1--TEST-- 2Test basic function : variation5 use_trans_sid 3--INI-- 4session.use_strict_mode=0 5session.use_only_cookies=0 6session.use_trans_sid=1 7session.save_handler=files 8session.hash_bits_per_character=4 9session.hash_function=0 10session.gc_probability=1 11session.gc_divisor=1000 12session.gc_maxlifetime=300 13session.save_path= 14session.name=PHPSESSID 15--SKIPIF-- 16<?php include('skipif.inc'); ?> 17--FILE-- 18<?php 19ob_start(); 20 21$_SERVER['HTTP_HOST'] = 'php.net'; 22ini_set('session.trans_sid_hosts','php.net,example.com'); 23 24echo "*** Testing basic session functionality : variation5 use_trans_sid ***\n"; 25echo "*** Test trans sid ***\n"; 26 27$session_id = 'testid'; 28session_id($session_id); 29session_start(); 30// Should add session ID to allowed hosts only for SECURITY 31echo ' 32<a href="/">test</a> 33<a href="/path">test</a> 34<a href="/path/">test</a> 35<a href="/path/?foo=var">test</a> 36<a href="../">test</a> 37<a href="../path">test</a> 38<a href="../path/">test</a> 39<a href="../path/?foo=var">test</a> 40 41<a href="/#bar">test</a> 42<a href="/path/#bar">test</a> 43<a href="/path/?foo=var#bar">test</a> 44<a href="../#bar">test</a> 45<a href="../path/#bar">test</a> 46<a href="../path/?foo=var#bar">test</a> 47 48<a href="/?foo">test</a> 49<a href="/?foo#bar">test</a> 50<a href="/?foo=var">test</a> 51<a href="/?foo=var#bar">test</a> 52<a href="../?foo">test</a> 53<a href="../?foo#bar">test</a> 54<a href="../?foo=var">test</a> 55<a href="../?foo=var#bar">test</a> 56 57<a href="file.php">test</a> 58<a href="file.php?foo">test</a> 59<a href="file.php?foo=var">test</a> 60<a href="file.php?foo=var#bar">test</a> 61<a href="../file.php">test</a> 62<a href="../file.php?foo">test</a> 63<a href="../file.php?foo=var">test</a> 64<a href="../file.php?foo=var#bar">test</a> 65 66<a href="http://php.net">test</a> 67<a href="http://php.net/">test</a> 68<a href="http://php.net/#bar">test</a> 69<a href="http://php.net/?foo">test</a> 70<a href="http://php.net/?foo#bar">test</a> 71<a href="http://php.net/?foo=var">test</a> 72<a href="http://php.net/?foo=var#bar">test</a> 73<a href="http://php.net/file.php">test</a> 74<a href="http://php.net/file.php#bar">test</a> 75<a href="http://php.net/file.php?foo">test</a> 76<a href="http://php.net/file.php?foo#bar">test</a> 77<a href="http://php.net/file.php?foo=var">test</a> 78<a href="http://php.net/file.php?foo=var#bar">test</a> 79<a href="http://php.net/some/path/file.php">test</a> 80<a href="http://php.net/some/path/file.php?foo">test</a> 81<a href="http://php.net/some/path/file.php?foo=var">test</a> 82<a href="http://php.net/some/path/file.php?foo=var#bar">test</a> 83 84<a href="https://php.net">test</a> 85<a href="https://php.net/">test</a> 86<a href="https://php.net/?foo=var#bar">test</a> 87<a href="https://php.net/file.php">test</a> 88<a href="https://php.net/file.php?foo=var#bar">test</a> 89<a href="https://php.net/some/path/file.php">test</a> 90<a href="https://php.net/some/path/file.php?foo=var#bar">test</a> 91<a href="https://php.net:8443">test</a> 92<a href="https://php.net:8443/">test</a> 93<a href="https://php.net:8443/?foo=var#bar">test</a> 94<a href="https://php.net:8443/file.php">test</a> 95<a href="https://php.net:8443/file.php?foo=var#bar">test</a> 96<a href="https://php.net:8443/some/path/file.php">test</a> 97<a href="https://php.net:8443/some/path/file.php?foo=var#bar">test</a> 98 99<a href="//php.net">test</a> 100<a href="//php.net/">test</a> 101<a href="//php.net/#bar">test</a> 102<a href="//php.net/?foo">test</a> 103<a href="//php.net/?foo#bar">test</a> 104<a href="//php.net/?foo=var">test</a> 105<a href="//php.net/?foo=var#bar">test</a> 106<a href="//php.net/file.php">test</a> 107<a href="//php.net/file.php#bar">test</a> 108<a href="//php.net/file.php?foo">test</a> 109<a href="//php.net/file.php?foo#bar">test</a> 110<a href="//php.net/file.php?foo=var">test</a> 111<a href="//php.net/file.php?foo=var#bar">test</a> 112<a href="//php.net/some/path/file.php">test</a> 113<a href="//php.net/some/path/file.php?foo">test</a> 114<a href="//php.net/some/path/file.php?foo=var">test</a> 115<a href="//php.net/some/path/file.php?foo=var#bar">test</a> 116 117<form action="script.php" method="post"> 118 <input type="text" name="test1"></input> 119 <input type="text" name="test2" /> 120</form> 121<form action="../script.php" method="post">r 122 <input type="text" name="test1"></input> 123 <input type="text" name="test2" /> 124</form> 125<form action="/path/script.php" method="post"> 126 <input type="text" name="test1"></input> 127 <input type="text" name="test2" /> 128</form> 129<form action="../path/script.php" method="post"> 130 <input type="text" name="test1"></input> 131 <input type="text" name="test2" /> 132</form> 133<form method="post" action="http://php.net/script.php"> 134 <input type="text" name="test1"></input> 135 <input type="text" name="test2" /> 136</form> 137<form method="post" action="https://php.net/script.php"> 138 <input type="text" name="test1"></input> 139 <input type="text" name="test2" /> 140</form> 141<form method="post" action="//php.net/script.php"> 142 <input type="text" name="test1"></input> 143 <input type="text" name="test2" /> 144</form> 145 146 147<a href="http://bad.com">test</a> 148<a href="http://bad.com/">test</a> 149<a href="http://bad.com/#bar">test</a> 150<a href="http://bad.com/?foo">test</a> 151<a href="http://bad.com/?foo#bar">test</a> 152<a href="http://bad.com/?foo=var">test</a> 153<a href="http://bad.com/?foo=var#bar">test</a> 154<a href="http://bad.com/file.php">test</a> 155<a href="http://bad.com/file.php#bar">test</a> 156<a href="http://bad.com/file.php?foo">test</a> 157<a href="http://bad.com/file.php?foo#bar">test</a> 158<a href="http://bad.com/file.php?foo=var">test</a> 159<a href="http://bad.com/file.php?foo=var#bar">test</a> 160<a href="http://bad.com/some/path/file.php">test</a> 161<a href="http://bad.com/some/path/file.php?foo">test</a> 162<a href="http://bad.com/some/path/file.php?foo=var">test</a> 163<a href="http://bad.com/some/path/file.php?foo=var#bar">test</a> 164 165<a href="https://bad.com">test</a> 166<a href="https://bad.com/">test</a> 167<a href="https://bad.com/?foo=var#bar">test</a> 168<a href="https://bad.com/file.php">test</a> 169<a href="https://bad.com/file.php?foo=var#bar">test</a> 170<a href="https://bad.com/some/path/file.php">test</a> 171<a href="https://bad.com/some/path/file.php?foo=var#bar">test</a> 172<a href="https://bad.com:8443">test</a> 173<a href="https://bad.com:8443/">test</a> 174<a href="https://bad.com:8443/?foo=var#bar">test</a> 175<a href="https://bad.com:8443/file.php">test</a> 176<a href="https://bad.com:8443/file.php?foo=var#bar">test</a> 177<a href="https://bad.com:8443/some/path/file.php">test</a> 178<a href="https://bad.com:8443/some/path/file.php?foo=var#bar">test</a> 179 180<a href="//bad.com">test</a> 181<a href="//bad.com/">test</a> 182<a href="//bad.com/#bar">test</a> 183<a href="//bad.com/?foo">test</a> 184<a href="//bad.com/?foo#bar">test</a> 185<a href="//bad.com/?foo=var">test</a> 186<a href="//bad.com/?foo=var#bar">test</a> 187<a href="//bad.com/file.php">test</a> 188<a href="//bad.com/file.php#bar">test</a> 189<a href="//bad.com/file.php?foo">test</a> 190<a href="//bad.com/file.php?foo#bar">test</a> 191<a href="//bad.com/file.php?foo=var">test</a> 192<a href="//bad.com/file.php?foo=var#bar">test</a> 193<a href="//bad.com/some/path/file.php">test</a> 194<a href="//bad.com/some/path/file.php?foo">test</a> 195<a href="//bad.com/some/path/file.php?foo=var">test</a> 196<a href="//bad.com/some/path/file.php?foo=var#bar">test</a> 197 198<form action="//bad.com/script.php" method="post"> 199 <input type="text" name="test1"></input> 200 <input type="text" name="test2" /> 201</form> 202<form action="https://bad.com/foo/../script.php" method="post"> 203 <input type="text" name="test1"></input> 204 <input type="text" name="test2" /> 205</form> 206<form action="https://bad.com//path/script.php" method="post"> 207 <input type="text" name="test1"></input> 208 <input type="text" name="test2" /> 209</form> 210<form action="https://bad.com/foo/bar../path/script.php" method="post"> 211 <input type="text" name="test1"></input> 212 <input type="text" name="test2" /> 213</form> 214<form method="post" action="http://bad.com/script.php"> 215 <input type="text" name="test1"></input> 216 <input type="text" name="test2" /> 217</form> 218<form method="post" action="https://bad.com/script.php"> 219 <input type="text" name="test1"></input> 220 <input type="text" name="test2" /> 221</form> 222<form method="post" action="//bad.com/script.php"> 223 <input type="text" name="test1"></input> 224 <input type="text" name="test2" /> 225</form> 226 227'; 228var_dump(session_commit()); 229 230echo "*** Cleanup ***\n"; 231var_dump(session_start()); 232var_dump(session_id()); 233var_dump(session_destroy()); 234 235ob_end_flush(); 236?> 237--EXPECT-- 238*** Testing basic session functionality : variation5 use_trans_sid *** 239*** Test trans sid *** 240 241<a href="/?PHPSESSID=testid">test</a> 242<a href="/path?PHPSESSID=testid">test</a> 243<a href="/path/?PHPSESSID=testid">test</a> 244<a href="/path/?foo=var&PHPSESSID=testid">test</a> 245<a href="../?PHPSESSID=testid">test</a> 246<a href="../path?PHPSESSID=testid">test</a> 247<a href="../path/?PHPSESSID=testid">test</a> 248<a href="../path/?foo=var&PHPSESSID=testid">test</a> 249 250<a href="/?PHPSESSID=testid#bar">test</a> 251<a href="/path/?PHPSESSID=testid#bar">test</a> 252<a href="/path/?foo=var&PHPSESSID=testid#bar">test</a> 253<a href="../?PHPSESSID=testid#bar">test</a> 254<a href="../path/?PHPSESSID=testid#bar">test</a> 255<a href="../path/?foo=var&PHPSESSID=testid#bar">test</a> 256 257<a href="/?foo&PHPSESSID=testid">test</a> 258<a href="/?foo&PHPSESSID=testid#bar">test</a> 259<a href="/?foo=var&PHPSESSID=testid">test</a> 260<a href="/?foo=var&PHPSESSID=testid#bar">test</a> 261<a href="../?foo&PHPSESSID=testid">test</a> 262<a href="../?foo&PHPSESSID=testid#bar">test</a> 263<a href="../?foo=var&PHPSESSID=testid">test</a> 264<a href="../?foo=var&PHPSESSID=testid#bar">test</a> 265 266<a href="file.php?PHPSESSID=testid">test</a> 267<a href="file.php?foo&PHPSESSID=testid">test</a> 268<a href="file.php?foo=var&PHPSESSID=testid">test</a> 269<a href="file.php?foo=var&PHPSESSID=testid#bar">test</a> 270<a href="../file.php?PHPSESSID=testid">test</a> 271<a href="../file.php?foo&PHPSESSID=testid">test</a> 272<a href="../file.php?foo=var&PHPSESSID=testid">test</a> 273<a href="../file.php?foo=var&PHPSESSID=testid#bar">test</a> 274 275<a href="http://php.net/?PHPSESSID=testid">test</a> 276<a href="http://php.net/?PHPSESSID=testid">test</a> 277<a href="http://php.net/?PHPSESSID=testid#bar">test</a> 278<a href="http://php.net/?foo&PHPSESSID=testid">test</a> 279<a href="http://php.net/?foo&PHPSESSID=testid#bar">test</a> 280<a href="http://php.net/?foo=var&PHPSESSID=testid">test</a> 281<a href="http://php.net/?foo=var&PHPSESSID=testid#bar">test</a> 282<a href="http://php.net/file.php?PHPSESSID=testid">test</a> 283<a href="http://php.net/file.php?PHPSESSID=testid#bar">test</a> 284<a href="http://php.net/file.php?foo&PHPSESSID=testid">test</a> 285<a href="http://php.net/file.php?foo&PHPSESSID=testid#bar">test</a> 286<a href="http://php.net/file.php?foo=var&PHPSESSID=testid">test</a> 287<a href="http://php.net/file.php?foo=var&PHPSESSID=testid#bar">test</a> 288<a href="http://php.net/some/path/file.php?PHPSESSID=testid">test</a> 289<a href="http://php.net/some/path/file.php?foo&PHPSESSID=testid">test</a> 290<a href="http://php.net/some/path/file.php?foo=var&PHPSESSID=testid">test</a> 291<a href="http://php.net/some/path/file.php?foo=var&PHPSESSID=testid#bar">test</a> 292 293<a href="https://php.net/?PHPSESSID=testid">test</a> 294<a href="https://php.net/?PHPSESSID=testid">test</a> 295<a href="https://php.net/?foo=var&PHPSESSID=testid#bar">test</a> 296<a href="https://php.net/file.php?PHPSESSID=testid">test</a> 297<a href="https://php.net/file.php?foo=var&PHPSESSID=testid#bar">test</a> 298<a href="https://php.net/some/path/file.php?PHPSESSID=testid">test</a> 299<a href="https://php.net/some/path/file.php?foo=var&PHPSESSID=testid#bar">test</a> 300<a href="https://php.net:8443/?PHPSESSID=testid">test</a> 301<a href="https://php.net:8443/?PHPSESSID=testid">test</a> 302<a href="https://php.net:8443/?foo=var&PHPSESSID=testid#bar">test</a> 303<a href="https://php.net:8443/file.php?PHPSESSID=testid">test</a> 304<a href="https://php.net:8443/file.php?foo=var&PHPSESSID=testid#bar">test</a> 305<a href="https://php.net:8443/some/path/file.php?PHPSESSID=testid">test</a> 306<a href="https://php.net:8443/some/path/file.php?foo=var&PHPSESSID=testid#bar">test</a> 307 308<a href="//php.net/?PHPSESSID=testid">test</a> 309<a href="//php.net/?PHPSESSID=testid">test</a> 310<a href="//php.net/?PHPSESSID=testid#bar">test</a> 311<a href="//php.net/?foo&PHPSESSID=testid">test</a> 312<a href="//php.net/?foo&PHPSESSID=testid#bar">test</a> 313<a href="//php.net/?foo=var&PHPSESSID=testid">test</a> 314<a href="//php.net/?foo=var&PHPSESSID=testid#bar">test</a> 315<a href="//php.net/file.php?PHPSESSID=testid">test</a> 316<a href="//php.net/file.php?PHPSESSID=testid#bar">test</a> 317<a href="//php.net/file.php?foo&PHPSESSID=testid">test</a> 318<a href="//php.net/file.php?foo&PHPSESSID=testid#bar">test</a> 319<a href="//php.net/file.php?foo=var&PHPSESSID=testid">test</a> 320<a href="//php.net/file.php?foo=var&PHPSESSID=testid#bar">test</a> 321<a href="//php.net/some/path/file.php?PHPSESSID=testid">test</a> 322<a href="//php.net/some/path/file.php?foo&PHPSESSID=testid">test</a> 323<a href="//php.net/some/path/file.php?foo=var&PHPSESSID=testid">test</a> 324<a href="//php.net/some/path/file.php?foo=var&PHPSESSID=testid#bar">test</a> 325 326<form action="script.php" method="post"><input type="hidden" name="PHPSESSID" value="testid" /> 327 <input type="text" name="test1"></input> 328 <input type="text" name="test2" /> 329</form> 330<form action="../script.php" method="post"><input type="hidden" name="PHPSESSID" value="testid" />r 331 <input type="text" name="test1"></input> 332 <input type="text" name="test2" /> 333</form> 334<form action="/path/script.php" method="post"><input type="hidden" name="PHPSESSID" value="testid" /> 335 <input type="text" name="test1"></input> 336 <input type="text" name="test2" /> 337</form> 338<form action="../path/script.php" method="post"><input type="hidden" name="PHPSESSID" value="testid" /> 339 <input type="text" name="test1"></input> 340 <input type="text" name="test2" /> 341</form> 342<form method="post" action="http://php.net/script.php"><input type="hidden" name="PHPSESSID" value="testid" /> 343 <input type="text" name="test1"></input> 344 <input type="text" name="test2" /> 345</form> 346<form method="post" action="https://php.net/script.php"><input type="hidden" name="PHPSESSID" value="testid" /> 347 <input type="text" name="test1"></input> 348 <input type="text" name="test2" /> 349</form> 350<form method="post" action="//php.net/script.php"><input type="hidden" name="PHPSESSID" value="testid" /> 351 <input type="text" name="test1"></input> 352 <input type="text" name="test2" /> 353</form> 354 355 356<a href="http://bad.com">test</a> 357<a href="http://bad.com/">test</a> 358<a href="http://bad.com/#bar">test</a> 359<a href="http://bad.com/?foo">test</a> 360<a href="http://bad.com/?foo#bar">test</a> 361<a href="http://bad.com/?foo=var">test</a> 362<a href="http://bad.com/?foo=var#bar">test</a> 363<a href="http://bad.com/file.php">test</a> 364<a href="http://bad.com/file.php#bar">test</a> 365<a href="http://bad.com/file.php?foo">test</a> 366<a href="http://bad.com/file.php?foo#bar">test</a> 367<a href="http://bad.com/file.php?foo=var">test</a> 368<a href="http://bad.com/file.php?foo=var#bar">test</a> 369<a href="http://bad.com/some/path/file.php">test</a> 370<a href="http://bad.com/some/path/file.php?foo">test</a> 371<a href="http://bad.com/some/path/file.php?foo=var">test</a> 372<a href="http://bad.com/some/path/file.php?foo=var#bar">test</a> 373 374<a href="https://bad.com">test</a> 375<a href="https://bad.com/">test</a> 376<a href="https://bad.com/?foo=var#bar">test</a> 377<a href="https://bad.com/file.php">test</a> 378<a href="https://bad.com/file.php?foo=var#bar">test</a> 379<a href="https://bad.com/some/path/file.php">test</a> 380<a href="https://bad.com/some/path/file.php?foo=var#bar">test</a> 381<a href="https://bad.com:8443">test</a> 382<a href="https://bad.com:8443/">test</a> 383<a href="https://bad.com:8443/?foo=var#bar">test</a> 384<a href="https://bad.com:8443/file.php">test</a> 385<a href="https://bad.com:8443/file.php?foo=var#bar">test</a> 386<a href="https://bad.com:8443/some/path/file.php">test</a> 387<a href="https://bad.com:8443/some/path/file.php?foo=var#bar">test</a> 388 389<a href="//bad.com">test</a> 390<a href="//bad.com/">test</a> 391<a href="//bad.com/#bar">test</a> 392<a href="//bad.com/?foo">test</a> 393<a href="//bad.com/?foo#bar">test</a> 394<a href="//bad.com/?foo=var">test</a> 395<a href="//bad.com/?foo=var#bar">test</a> 396<a href="//bad.com/file.php">test</a> 397<a href="//bad.com/file.php#bar">test</a> 398<a href="//bad.com/file.php?foo">test</a> 399<a href="//bad.com/file.php?foo#bar">test</a> 400<a href="//bad.com/file.php?foo=var">test</a> 401<a href="//bad.com/file.php?foo=var#bar">test</a> 402<a href="//bad.com/some/path/file.php">test</a> 403<a href="//bad.com/some/path/file.php?foo">test</a> 404<a href="//bad.com/some/path/file.php?foo=var">test</a> 405<a href="//bad.com/some/path/file.php?foo=var#bar">test</a> 406 407<form action="//bad.com/script.php" method="post"> 408 <input type="text" name="test1"></input> 409 <input type="text" name="test2" /> 410</form> 411<form action="https://bad.com/foo/../script.php" method="post"> 412 <input type="text" name="test1"></input> 413 <input type="text" name="test2" /> 414</form> 415<form action="https://bad.com//path/script.php" method="post"> 416 <input type="text" name="test1"></input> 417 <input type="text" name="test2" /> 418</form> 419<form action="https://bad.com/foo/bar../path/script.php" method="post"> 420 <input type="text" name="test1"></input> 421 <input type="text" name="test2" /> 422</form> 423<form method="post" action="http://bad.com/script.php"> 424 <input type="text" name="test1"></input> 425 <input type="text" name="test2" /> 426</form> 427<form method="post" action="https://bad.com/script.php"> 428 <input type="text" name="test1"></input> 429 <input type="text" name="test2" /> 430</form> 431<form method="post" action="//bad.com/script.php"> 432 <input type="text" name="test1"></input> 433 <input type="text" name="test2" /> 434</form> 435 436bool(true) 437*** Cleanup *** 438bool(true) 439string(6) "testid" 440bool(true) 441
