1--TEST-- 2rewriter handles form and fieldset tags correctly 3--SKIPIF-- 4<?php include('skipif.inc'); ?> 5--INI-- 6session.use_cookies=0 7session.use_only_cookies=0 8session.use_strict_mode=0 9session.cache_limiter= 10session.use_trans_sid=1 11url_rewriter.tags="a=href,area=href,frame=src,input=src,form=,fieldset=" 12session.name=PHPSESSID 13session.serialize_handler=php 14session.save_handler=files 15--FILE-- 16<?php 17 18error_reporting(E_ALL); 19ini_set('session.trans_sid_hosts', 'php.net'); 20$_SERVER['HTTP_HOST'] = 'php.net'; 21 22session_id("abtest"); 23session_start(); 24?> 25<form action="//bad.net/do.php"> 26<fieldset> 27<form action="//php.net/do.php"> 28<fieldset> 29<?php 30 31ob_flush(); 32 33ini_set("url_rewriter.tags", "a=href,area=href,frame=src,input=src,form="); 34 35?> 36<form action="../do.php"> 37<fieldset> 38<?php 39 40ob_flush(); 41 42ini_set("url_rewriter.tags", "a=href,area=href,frame=src,input=src,form=fakeentry"); 43 44?> 45<form action="/do.php"> 46<fieldset> 47<?php 48 49ob_flush(); 50 51ini_set("url_rewriter.tags", "a=href,fieldset=,area=href,frame=src,input=src"); 52 53?> 54<form action="/foo/do.php"> 55<fieldset> 56<?php 57 58session_destroy(); 59?> 60--EXPECT-- 61<form action="//bad.net/do.php"> 62<fieldset> 63<form action="//php.net/do.php"><input type="hidden" name="PHPSESSID" value="abtest" /> 64<fieldset> 65<form action="../do.php"><input type="hidden" name="PHPSESSID" value="abtest" /> 66<fieldset> 67<form action="/do.php"><input type="hidden" name="PHPSESSID" value="abtest" /> 68<fieldset> 69<form action="/foo/do.php"><input type="hidden" name="PHPSESSID" value="abtest" /> 70<fieldset> 71
