From 1f146b0a2a1bb8c0ea1c0719e7d7df11efcd4e2e Mon Sep 17 00:00:00 2001
From: Andy Lindeman <alindeman@php.net>
Date: Wed, 2 Apr 2003 12:39:07 +0000
Subject: [PATCH] Fix bug #23001

git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@122151 c90b9560-bf6c-de11-be94-00142212c4b1
---
 reference/session/reference.xml | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/reference/session/reference.xml b/reference/session/reference.xml
index 5a9d08de6b..f96ba47ecb 100644
--- a/reference/session/reference.xml
+++ b/reference/session/reference.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.32 $ -->
+<!-- $Revision: 1.33 $ -->
  <reference id="ref.session">
   <title>Session handling functions</title>
   <titleabbrev>Sessions</titleabbrev>
@@ -355,18 +355,17 @@ else {
 
 Hello visitor, you have seen this page <?php echo $count; ?> times.<p>
 
-To continue, <A HREF="nextpage.php?<?php echo SID?>">click here</A>
+To continue, <A HREF="nextpage.php?<?php echo strip_tags (SID)?>">click here</A>
 ]]>
       </programlisting>
      </example>
     </para>
     <para>
-     The <literal>&lt;?php echo SID?&gt;</literal>
-     (<literal>&lt;?=SID?&gt;</literal> can be used if
-     <link linkend="ini.short-open-tag">short_open_tag</link> is enabled) is
-     necessary to preserve the session id in the case that the user has
-     disabled cookies.
-     The <literal>&lt;?=SID?&gt;</literal> is not necessary, if
+     The <function>strip_tags</function> is used when printing the SID 
+     in order to prevent XSS related attacks.
+    </para>
+    <para>
+     Printing the SID, like shown above, is not necessary if
      <link linkend="install.configure.enable-trans-sid">
      <literal>--enable-trans-sid</literal></link> was used to compile PHP.
     </para>