1--TEST-- 2Test basic function : variation5 use_trans_sid 3--INI-- 4session.use_strict_mode=0 5session.use_only_cookies=0 6session.use_trans_sid=1 7session.save_handler=files 8session.hash_bits_per_character=4 9session.hash_function=0 10session.gc_probability=1 11session.gc_divisor=1000 12session.gc_maxlifetime=300 13session.save_path= 14session.name=PHPSESSID 15--SKIPIF-- 16<?php include('skipif.inc'); ?> 17--FILE-- 18<?php 19ob_start(); 20 21$_SERVER['HTTP_HOST'] = 'php.net'; 22ini_set('session.trans_sid_hosts','php.net,example.com'); 23 24/* 25 * Prototype : session.use_trans_sid=1 26 * Description : Test basic functionality. 27 * Source code : ext/session/session.c 28 */ 29 30echo "*** Testing basic session functionality : variation5 use_trans_sid ***\n"; 31echo "*** Test trans sid ***\n"; 32 33$session_id = 'testid'; 34session_id($session_id); 35session_start(); 36// Should add session ID to allowed hosts only for SECURITY 37echo ' 38<a href="/">test</a> 39<a href="/path">test</a> 40<a href="/path/">test</a> 41<a href="/path/?foo=var">test</a> 42<a href="../">test</a> 43<a href="../path">test</a> 44<a href="../path/">test</a> 45<a href="../path/?foo=var">test</a> 46 47<a href="/#bar">test</a> 48<a href="/path/#bar">test</a> 49<a href="/path/?foo=var#bar">test</a> 50<a href="../#bar">test</a> 51<a href="../path/#bar">test</a> 52<a href="../path/?foo=var#bar">test</a> 53 54<a href="/?foo">test</a> 55<a href="/?foo#bar">test</a> 56<a href="/?foo=var">test</a> 57<a href="/?foo=var#bar">test</a> 58<a href="../?foo">test</a> 59<a href="../?foo#bar">test</a> 60<a href="../?foo=var">test</a> 61<a href="../?foo=var#bar">test</a> 62 63<a href="file.php">test</a> 64<a href="file.php?foo">test</a> 65<a href="file.php?foo=var">test</a> 66<a href="file.php?foo=var#bar">test</a> 67<a href="../file.php">test</a> 68<a href="../file.php?foo">test</a> 69<a href="../file.php?foo=var">test</a> 70<a href="../file.php?foo=var#bar">test</a> 71 72<a href="http://php.net">test</a> 73<a href="http://php.net/">test</a> 74<a href="http://php.net/#bar">test</a> 75<a href="http://php.net/?foo">test</a> 76<a href="http://php.net/?foo#bar">test</a> 77<a href="http://php.net/?foo=var">test</a> 78<a href="http://php.net/?foo=var#bar">test</a> 79<a href="http://php.net/file.php">test</a> 80<a href="http://php.net/file.php#bar">test</a> 81<a href="http://php.net/file.php?foo">test</a> 82<a href="http://php.net/file.php?foo#bar">test</a> 83<a href="http://php.net/file.php?foo=var">test</a> 84<a href="http://php.net/file.php?foo=var#bar">test</a> 85<a href="http://php.net/some/path/file.php">test</a> 86<a href="http://php.net/some/path/file.php?foo">test</a> 87<a href="http://php.net/some/path/file.php?foo=var">test</a> 88<a href="http://php.net/some/path/file.php?foo=var#bar">test</a> 89 90<a href="https://php.net">test</a> 91<a href="https://php.net/">test</a> 92<a href="https://php.net/?foo=var#bar">test</a> 93<a href="https://php.net/file.php">test</a> 94<a href="https://php.net/file.php?foo=var#bar">test</a> 95<a href="https://php.net/some/path/file.php">test</a> 96<a href="https://php.net/some/path/file.php?foo=var#bar">test</a> 97<a href="https://php.net:8443">test</a> 98<a href="https://php.net:8443/">test</a> 99<a href="https://php.net:8443/?foo=var#bar">test</a> 100<a href="https://php.net:8443/file.php">test</a> 101<a href="https://php.net:8443/file.php?foo=var#bar">test</a> 102<a href="https://php.net:8443/some/path/file.php">test</a> 103<a href="https://php.net:8443/some/path/file.php?foo=var#bar">test</a> 104 105<a href="//php.net">test</a> 106<a href="//php.net/">test</a> 107<a href="//php.net/#bar">test</a> 108<a href="//php.net/?foo">test</a> 109<a href="//php.net/?foo#bar">test</a> 110<a href="//php.net/?foo=var">test</a> 111<a href="//php.net/?foo=var#bar">test</a> 112<a href="//php.net/file.php">test</a> 113<a href="//php.net/file.php#bar">test</a> 114<a href="//php.net/file.php?foo">test</a> 115<a href="//php.net/file.php?foo#bar">test</a> 116<a href="//php.net/file.php?foo=var">test</a> 117<a href="//php.net/file.php?foo=var#bar">test</a> 118<a href="//php.net/some/path/file.php">test</a> 119<a href="//php.net/some/path/file.php?foo">test</a> 120<a href="//php.net/some/path/file.php?foo=var">test</a> 121<a href="//php.net/some/path/file.php?foo=var#bar">test</a> 122 123<form action="script.php" method="post"> 124 <input type="text" name="test1"></input> 125 <input type="text" name="test2" /> 126</form> 127<form action="../script.php" method="post">r 128 <input type="text" name="test1"></input> 129 <input type="text" name="test2" /> 130</form> 131<form action="/path/script.php" method="post"> 132 <input type="text" name="test1"></input> 133 <input type="text" name="test2" /> 134</form> 135<form action="../path/script.php" method="post"> 136 <input type="text" name="test1"></input> 137 <input type="text" name="test2" /> 138</form> 139<form method="post" action="http://php.net/script.php"> 140 <input type="text" name="test1"></input> 141 <input type="text" name="test2" /> 142</form> 143<form method="post" action="https://php.net/script.php"> 144 <input type="text" name="test1"></input> 145 <input type="text" name="test2" /> 146</form> 147<form method="post" action="//php.net/script.php"> 148 <input type="text" name="test1"></input> 149 <input type="text" name="test2" /> 150</form> 151 152 153<a href="http://bad.com">test</a> 154<a href="http://bad.com/">test</a> 155<a href="http://bad.com/#bar">test</a> 156<a href="http://bad.com/?foo">test</a> 157<a href="http://bad.com/?foo#bar">test</a> 158<a href="http://bad.com/?foo=var">test</a> 159<a href="http://bad.com/?foo=var#bar">test</a> 160<a href="http://bad.com/file.php">test</a> 161<a href="http://bad.com/file.php#bar">test</a> 162<a href="http://bad.com/file.php?foo">test</a> 163<a href="http://bad.com/file.php?foo#bar">test</a> 164<a href="http://bad.com/file.php?foo=var">test</a> 165<a href="http://bad.com/file.php?foo=var#bar">test</a> 166<a href="http://bad.com/some/path/file.php">test</a> 167<a href="http://bad.com/some/path/file.php?foo">test</a> 168<a href="http://bad.com/some/path/file.php?foo=var">test</a> 169<a href="http://bad.com/some/path/file.php?foo=var#bar">test</a> 170 171<a href="https://bad.com">test</a> 172<a href="https://bad.com/">test</a> 173<a href="https://bad.com/?foo=var#bar">test</a> 174<a href="https://bad.com/file.php">test</a> 175<a href="https://bad.com/file.php?foo=var#bar">test</a> 176<a href="https://bad.com/some/path/file.php">test</a> 177<a href="https://bad.com/some/path/file.php?foo=var#bar">test</a> 178<a href="https://bad.com:8443">test</a> 179<a href="https://bad.com:8443/">test</a> 180<a href="https://bad.com:8443/?foo=var#bar">test</a> 181<a href="https://bad.com:8443/file.php">test</a> 182<a href="https://bad.com:8443/file.php?foo=var#bar">test</a> 183<a href="https://bad.com:8443/some/path/file.php">test</a> 184<a href="https://bad.com:8443/some/path/file.php?foo=var#bar">test</a> 185 186<a href="//bad.com">test</a> 187<a href="//bad.com/">test</a> 188<a href="//bad.com/#bar">test</a> 189<a href="//bad.com/?foo">test</a> 190<a href="//bad.com/?foo#bar">test</a> 191<a href="//bad.com/?foo=var">test</a> 192<a href="//bad.com/?foo=var#bar">test</a> 193<a href="//bad.com/file.php">test</a> 194<a href="//bad.com/file.php#bar">test</a> 195<a href="//bad.com/file.php?foo">test</a> 196<a href="//bad.com/file.php?foo#bar">test</a> 197<a href="//bad.com/file.php?foo=var">test</a> 198<a href="//bad.com/file.php?foo=var#bar">test</a> 199<a href="//bad.com/some/path/file.php">test</a> 200<a href="//bad.com/some/path/file.php?foo">test</a> 201<a href="//bad.com/some/path/file.php?foo=var">test</a> 202<a href="//bad.com/some/path/file.php?foo=var#bar">test</a> 203 204<form action="//bad.com/script.php" method="post"> 205 <input type="text" name="test1"></input> 206 <input type="text" name="test2" /> 207</form> 208<form action="https://bad.com/foo/../script.php" method="post"> 209 <input type="text" name="test1"></input> 210 <input type="text" name="test2" /> 211</form> 212<form action="https://bad.com//path/script.php" method="post"> 213 <input type="text" name="test1"></input> 214 <input type="text" name="test2" /> 215</form> 216<form action="https://bad.com/foo/bar../path/script.php" method="post"> 217 <input type="text" name="test1"></input> 218 <input type="text" name="test2" /> 219</form> 220<form method="post" action="http://bad.com/script.php"> 221 <input type="text" name="test1"></input> 222 <input type="text" name="test2" /> 223</form> 224<form method="post" action="https://bad.com/script.php"> 225 <input type="text" name="test1"></input> 226 <input type="text" name="test2" /> 227</form> 228<form method="post" action="//bad.com/script.php"> 229 <input type="text" name="test1"></input> 230 <input type="text" name="test2" /> 231</form> 232 233'; 234var_dump(session_commit()); 235 236echo "*** Cleanup ***\n"; 237var_dump(session_start()); 238var_dump(session_id()); 239var_dump(session_destroy()); 240 241ob_end_flush(); 242?> 243--EXPECT-- 244*** Testing basic session functionality : variation5 use_trans_sid *** 245*** Test trans sid *** 246 247<a href="/?PHPSESSID=testid">test</a> 248<a href="/path?PHPSESSID=testid">test</a> 249<a href="/path/?PHPSESSID=testid">test</a> 250<a href="/path/?foo=var&PHPSESSID=testid">test</a> 251<a href="../?PHPSESSID=testid">test</a> 252<a href="../path?PHPSESSID=testid">test</a> 253<a href="../path/?PHPSESSID=testid">test</a> 254<a href="../path/?foo=var&PHPSESSID=testid">test</a> 255 256<a href="/?PHPSESSID=testid#bar">test</a> 257<a href="/path/?PHPSESSID=testid#bar">test</a> 258<a href="/path/?foo=var&PHPSESSID=testid#bar">test</a> 259<a href="../?PHPSESSID=testid#bar">test</a> 260<a href="../path/?PHPSESSID=testid#bar">test</a> 261<a href="../path/?foo=var&PHPSESSID=testid#bar">test</a> 262 263<a href="/?foo&PHPSESSID=testid">test</a> 264<a href="/?foo&PHPSESSID=testid#bar">test</a> 265<a href="/?foo=var&PHPSESSID=testid">test</a> 266<a href="/?foo=var&PHPSESSID=testid#bar">test</a> 267<a href="../?foo&PHPSESSID=testid">test</a> 268<a href="../?foo&PHPSESSID=testid#bar">test</a> 269<a href="../?foo=var&PHPSESSID=testid">test</a> 270<a href="../?foo=var&PHPSESSID=testid#bar">test</a> 271 272<a href="file.php?PHPSESSID=testid">test</a> 273<a href="file.php?foo&PHPSESSID=testid">test</a> 274<a href="file.php?foo=var&PHPSESSID=testid">test</a> 275<a href="file.php?foo=var&PHPSESSID=testid#bar">test</a> 276<a href="../file.php?PHPSESSID=testid">test</a> 277<a href="../file.php?foo&PHPSESSID=testid">test</a> 278<a href="../file.php?foo=var&PHPSESSID=testid">test</a> 279<a href="../file.php?foo=var&PHPSESSID=testid#bar">test</a> 280 281<a href="http://php.net/?PHPSESSID=testid">test</a> 282<a href="http://php.net/?PHPSESSID=testid">test</a> 283<a href="http://php.net/?PHPSESSID=testid#bar">test</a> 284<a href="http://php.net/?foo&PHPSESSID=testid">test</a> 285<a href="http://php.net/?foo&PHPSESSID=testid#bar">test</a> 286<a href="http://php.net/?foo=var&PHPSESSID=testid">test</a> 287<a href="http://php.net/?foo=var&PHPSESSID=testid#bar">test</a> 288<a href="http://php.net/file.php?PHPSESSID=testid">test</a> 289<a href="http://php.net/file.php?PHPSESSID=testid#bar">test</a> 290<a href="http://php.net/file.php?foo&PHPSESSID=testid">test</a> 291<a href="http://php.net/file.php?foo&PHPSESSID=testid#bar">test</a> 292<a href="http://php.net/file.php?foo=var&PHPSESSID=testid">test</a> 293<a href="http://php.net/file.php?foo=var&PHPSESSID=testid#bar">test</a> 294<a href="http://php.net/some/path/file.php?PHPSESSID=testid">test</a> 295<a href="http://php.net/some/path/file.php?foo&PHPSESSID=testid">test</a> 296<a href="http://php.net/some/path/file.php?foo=var&PHPSESSID=testid">test</a> 297<a href="http://php.net/some/path/file.php?foo=var&PHPSESSID=testid#bar">test</a> 298 299<a href="https://php.net/?PHPSESSID=testid">test</a> 300<a href="https://php.net/?PHPSESSID=testid">test</a> 301<a href="https://php.net/?foo=var&PHPSESSID=testid#bar">test</a> 302<a href="https://php.net/file.php?PHPSESSID=testid">test</a> 303<a href="https://php.net/file.php?foo=var&PHPSESSID=testid#bar">test</a> 304<a href="https://php.net/some/path/file.php?PHPSESSID=testid">test</a> 305<a href="https://php.net/some/path/file.php?foo=var&PHPSESSID=testid#bar">test</a> 306<a href="https://php.net:8443/?PHPSESSID=testid">test</a> 307<a href="https://php.net:8443/?PHPSESSID=testid">test</a> 308<a href="https://php.net:8443/?foo=var&PHPSESSID=testid#bar">test</a> 309<a href="https://php.net:8443/file.php?PHPSESSID=testid">test</a> 310<a href="https://php.net:8443/file.php?foo=var&PHPSESSID=testid#bar">test</a> 311<a href="https://php.net:8443/some/path/file.php?PHPSESSID=testid">test</a> 312<a href="https://php.net:8443/some/path/file.php?foo=var&PHPSESSID=testid#bar">test</a> 313 314<a href="//php.net/?PHPSESSID=testid">test</a> 315<a href="//php.net/?PHPSESSID=testid">test</a> 316<a href="//php.net/?PHPSESSID=testid#bar">test</a> 317<a href="//php.net/?foo&PHPSESSID=testid">test</a> 318<a href="//php.net/?foo&PHPSESSID=testid#bar">test</a> 319<a href="//php.net/?foo=var&PHPSESSID=testid">test</a> 320<a href="//php.net/?foo=var&PHPSESSID=testid#bar">test</a> 321<a href="//php.net/file.php?PHPSESSID=testid">test</a> 322<a href="//php.net/file.php?PHPSESSID=testid#bar">test</a> 323<a href="//php.net/file.php?foo&PHPSESSID=testid">test</a> 324<a href="//php.net/file.php?foo&PHPSESSID=testid#bar">test</a> 325<a href="//php.net/file.php?foo=var&PHPSESSID=testid">test</a> 326<a href="//php.net/file.php?foo=var&PHPSESSID=testid#bar">test</a> 327<a href="//php.net/some/path/file.php?PHPSESSID=testid">test</a> 328<a href="//php.net/some/path/file.php?foo&PHPSESSID=testid">test</a> 329<a href="//php.net/some/path/file.php?foo=var&PHPSESSID=testid">test</a> 330<a href="//php.net/some/path/file.php?foo=var&PHPSESSID=testid#bar">test</a> 331 332<form action="script.php" method="post"><input type="hidden" name="PHPSESSID" value="testid" /> 333 <input type="text" name="test1"></input> 334 <input type="text" name="test2" /> 335</form> 336<form action="../script.php" method="post"><input type="hidden" name="PHPSESSID" value="testid" />r 337 <input type="text" name="test1"></input> 338 <input type="text" name="test2" /> 339</form> 340<form action="/path/script.php" method="post"><input type="hidden" name="PHPSESSID" value="testid" /> 341 <input type="text" name="test1"></input> 342 <input type="text" name="test2" /> 343</form> 344<form action="../path/script.php" method="post"><input type="hidden" name="PHPSESSID" value="testid" /> 345 <input type="text" name="test1"></input> 346 <input type="text" name="test2" /> 347</form> 348<form method="post" action="http://php.net/script.php"><input type="hidden" name="PHPSESSID" value="testid" /> 349 <input type="text" name="test1"></input> 350 <input type="text" name="test2" /> 351</form> 352<form method="post" action="https://php.net/script.php"><input type="hidden" name="PHPSESSID" value="testid" /> 353 <input type="text" name="test1"></input> 354 <input type="text" name="test2" /> 355</form> 356<form method="post" action="//php.net/script.php"><input type="hidden" name="PHPSESSID" value="testid" /> 357 <input type="text" name="test1"></input> 358 <input type="text" name="test2" /> 359</form> 360 361 362<a href="http://bad.com">test</a> 363<a href="http://bad.com/">test</a> 364<a href="http://bad.com/#bar">test</a> 365<a href="http://bad.com/?foo">test</a> 366<a href="http://bad.com/?foo#bar">test</a> 367<a href="http://bad.com/?foo=var">test</a> 368<a href="http://bad.com/?foo=var#bar">test</a> 369<a href="http://bad.com/file.php">test</a> 370<a href="http://bad.com/file.php#bar">test</a> 371<a href="http://bad.com/file.php?foo">test</a> 372<a href="http://bad.com/file.php?foo#bar">test</a> 373<a href="http://bad.com/file.php?foo=var">test</a> 374<a href="http://bad.com/file.php?foo=var#bar">test</a> 375<a href="http://bad.com/some/path/file.php">test</a> 376<a href="http://bad.com/some/path/file.php?foo">test</a> 377<a href="http://bad.com/some/path/file.php?foo=var">test</a> 378<a href="http://bad.com/some/path/file.php?foo=var#bar">test</a> 379 380<a href="https://bad.com">test</a> 381<a href="https://bad.com/">test</a> 382<a href="https://bad.com/?foo=var#bar">test</a> 383<a href="https://bad.com/file.php">test</a> 384<a href="https://bad.com/file.php?foo=var#bar">test</a> 385<a href="https://bad.com/some/path/file.php">test</a> 386<a href="https://bad.com/some/path/file.php?foo=var#bar">test</a> 387<a href="https://bad.com:8443">test</a> 388<a href="https://bad.com:8443/">test</a> 389<a href="https://bad.com:8443/?foo=var#bar">test</a> 390<a href="https://bad.com:8443/file.php">test</a> 391<a href="https://bad.com:8443/file.php?foo=var#bar">test</a> 392<a href="https://bad.com:8443/some/path/file.php">test</a> 393<a href="https://bad.com:8443/some/path/file.php?foo=var#bar">test</a> 394 395<a href="//bad.com">test</a> 396<a href="//bad.com/">test</a> 397<a href="//bad.com/#bar">test</a> 398<a href="//bad.com/?foo">test</a> 399<a href="//bad.com/?foo#bar">test</a> 400<a href="//bad.com/?foo=var">test</a> 401<a href="//bad.com/?foo=var#bar">test</a> 402<a href="//bad.com/file.php">test</a> 403<a href="//bad.com/file.php#bar">test</a> 404<a href="//bad.com/file.php?foo">test</a> 405<a href="//bad.com/file.php?foo#bar">test</a> 406<a href="//bad.com/file.php?foo=var">test</a> 407<a href="//bad.com/file.php?foo=var#bar">test</a> 408<a href="//bad.com/some/path/file.php">test</a> 409<a href="//bad.com/some/path/file.php?foo">test</a> 410<a href="//bad.com/some/path/file.php?foo=var">test</a> 411<a href="//bad.com/some/path/file.php?foo=var#bar">test</a> 412 413<form action="//bad.com/script.php" method="post"> 414 <input type="text" name="test1"></input> 415 <input type="text" name="test2" /> 416</form> 417<form action="https://bad.com/foo/../script.php" method="post"> 418 <input type="text" name="test1"></input> 419 <input type="text" name="test2" /> 420</form> 421<form action="https://bad.com//path/script.php" method="post"> 422 <input type="text" name="test1"></input> 423 <input type="text" name="test2" /> 424</form> 425<form action="https://bad.com/foo/bar../path/script.php" method="post"> 426 <input type="text" name="test1"></input> 427 <input type="text" name="test2" /> 428</form> 429<form method="post" action="http://bad.com/script.php"> 430 <input type="text" name="test1"></input> 431 <input type="text" name="test2" /> 432</form> 433<form method="post" action="https://bad.com/script.php"> 434 <input type="text" name="test1"></input> 435 <input type="text" name="test2" /> 436</form> 437<form method="post" action="//bad.com/script.php"> 438 <input type="text" name="test1"></input> 439 <input type="text" name="test2" /> 440</form> 441 442NULL 443*** Cleanup *** 444bool(true) 445string(6) "testid" 446bool(true) 447
