Results 1 to 8 of 8

Thread: Pages are failing to validate

  1. #1
    Scott's Avatar
    Scott is offline Certified Glow Sage
    Join Date
    Oct 2006
    Posts
    27

    Default Pages are failing to validate

    Pages on my site that have a form on them are not validating to XHTML 1.0 Strict. The problem occurs only when I copy the page from my local web server over to my account here for production. It appears that the web server, or something, here at glowhost is adding a hidden input tag that contains a php session id right after my form tag. Since the mysteriously appearing hidden input tag is not encapsulated in a p (or similar) tag it is causing these pages to fail validation. I have never encountered this situation in the past and am not sure how to handle this.

    Any input would be greatly appreciated.

    Thanks in advance.

  2. #2
    Matt's Avatar
    Matt is offline GlowHost Administrator
    Join Date
    Jan 2005
    Location
    Behind your monitor
    Posts
    6,236

    Default

    That sounds very unusual. How are you uploading the site? Got a link to it and where in the source you see it?
    Send your friends and site visitors to GlowHost and get $125 plus bonus!
    GlowHost Affiliate Program | Read our Blog | Follow us on X |

  3. #3
    Scott's Avatar
    Scott is offline Certified Glow Sage
    Join Date
    Oct 2006
    Posts
    27

    Default

    I am uploading FTP over TLS.

    Here is one example: http://www.allmartech.com/email-a-fr...llmartech.com/

    This is even more strange, when I view source from my browser I see my code as expected:
    HTML Code:
    <form method="post"  action="http://www.allmartech.com/email-a-friend.php?ref=www.allmartech.com/">
    <p><input name="ref" type="hidden" value="www.allmartech.com/" /></p>
    <p><input name="action" type="hidden" value="transmit" /></p>

    However, when I validate w3c sees:
    HTML Code:
    <form method="post" action="http://www.allmartech.com/email-a-friend.php?ref=www.allmartech.com/"><input type="hidden" name="PHPSESSID" value="b4824038e1828bccfbd183a3d3bfb174" />

  4. #4
    Scott's Avatar
    Scott is offline Certified Glow Sage
    Join Date
    Oct 2006
    Posts
    27

    Default

    Some progres.

    My local php.ini file has the following turned off: session.use_trans_sid, while gloowhost has this on.


    Checking further ...

  5. #5
    Scott's Avatar
    Scott is offline Certified Glow Sage
    Join Date
    Oct 2006
    Posts
    27

    Default

    More info from php.net ...

    **********************************
    session.use_trans_sid boolean session.use_trans_sid whether transparent sid support is enabled or not. Defaults to 0 (disabled).
    Note: For PHP 4.1.2 or less, it is enabled by compiling with --enable-trans-sid. From PHP 4.2.0, trans-sid feature is always compiled.
    URL based session management has additional security risks compared to cookie based session management. Users may send a URL that contains an active session ID to their friends by email or users may save a URL that contains a session ID to their bookmarks and access your site with the same session ID always, for example.
    url_rewriter.tags string url_rewriter.tags specifies which HTML tags are rewritten to include session id if transparent sid support is enabled. Defaults to a=href,area=href,frame=src,input=src,form=fakeentr y,fieldset=
    Note: If you want XHTML conformity, remove the form entry and use the <fieldset> tags around your form fields.
    ********************************************

    The fieldset tag doesn't work because the glowhost url_rewriter.tags is set to "a=href,area=href,frame=src,form=,fieldset="

  6. #6
    jmarcv's Avatar
    jmarcv is offline Cranky Coder
    Join Date
    Jan 2005
    Posts
    354

    Default

    I assume you are using sessions and need them? Sounds like you want this

    session.use_cookies ON
    session.use_only_cookies ON

  7. #7
    Scott's Avatar
    Scott is offline Certified Glow Sage
    Join Date
    Oct 2006
    Posts
    27

    Default

    Well it looks like I found a work around by changing the glowhost ini setting for url_rewriter.tags.

    I would like to open a discussion as to why session.use_trans_sid is on if the default value is suppose to be disabled.

    Thanks

  8. #8
    jmarcv's Avatar
    jmarcv is offline Cranky Coder
    Join Date
    Jan 2005
    Posts
    354

    Default

    Laurens Holst Says:
    July 28th, 2004 at 9:13 pm Another solution for XHTML
    As far as XHTML validation is concerned, another nice solution with the added advantage that it doesn’t disable the trans_sid functionality itself is:
    ini_set(’arg_separator.input’,'&amp;’);
    ini_set(’arg_separator.output’,'&amp;’);
    It simply changes the invalidating ampersant from & to &amp;, solving the problem! This is also a good solution if ini_set(’session.use_trans_sid’,'0′) doesn’t work but you don’t want to/can’t temper with .htaccess files.
    ~Grauw

    http://www.mtdev.com/2002/06/why-you...use_trans_sid/

    Good discussion here.
    http://www.mtdev.com/2002/06/why-you...use_trans_sid/
    Last edited by Matt; 12-02-2006 at 08:43 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14