics.com/appending-anhors-to-urls-code.asp last chapter. You will see that you need to add anchtor at the very end of url, which is after ?lang=1. One more thing is that even if this would be correct, it would be firefox bug, not the shop one, as you have checked browsers parsing of url. If you still have any questions, feel free to ask. |
