Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.3.1

Bug #658 basename on action is counterproductive
Submitted: 2004-02-01 04:26 UTC
From: joey at q7 dot com Assigned: danielc
Status: Closed Package: HTML_Form
PHP Version: Irrelevant OS: Linux
Roadmaps: (Not assigned)    
Subscription  


 [2004-02-01 04:26 UTC] joey at q7 dot com
Description: ------------ the action passed to the new() function gets basename()ed when displayed which is irritating and not really very helpful. if i want to make a form that points outside my current directory i can't do it. i haven't experimented with % encoding yet to try and get around it. Reproduce code: --------------- $form = new HTML_Form('http://example.com/doit.cgi'); print $form->returnStart(); Expected result: ---------------- <FORM ACTION="http://example.com/doit.cgi" METHOD="GET"> Actual result: -------------- <FORM ACTION="doit.cgi" METHOD="GET">

Comments

 [2004-02-01 04:32 UTC] joey at q7 dot com
using %2f doesn't help. hand coding the <form> tag will obviously work, but it seems like it would be worth fixing the main code. given the lack of docs for this package i hope that noone relies on that basename call :-).
 [2004-03-06 00:35 UTC] User who submitted this comment has not confirmed identity
If you submitted this note, check your email.If you do not have a message, click here to re-send
MANUAL CONFIRMATION IS NOT POSSIBLE.  Write a message to pear-dev@lists.php.net
to request the confirmation link.  All bugs/comments/patches associated with this

email address will be deleted within 48 hours if the account request is not confirmed!
 [2004-03-12 04:34 UTC] joey at q7 dot com
even if there is a possible security problem, this is not data that comes from the user, so i can't see why the code would enforce a basename on it. i am of the camp that trusts the programmer. distrusting the user is ok, but that doesn't seem to apply to this case.
 [2004-05-28 06:20 UTC] User who submitted this comment has not confirmed identity
If you submitted this note, check your email.If you do not have a message, click here to re-send
MANUAL CONFIRMATION IS NOT POSSIBLE.  Write a message to pear-dev@lists.php.net
to request the confirmation link.  All bugs/comments/patches associated with this

email address will be deleted within 48 hours if the account request is not confirmed!