1--TEST-- 2Test basic function : variation5 use_trans_sid 3--INI-- 4session.use_strict_mode=0 5session.use_only_cookies=0 6session.use_trans_sid=1 7session.save_handler=files 8session.hash_bits_per_character=4 9session.hash_function=0 10session.gc_probability=1 11session.gc_divisor=1000 12session.gc_maxlifetime=300 13session.save_path= 14session.name=PHPSESSID 15--EXTENSIONS-- 16session 17--SKIPIF-- 18<?php include('skipif.inc'); ?> 19--FILE-- 20<?php 21ob_start(); 22 23$_SERVER['HTTP_HOST'] = 'php.net'; 24ini_set('session.trans_sid_hosts','php.net,example.com'); 25 26echo "*** Testing basic session functionality : variation5 use_trans_sid ***\n"; 27echo "*** Test trans sid ***\n"; 28 29$session_id = 'session-basic5'; 30session_id($session_id); 31session_start(); 32// Should add session ID to allowed hosts only for SECURITY 33echo ' 34<a href="/">test</a> 35<a href="/path">test</a> 36<a href="/path/">test</a> 37<a href="/path/?foo=var">test</a> 38<a href="../">test</a> 39<a href="../path">test</a> 40<a href="../path/">test</a> 41<a href="../path/?foo=var">test</a> 42 43<a href="/#bar">test</a> 44<a href="/path/#bar">test</a> 45<a href="/path/?foo=var#bar">test</a> 46<a href="../#bar">test</a> 47<a href="../path/#bar">test</a> 48<a href="../path/?foo=var#bar">test</a> 49 50<a href="/?foo">test</a> 51<a href="/?foo#bar">test</a> 52<a href="/?foo=var">test</a> 53<a href="/?foo=var#bar">test</a> 54<a href="../?foo">test</a> 55<a href="../?foo#bar">test</a> 56<a href="../?foo=var">test</a> 57<a href="../?foo=var#bar">test</a> 58 59<a href="file.php">test</a> 60<a href="file.php?foo">test</a> 61<a href="file.php?foo=var">test</a> 62<a href="file.php?foo=var#bar">test</a> 63<a href="../file.php">test</a> 64<a href="../file.php?foo">test</a> 65<a href="../file.php?foo=var">test</a> 66<a href="../file.php?foo=var#bar">test</a> 67 68<a href="http://php.net">test</a> 69<a href="http://php.net/">test</a> 70<a href="http://php.net/#bar">test</a> 71<a href="http://php.net/?foo">test</a> 72<a href="http://php.net/?foo#bar">test</a> 73<a href="http://php.net/?foo=var">test</a> 74<a href="http://php.net/?foo=var#bar">test</a> 75<a href="http://php.net/file.php">test</a> 76<a href="http://php.net/file.php#bar">test</a> 77<a href="http://php.net/file.php?foo">test</a> 78<a href="http://php.net/file.php?foo#bar">test</a> 79<a href="http://php.net/file.php?foo=var">test</a> 80<a href="http://php.net/file.php?foo=var#bar">test</a> 81<a href="http://php.net/some/path/file.php">test</a> 82<a href="http://php.net/some/path/file.php?foo">test</a> 83<a href="http://php.net/some/path/file.php?foo=var">test</a> 84<a href="http://php.net/some/path/file.php?foo=var#bar">test</a> 85 86<a href="https://php.net">test</a> 87<a href="https://php.net/">test</a> 88<a href="https://php.net/?foo=var#bar">test</a> 89<a href="https://php.net/file.php">test</a> 90<a href="https://php.net/file.php?foo=var#bar">test</a> 91<a href="https://php.net/some/path/file.php">test</a> 92<a href="https://php.net/some/path/file.php?foo=var#bar">test</a> 93<a href="https://php.net:8443">test</a> 94<a href="https://php.net:8443/">test</a> 95<a href="https://php.net:8443/?foo=var#bar">test</a> 96<a href="https://php.net:8443/file.php">test</a> 97<a href="https://php.net:8443/file.php?foo=var#bar">test</a> 98<a href="https://php.net:8443/some/path/file.php">test</a> 99<a href="https://php.net:8443/some/path/file.php?foo=var#bar">test</a> 100 101<a href="//php.net">test</a> 102<a href="//php.net/">test</a> 103<a href="//php.net/#bar">test</a> 104<a href="//php.net/?foo">test</a> 105<a href="//php.net/?foo#bar">test</a> 106<a href="//php.net/?foo=var">test</a> 107<a href="//php.net/?foo=var#bar">test</a> 108<a href="//php.net/file.php">test</a> 109<a href="//php.net/file.php#bar">test</a> 110<a href="//php.net/file.php?foo">test</a> 111<a href="//php.net/file.php?foo#bar">test</a> 112<a href="//php.net/file.php?foo=var">test</a> 113<a href="//php.net/file.php?foo=var#bar">test</a> 114<a href="//php.net/some/path/file.php">test</a> 115<a href="//php.net/some/path/file.php?foo">test</a> 116<a href="//php.net/some/path/file.php?foo=var">test</a> 117<a href="//php.net/some/path/file.php?foo=var#bar">test</a> 118 119<form action="script.php" method="post"> 120 <input type="text" name="test1"></input> 121 <input type="text" name="test2" /> 122</form> 123<form action="../script.php" method="post">r 124 <input type="text" name="test1"></input> 125 <input type="text" name="test2" /> 126</form> 127<form action="/path/script.php" method="post"> 128 <input type="text" name="test1"></input> 129 <input type="text" name="test2" /> 130</form> 131<form action="../path/script.php" method="post"> 132 <input type="text" name="test1"></input> 133 <input type="text" name="test2" /> 134</form> 135<form method="post" action="http://php.net/script.php"> 136 <input type="text" name="test1"></input> 137 <input type="text" name="test2" /> 138</form> 139<form method="post" action="https://php.net/script.php"> 140 <input type="text" name="test1"></input> 141 <input type="text" name="test2" /> 142</form> 143<form method="post" action="//php.net/script.php"> 144 <input type="text" name="test1"></input> 145 <input type="text" name="test2" /> 146</form> 147 148 149<a href="http://bad.com">test</a> 150<a href="http://bad.com/">test</a> 151<a href="http://bad.com/#bar">test</a> 152<a href="http://bad.com/?foo">test</a> 153<a href="http://bad.com/?foo#bar">test</a> 154<a href="http://bad.com/?foo=var">test</a> 155<a href="http://bad.com/?foo=var#bar">test</a> 156<a href="http://bad.com/file.php">test</a> 157<a href="http://bad.com/file.php#bar">test</a> 158<a href="http://bad.com/file.php?foo">test</a> 159<a href="http://bad.com/file.php?foo#bar">test</a> 160<a href="http://bad.com/file.php?foo=var">test</a> 161<a href="http://bad.com/file.php?foo=var#bar">test</a> 162<a href="http://bad.com/some/path/file.php">test</a> 163<a href="http://bad.com/some/path/file.php?foo">test</a> 164<a href="http://bad.com/some/path/file.php?foo=var">test</a> 165<a href="http://bad.com/some/path/file.php?foo=var#bar">test</a> 166 167<a href="https://bad.com">test</a> 168<a href="https://bad.com/">test</a> 169<a href="https://bad.com/?foo=var#bar">test</a> 170<a href="https://bad.com/file.php">test</a> 171<a href="https://bad.com/file.php?foo=var#bar">test</a> 172<a href="https://bad.com/some/path/file.php">test</a> 173<a href="https://bad.com/some/path/file.php?foo=var#bar">test</a> 174<a href="https://bad.com:8443">test</a> 175<a href="https://bad.com:8443/">test</a> 176<a href="https://bad.com:8443/?foo=var#bar">test</a> 177<a href="https://bad.com:8443/file.php">test</a> 178<a href="https://bad.com:8443/file.php?foo=var#bar">test</a> 179<a href="https://bad.com:8443/some/path/file.php">test</a> 180<a href="https://bad.com:8443/some/path/file.php?foo=var#bar">test</a> 181 182<a href="//bad.com">test</a> 183<a href="//bad.com/">test</a> 184<a href="//bad.com/#bar">test</a> 185<a href="//bad.com/?foo">test</a> 186<a href="//bad.com/?foo#bar">test</a> 187<a href="//bad.com/?foo=var">test</a> 188<a href="//bad.com/?foo=var#bar">test</a> 189<a href="//bad.com/file.php">test</a> 190<a href="//bad.com/file.php#bar">test</a> 191<a href="//bad.com/file.php?foo">test</a> 192<a href="//bad.com/file.php?foo#bar">test</a> 193<a href="//bad.com/file.php?foo=var">test</a> 194<a href="//bad.com/file.php?foo=var#bar">test</a> 195<a href="//bad.com/some/path/file.php">test</a> 196<a href="//bad.com/some/path/file.php?foo">test</a> 197<a href="//bad.com/some/path/file.php?foo=var">test</a> 198<a href="//bad.com/some/path/file.php?foo=var#bar">test</a> 199 200<form action="//bad.com/script.php" method="post"> 201 <input type="text" name="test1"></input> 202 <input type="text" name="test2" /> 203</form> 204<form action="https://bad.com/foo/../script.php" method="post"> 205 <input type="text" name="test1"></input> 206 <input type="text" name="test2" /> 207</form> 208<form action="https://bad.com//path/script.php" method="post"> 209 <input type="text" name="test1"></input> 210 <input type="text" name="test2" /> 211</form> 212<form action="https://bad.com/foo/bar../path/script.php" method="post"> 213 <input type="text" name="test1"></input> 214 <input type="text" name="test2" /> 215</form> 216<form method="post" action="http://bad.com/script.php"> 217 <input type="text" name="test1"></input> 218 <input type="text" name="test2" /> 219</form> 220<form method="post" action="https://bad.com/script.php"> 221 <input type="text" name="test1"></input> 222 <input type="text" name="test2" /> 223</form> 224<form method="post" action="//bad.com/script.php"> 225 <input type="text" name="test1"></input> 226 <input type="text" name="test2" /> 227</form> 228 229'; 230var_dump(session_commit()); 231 232echo "*** Cleanup ***\n"; 233var_dump(session_start()); 234var_dump(session_id()); 235var_dump(session_destroy()); 236 237ob_end_flush(); 238?> 239--EXPECT-- 240*** Testing basic session functionality : variation5 use_trans_sid *** 241*** Test trans sid *** 242 243<a href="/?PHPSESSID=session-basic5">test</a> 244<a href="/path?PHPSESSID=session-basic5">test</a> 245<a href="/path/?PHPSESSID=session-basic5">test</a> 246<a href="/path/?foo=var&PHPSESSID=session-basic5">test</a> 247<a href="../?PHPSESSID=session-basic5">test</a> 248<a href="../path?PHPSESSID=session-basic5">test</a> 249<a href="../path/?PHPSESSID=session-basic5">test</a> 250<a href="../path/?foo=var&PHPSESSID=session-basic5">test</a> 251 252<a href="/?PHPSESSID=session-basic5#bar">test</a> 253<a href="/path/?PHPSESSID=session-basic5#bar">test</a> 254<a href="/path/?foo=var&PHPSESSID=session-basic5#bar">test</a> 255<a href="../?PHPSESSID=session-basic5#bar">test</a> 256<a href="../path/?PHPSESSID=session-basic5#bar">test</a> 257<a href="../path/?foo=var&PHPSESSID=session-basic5#bar">test</a> 258 259<a href="/?foo&PHPSESSID=session-basic5">test</a> 260<a href="/?foo&PHPSESSID=session-basic5#bar">test</a> 261<a href="/?foo=var&PHPSESSID=session-basic5">test</a> 262<a href="/?foo=var&PHPSESSID=session-basic5#bar">test</a> 263<a href="../?foo&PHPSESSID=session-basic5">test</a> 264<a href="../?foo&PHPSESSID=session-basic5#bar">test</a> 265<a href="../?foo=var&PHPSESSID=session-basic5">test</a> 266<a href="../?foo=var&PHPSESSID=session-basic5#bar">test</a> 267 268<a href="file.php?PHPSESSID=session-basic5">test</a> 269<a href="file.php?foo&PHPSESSID=session-basic5">test</a> 270<a href="file.php?foo=var&PHPSESSID=session-basic5">test</a> 271<a href="file.php?foo=var&PHPSESSID=session-basic5#bar">test</a> 272<a href="../file.php?PHPSESSID=session-basic5">test</a> 273<a href="../file.php?foo&PHPSESSID=session-basic5">test</a> 274<a href="../file.php?foo=var&PHPSESSID=session-basic5">test</a> 275<a href="../file.php?foo=var&PHPSESSID=session-basic5#bar">test</a> 276 277<a href="http://php.net/?PHPSESSID=session-basic5">test</a> 278<a href="http://php.net/?PHPSESSID=session-basic5">test</a> 279<a href="http://php.net/?PHPSESSID=session-basic5#bar">test</a> 280<a href="http://php.net/?foo&PHPSESSID=session-basic5">test</a> 281<a href="http://php.net/?foo&PHPSESSID=session-basic5#bar">test</a> 282<a href="http://php.net/?foo=var&PHPSESSID=session-basic5">test</a> 283<a href="http://php.net/?foo=var&PHPSESSID=session-basic5#bar">test</a> 284<a href="http://php.net/file.php?PHPSESSID=session-basic5">test</a> 285<a href="http://php.net/file.php?PHPSESSID=session-basic5#bar">test</a> 286<a href="http://php.net/file.php?foo&PHPSESSID=session-basic5">test</a> 287<a href="http://php.net/file.php?foo&PHPSESSID=session-basic5#bar">test</a> 288<a href="http://php.net/file.php?foo=var&PHPSESSID=session-basic5">test</a> 289<a href="http://php.net/file.php?foo=var&PHPSESSID=session-basic5#bar">test</a> 290<a href="http://php.net/some/path/file.php?PHPSESSID=session-basic5">test</a> 291<a href="http://php.net/some/path/file.php?foo&PHPSESSID=session-basic5">test</a> 292<a href="http://php.net/some/path/file.php?foo=var&PHPSESSID=session-basic5">test</a> 293<a href="http://php.net/some/path/file.php?foo=var&PHPSESSID=session-basic5#bar">test</a> 294 295<a href="https://php.net/?PHPSESSID=session-basic5">test</a> 296<a href="https://php.net/?PHPSESSID=session-basic5">test</a> 297<a href="https://php.net/?foo=var&PHPSESSID=session-basic5#bar">test</a> 298<a href="https://php.net/file.php?PHPSESSID=session-basic5">test</a> 299<a href="https://php.net/file.php?foo=var&PHPSESSID=session-basic5#bar">test</a> 300<a href="https://php.net/some/path/file.php?PHPSESSID=session-basic5">test</a> 301<a href="https://php.net/some/path/file.php?foo=var&PHPSESSID=session-basic5#bar">test</a> 302<a href="https://php.net:8443/?PHPSESSID=session-basic5">test</a> 303<a href="https://php.net:8443/?PHPSESSID=session-basic5">test</a> 304<a href="https://php.net:8443/?foo=var&PHPSESSID=session-basic5#bar">test</a> 305<a href="https://php.net:8443/file.php?PHPSESSID=session-basic5">test</a> 306<a href="https://php.net:8443/file.php?foo=var&PHPSESSID=session-basic5#bar">test</a> 307<a href="https://php.net:8443/some/path/file.php?PHPSESSID=session-basic5">test</a> 308<a href="https://php.net:8443/some/path/file.php?foo=var&PHPSESSID=session-basic5#bar">test</a> 309 310<a href="//php.net/?PHPSESSID=session-basic5">test</a> 311<a href="//php.net/?PHPSESSID=session-basic5">test</a> 312<a href="//php.net/?PHPSESSID=session-basic5#bar">test</a> 313<a href="//php.net/?foo&PHPSESSID=session-basic5">test</a> 314<a href="//php.net/?foo&PHPSESSID=session-basic5#bar">test</a> 315<a href="//php.net/?foo=var&PHPSESSID=session-basic5">test</a> 316<a href="//php.net/?foo=var&PHPSESSID=session-basic5#bar">test</a> 317<a href="//php.net/file.php?PHPSESSID=session-basic5">test</a> 318<a href="//php.net/file.php?PHPSESSID=session-basic5#bar">test</a> 319<a href="//php.net/file.php?foo&PHPSESSID=session-basic5">test</a> 320<a href="//php.net/file.php?foo&PHPSESSID=session-basic5#bar">test</a> 321<a href="//php.net/file.php?foo=var&PHPSESSID=session-basic5">test</a> 322<a href="//php.net/file.php?foo=var&PHPSESSID=session-basic5#bar">test</a> 323<a href="//php.net/some/path/file.php?PHPSESSID=session-basic5">test</a> 324<a href="//php.net/some/path/file.php?foo&PHPSESSID=session-basic5">test</a> 325<a href="//php.net/some/path/file.php?foo=var&PHPSESSID=session-basic5">test</a> 326<a href="//php.net/some/path/file.php?foo=var&PHPSESSID=session-basic5#bar">test</a> 327 328<form action="script.php" method="post"><input type="hidden" name="PHPSESSID" value="session-basic5" /> 329 <input type="text" name="test1"></input> 330 <input type="text" name="test2" /> 331</form> 332<form action="../script.php" method="post"><input type="hidden" name="PHPSESSID" value="session-basic5" />r 333 <input type="text" name="test1"></input> 334 <input type="text" name="test2" /> 335</form> 336<form action="/path/script.php" method="post"><input type="hidden" name="PHPSESSID" value="session-basic5" /> 337 <input type="text" name="test1"></input> 338 <input type="text" name="test2" /> 339</form> 340<form action="../path/script.php" method="post"><input type="hidden" name="PHPSESSID" value="session-basic5" /> 341 <input type="text" name="test1"></input> 342 <input type="text" name="test2" /> 343</form> 344<form method="post" action="http://php.net/script.php"><input type="hidden" name="PHPSESSID" value="session-basic5" /> 345 <input type="text" name="test1"></input> 346 <input type="text" name="test2" /> 347</form> 348<form method="post" action="https://php.net/script.php"><input type="hidden" name="PHPSESSID" value="session-basic5" /> 349 <input type="text" name="test1"></input> 350 <input type="text" name="test2" /> 351</form> 352<form method="post" action="//php.net/script.php"><input type="hidden" name="PHPSESSID" value="session-basic5" /> 353 <input type="text" name="test1"></input> 354 <input type="text" name="test2" /> 355</form> 356 357 358<a href="http://bad.com">test</a> 359<a href="http://bad.com/">test</a> 360<a href="http://bad.com/#bar">test</a> 361<a href="http://bad.com/?foo">test</a> 362<a href="http://bad.com/?foo#bar">test</a> 363<a href="http://bad.com/?foo=var">test</a> 364<a href="http://bad.com/?foo=var#bar">test</a> 365<a href="http://bad.com/file.php">test</a> 366<a href="http://bad.com/file.php#bar">test</a> 367<a href="http://bad.com/file.php?foo">test</a> 368<a href="http://bad.com/file.php?foo#bar">test</a> 369<a href="http://bad.com/file.php?foo=var">test</a> 370<a href="http://bad.com/file.php?foo=var#bar">test</a> 371<a href="http://bad.com/some/path/file.php">test</a> 372<a href="http://bad.com/some/path/file.php?foo">test</a> 373<a href="http://bad.com/some/path/file.php?foo=var">test</a> 374<a href="http://bad.com/some/path/file.php?foo=var#bar">test</a> 375 376<a href="https://bad.com">test</a> 377<a href="https://bad.com/">test</a> 378<a href="https://bad.com/?foo=var#bar">test</a> 379<a href="https://bad.com/file.php">test</a> 380<a href="https://bad.com/file.php?foo=var#bar">test</a> 381<a href="https://bad.com/some/path/file.php">test</a> 382<a href="https://bad.com/some/path/file.php?foo=var#bar">test</a> 383<a href="https://bad.com:8443">test</a> 384<a href="https://bad.com:8443/">test</a> 385<a href="https://bad.com:8443/?foo=var#bar">test</a> 386<a href="https://bad.com:8443/file.php">test</a> 387<a href="https://bad.com:8443/file.php?foo=var#bar">test</a> 388<a href="https://bad.com:8443/some/path/file.php">test</a> 389<a href="https://bad.com:8443/some/path/file.php?foo=var#bar">test</a> 390 391<a href="//bad.com">test</a> 392<a href="//bad.com/">test</a> 393<a href="//bad.com/#bar">test</a> 394<a href="//bad.com/?foo">test</a> 395<a href="//bad.com/?foo#bar">test</a> 396<a href="//bad.com/?foo=var">test</a> 397<a href="//bad.com/?foo=var#bar">test</a> 398<a href="//bad.com/file.php">test</a> 399<a href="//bad.com/file.php#bar">test</a> 400<a href="//bad.com/file.php?foo">test</a> 401<a href="//bad.com/file.php?foo#bar">test</a> 402<a href="//bad.com/file.php?foo=var">test</a> 403<a href="//bad.com/file.php?foo=var#bar">test</a> 404<a href="//bad.com/some/path/file.php">test</a> 405<a href="//bad.com/some/path/file.php?foo">test</a> 406<a href="//bad.com/some/path/file.php?foo=var">test</a> 407<a href="//bad.com/some/path/file.php?foo=var#bar">test</a> 408 409<form action="//bad.com/script.php" method="post"> 410 <input type="text" name="test1"></input> 411 <input type="text" name="test2" /> 412</form> 413<form action="https://bad.com/foo/../script.php" method="post"> 414 <input type="text" name="test1"></input> 415 <input type="text" name="test2" /> 416</form> 417<form action="https://bad.com//path/script.php" method="post"> 418 <input type="text" name="test1"></input> 419 <input type="text" name="test2" /> 420</form> 421<form action="https://bad.com/foo/bar../path/script.php" method="post"> 422 <input type="text" name="test1"></input> 423 <input type="text" name="test2" /> 424</form> 425<form method="post" action="http://bad.com/script.php"> 426 <input type="text" name="test1"></input> 427 <input type="text" name="test2" /> 428</form> 429<form method="post" action="https://bad.com/script.php"> 430 <input type="text" name="test1"></input> 431 <input type="text" name="test2" /> 432</form> 433<form method="post" action="//bad.com/script.php"> 434 <input type="text" name="test1"></input> 435 <input type="text" name="test2" /> 436</form> 437 438bool(true) 439*** Cleanup *** 440bool(true) 441string(14) "session-basic5" 442bool(true) 443
