1--TEST-- 2Test basic function : variation5 use_trans_sid 3--INI-- 4session.use_strict_mode=0 5session.use_only_cookies=0 6session.use_trans_sid=1 7session.save_handler=files 8session.gc_probability=1 9session.gc_divisor=1000 10session.gc_maxlifetime=300 11session.save_path= 12session.name=PHPSESSID 13--EXTENSIONS-- 14session 15--SKIPIF-- 16<?php include('skipif.inc'); ?> 17--FILE-- 18<?php 19ob_start(); 20 21$_SERVER['HTTP_HOST'] = 'php.net'; 22ini_set('session.trans_sid_hosts','php.net,example.com'); 23 24echo "*** Testing basic session functionality : variation5 use_trans_sid ***\n"; 25echo "*** Test trans sid ***\n"; 26 27$session_id = 'session-basic5'; 28session_id($session_id); 29session_start(); 30// Should add session ID to allowed hosts only for SECURITY 31echo ' 32<a href="/">test</a> 33<a href="/path">test</a> 34<a href="/path/">test</a> 35<a href="/path/?foo=var">test</a> 36<a href="../">test</a> 37<a href="../path">test</a> 38<a href="../path/">test</a> 39<a href="../path/?foo=var">test</a> 40 41<a href="/#bar">test</a> 42<a href="/path/#bar">test</a> 43<a href="/path/?foo=var#bar">test</a> 44<a href="../#bar">test</a> 45<a href="../path/#bar">test</a> 46<a href="../path/?foo=var#bar">test</a> 47 48<a href="/?foo">test</a> 49<a href="/?foo#bar">test</a> 50<a href="/?foo=var">test</a> 51<a href="/?foo=var#bar">test</a> 52<a href="../?foo">test</a> 53<a href="../?foo#bar">test</a> 54<a href="../?foo=var">test</a> 55<a href="../?foo=var#bar">test</a> 56 57<a href="file.php">test</a> 58<a href="file.php?foo">test</a> 59<a href="file.php?foo=var">test</a> 60<a href="file.php?foo=var#bar">test</a> 61<a href="../file.php">test</a> 62<a href="../file.php?foo">test</a> 63<a href="../file.php?foo=var">test</a> 64<a href="../file.php?foo=var#bar">test</a> 65 66<a href="http://php.net">test</a> 67<a href="http://php.net/">test</a> 68<a href="http://php.net/#bar">test</a> 69<a href="http://php.net/?foo">test</a> 70<a href="http://php.net/?foo#bar">test</a> 71<a href="http://php.net/?foo=var">test</a> 72<a href="http://php.net/?foo=var#bar">test</a> 73<a href="http://php.net/file.php">test</a> 74<a href="http://php.net/file.php#bar">test</a> 75<a href="http://php.net/file.php?foo">test</a> 76<a href="http://php.net/file.php?foo#bar">test</a> 77<a href="http://php.net/file.php?foo=var">test</a> 78<a href="http://php.net/file.php?foo=var#bar">test</a> 79<a href="http://php.net/some/path/file.php">test</a> 80<a href="http://php.net/some/path/file.php?foo">test</a> 81<a href="http://php.net/some/path/file.php?foo=var">test</a> 82<a href="http://php.net/some/path/file.php?foo=var#bar">test</a> 83 84<a href="https://php.net">test</a> 85<a href="https://php.net/">test</a> 86<a href="https://php.net/?foo=var#bar">test</a> 87<a href="https://php.net/file.php">test</a> 88<a href="https://php.net/file.php?foo=var#bar">test</a> 89<a href="https://php.net/some/path/file.php">test</a> 90<a href="https://php.net/some/path/file.php?foo=var#bar">test</a> 91<a href="https://php.net:8443">test</a> 92<a href="https://php.net:8443/">test</a> 93<a href="https://php.net:8443/?foo=var#bar">test</a> 94<a href="https://php.net:8443/file.php">test</a> 95<a href="https://php.net:8443/file.php?foo=var#bar">test</a> 96<a href="https://php.net:8443/some/path/file.php">test</a> 97<a href="https://php.net:8443/some/path/file.php?foo=var#bar">test</a> 98 99<a href="//php.net">test</a> 100<a href="//php.net/">test</a> 101<a href="//php.net/#bar">test</a> 102<a href="//php.net/?foo">test</a> 103<a href="//php.net/?foo#bar">test</a> 104<a href="//php.net/?foo=var">test</a> 105<a href="//php.net/?foo=var#bar">test</a> 106<a href="//php.net/file.php">test</a> 107<a href="//php.net/file.php#bar">test</a> 108<a href="//php.net/file.php?foo">test</a> 109<a href="//php.net/file.php?foo#bar">test</a> 110<a href="//php.net/file.php?foo=var">test</a> 111<a href="//php.net/file.php?foo=var#bar">test</a> 112<a href="//php.net/some/path/file.php">test</a> 113<a href="//php.net/some/path/file.php?foo">test</a> 114<a href="//php.net/some/path/file.php?foo=var">test</a> 115<a href="//php.net/some/path/file.php?foo=var#bar">test</a> 116 117<form action="script.php" method="post"> 118 <input type="text" name="test1"></input> 119 <input type="text" name="test2" /> 120</form> 121<form action="../script.php" method="post">r 122 <input type="text" name="test1"></input> 123 <input type="text" name="test2" /> 124</form> 125<form action="/path/script.php" method="post"> 126 <input type="text" name="test1"></input> 127 <input type="text" name="test2" /> 128</form> 129<form action="../path/script.php" method="post"> 130 <input type="text" name="test1"></input> 131 <input type="text" name="test2" /> 132</form> 133<form method="post" action="http://php.net/script.php"> 134 <input type="text" name="test1"></input> 135 <input type="text" name="test2" /> 136</form> 137<form method="post" action="https://php.net/script.php"> 138 <input type="text" name="test1"></input> 139 <input type="text" name="test2" /> 140</form> 141<form method="post" action="//php.net/script.php"> 142 <input type="text" name="test1"></input> 143 <input type="text" name="test2" /> 144</form> 145 146 147<a href="http://bad.com">test</a> 148<a href="http://bad.com/">test</a> 149<a href="http://bad.com/#bar">test</a> 150<a href="http://bad.com/?foo">test</a> 151<a href="http://bad.com/?foo#bar">test</a> 152<a href="http://bad.com/?foo=var">test</a> 153<a href="http://bad.com/?foo=var#bar">test</a> 154<a href="http://bad.com/file.php">test</a> 155<a href="http://bad.com/file.php#bar">test</a> 156<a href="http://bad.com/file.php?foo">test</a> 157<a href="http://bad.com/file.php?foo#bar">test</a> 158<a href="http://bad.com/file.php?foo=var">test</a> 159<a href="http://bad.com/file.php?foo=var#bar">test</a> 160<a href="http://bad.com/some/path/file.php">test</a> 161<a href="http://bad.com/some/path/file.php?foo">test</a> 162<a href="http://bad.com/some/path/file.php?foo=var">test</a> 163<a href="http://bad.com/some/path/file.php?foo=var#bar">test</a> 164 165<a href="https://bad.com">test</a> 166<a href="https://bad.com/">test</a> 167<a href="https://bad.com/?foo=var#bar">test</a> 168<a href="https://bad.com/file.php">test</a> 169<a href="https://bad.com/file.php?foo=var#bar">test</a> 170<a href="https://bad.com/some/path/file.php">test</a> 171<a href="https://bad.com/some/path/file.php?foo=var#bar">test</a> 172<a href="https://bad.com:8443">test</a> 173<a href="https://bad.com:8443/">test</a> 174<a href="https://bad.com:8443/?foo=var#bar">test</a> 175<a href="https://bad.com:8443/file.php">test</a> 176<a href="https://bad.com:8443/file.php?foo=var#bar">test</a> 177<a href="https://bad.com:8443/some/path/file.php">test</a> 178<a href="https://bad.com:8443/some/path/file.php?foo=var#bar">test</a> 179 180<a href="//bad.com">test</a> 181<a href="//bad.com/">test</a> 182<a href="//bad.com/#bar">test</a> 183<a href="//bad.com/?foo">test</a> 184<a href="//bad.com/?foo#bar">test</a> 185<a href="//bad.com/?foo=var">test</a> 186<a href="//bad.com/?foo=var#bar">test</a> 187<a href="//bad.com/file.php">test</a> 188<a href="//bad.com/file.php#bar">test</a> 189<a href="//bad.com/file.php?foo">test</a> 190<a href="//bad.com/file.php?foo#bar">test</a> 191<a href="//bad.com/file.php?foo=var">test</a> 192<a href="//bad.com/file.php?foo=var#bar">test</a> 193<a href="//bad.com/some/path/file.php">test</a> 194<a href="//bad.com/some/path/file.php?foo">test</a> 195<a href="//bad.com/some/path/file.php?foo=var">test</a> 196<a href="//bad.com/some/path/file.php?foo=var#bar">test</a> 197 198<form action="//bad.com/script.php" method="post"> 199 <input type="text" name="test1"></input> 200 <input type="text" name="test2" /> 201</form> 202<form action="https://bad.com/foo/../script.php" method="post"> 203 <input type="text" name="test1"></input> 204 <input type="text" name="test2" /> 205</form> 206<form action="https://bad.com//path/script.php" method="post"> 207 <input type="text" name="test1"></input> 208 <input type="text" name="test2" /> 209</form> 210<form action="https://bad.com/foo/bar../path/script.php" method="post"> 211 <input type="text" name="test1"></input> 212 <input type="text" name="test2" /> 213</form> 214<form method="post" action="http://bad.com/script.php"> 215 <input type="text" name="test1"></input> 216 <input type="text" name="test2" /> 217</form> 218<form method="post" action="https://bad.com/script.php"> 219 <input type="text" name="test1"></input> 220 <input type="text" name="test2" /> 221</form> 222<form method="post" action="//bad.com/script.php"> 223 <input type="text" name="test1"></input> 224 <input type="text" name="test2" /> 225</form> 226 227'; 228var_dump(session_commit()); 229 230echo "*** Cleanup ***\n"; 231var_dump(session_start()); 232var_dump(session_id()); 233var_dump(session_destroy()); 234 235ob_end_flush(); 236?> 237--EXPECTF-- 238Deprecated: PHP Startup: Disabling session.use_only_cookies INI setting is deprecated in Unknown on line 0 239 240Deprecated: PHP Startup: Enabling session.use_trans_sid INI setting is deprecated in Unknown on line 0 241 242Deprecated: ini_set(): Usage of session.trans_sid_hosts INI setting is deprecated in %s on line 5 243*** Testing basic session functionality : variation5 use_trans_sid *** 244*** Test trans sid *** 245 246<a href="/?PHPSESSID=session-basic5">test</a> 247<a href="/path?PHPSESSID=session-basic5">test</a> 248<a href="/path/?PHPSESSID=session-basic5">test</a> 249<a href="/path/?foo=var&PHPSESSID=session-basic5">test</a> 250<a href="../?PHPSESSID=session-basic5">test</a> 251<a href="../path?PHPSESSID=session-basic5">test</a> 252<a href="../path/?PHPSESSID=session-basic5">test</a> 253<a href="../path/?foo=var&PHPSESSID=session-basic5">test</a> 254 255<a href="/?PHPSESSID=session-basic5#bar">test</a> 256<a href="/path/?PHPSESSID=session-basic5#bar">test</a> 257<a href="/path/?foo=var&PHPSESSID=session-basic5#bar">test</a> 258<a href="../?PHPSESSID=session-basic5#bar">test</a> 259<a href="../path/?PHPSESSID=session-basic5#bar">test</a> 260<a href="../path/?foo=var&PHPSESSID=session-basic5#bar">test</a> 261 262<a href="/?foo&PHPSESSID=session-basic5">test</a> 263<a href="/?foo&PHPSESSID=session-basic5#bar">test</a> 264<a href="/?foo=var&PHPSESSID=session-basic5">test</a> 265<a href="/?foo=var&PHPSESSID=session-basic5#bar">test</a> 266<a href="../?foo&PHPSESSID=session-basic5">test</a> 267<a href="../?foo&PHPSESSID=session-basic5#bar">test</a> 268<a href="../?foo=var&PHPSESSID=session-basic5">test</a> 269<a href="../?foo=var&PHPSESSID=session-basic5#bar">test</a> 270 271<a href="file.php?PHPSESSID=session-basic5">test</a> 272<a href="file.php?foo&PHPSESSID=session-basic5">test</a> 273<a href="file.php?foo=var&PHPSESSID=session-basic5">test</a> 274<a href="file.php?foo=var&PHPSESSID=session-basic5#bar">test</a> 275<a href="../file.php?PHPSESSID=session-basic5">test</a> 276<a href="../file.php?foo&PHPSESSID=session-basic5">test</a> 277<a href="../file.php?foo=var&PHPSESSID=session-basic5">test</a> 278<a href="../file.php?foo=var&PHPSESSID=session-basic5#bar">test</a> 279 280<a href="http://php.net/?PHPSESSID=session-basic5">test</a> 281<a href="http://php.net/?PHPSESSID=session-basic5">test</a> 282<a href="http://php.net/?PHPSESSID=session-basic5#bar">test</a> 283<a href="http://php.net/?foo&PHPSESSID=session-basic5">test</a> 284<a href="http://php.net/?foo&PHPSESSID=session-basic5#bar">test</a> 285<a href="http://php.net/?foo=var&PHPSESSID=session-basic5">test</a> 286<a href="http://php.net/?foo=var&PHPSESSID=session-basic5#bar">test</a> 287<a href="http://php.net/file.php?PHPSESSID=session-basic5">test</a> 288<a href="http://php.net/file.php?PHPSESSID=session-basic5#bar">test</a> 289<a href="http://php.net/file.php?foo&PHPSESSID=session-basic5">test</a> 290<a href="http://php.net/file.php?foo&PHPSESSID=session-basic5#bar">test</a> 291<a href="http://php.net/file.php?foo=var&PHPSESSID=session-basic5">test</a> 292<a href="http://php.net/file.php?foo=var&PHPSESSID=session-basic5#bar">test</a> 293<a href="http://php.net/some/path/file.php?PHPSESSID=session-basic5">test</a> 294<a href="http://php.net/some/path/file.php?foo&PHPSESSID=session-basic5">test</a> 295<a href="http://php.net/some/path/file.php?foo=var&PHPSESSID=session-basic5">test</a> 296<a href="http://php.net/some/path/file.php?foo=var&PHPSESSID=session-basic5#bar">test</a> 297 298<a href="https://php.net/?PHPSESSID=session-basic5">test</a> 299<a href="https://php.net/?PHPSESSID=session-basic5">test</a> 300<a href="https://php.net/?foo=var&PHPSESSID=session-basic5#bar">test</a> 301<a href="https://php.net/file.php?PHPSESSID=session-basic5">test</a> 302<a href="https://php.net/file.php?foo=var&PHPSESSID=session-basic5#bar">test</a> 303<a href="https://php.net/some/path/file.php?PHPSESSID=session-basic5">test</a> 304<a href="https://php.net/some/path/file.php?foo=var&PHPSESSID=session-basic5#bar">test</a> 305<a href="https://php.net:8443/?PHPSESSID=session-basic5">test</a> 306<a href="https://php.net:8443/?PHPSESSID=session-basic5">test</a> 307<a href="https://php.net:8443/?foo=var&PHPSESSID=session-basic5#bar">test</a> 308<a href="https://php.net:8443/file.php?PHPSESSID=session-basic5">test</a> 309<a href="https://php.net:8443/file.php?foo=var&PHPSESSID=session-basic5#bar">test</a> 310<a href="https://php.net:8443/some/path/file.php?PHPSESSID=session-basic5">test</a> 311<a href="https://php.net:8443/some/path/file.php?foo=var&PHPSESSID=session-basic5#bar">test</a> 312 313<a href="//php.net/?PHPSESSID=session-basic5">test</a> 314<a href="//php.net/?PHPSESSID=session-basic5">test</a> 315<a href="//php.net/?PHPSESSID=session-basic5#bar">test</a> 316<a href="//php.net/?foo&PHPSESSID=session-basic5">test</a> 317<a href="//php.net/?foo&PHPSESSID=session-basic5#bar">test</a> 318<a href="//php.net/?foo=var&PHPSESSID=session-basic5">test</a> 319<a href="//php.net/?foo=var&PHPSESSID=session-basic5#bar">test</a> 320<a href="//php.net/file.php?PHPSESSID=session-basic5">test</a> 321<a href="//php.net/file.php?PHPSESSID=session-basic5#bar">test</a> 322<a href="//php.net/file.php?foo&PHPSESSID=session-basic5">test</a> 323<a href="//php.net/file.php?foo&PHPSESSID=session-basic5#bar">test</a> 324<a href="//php.net/file.php?foo=var&PHPSESSID=session-basic5">test</a> 325<a href="//php.net/file.php?foo=var&PHPSESSID=session-basic5#bar">test</a> 326<a href="//php.net/some/path/file.php?PHPSESSID=session-basic5">test</a> 327<a href="//php.net/some/path/file.php?foo&PHPSESSID=session-basic5">test</a> 328<a href="//php.net/some/path/file.php?foo=var&PHPSESSID=session-basic5">test</a> 329<a href="//php.net/some/path/file.php?foo=var&PHPSESSID=session-basic5#bar">test</a> 330 331<form action="script.php" method="post"><input type="hidden" name="PHPSESSID" value="session-basic5" /> 332 <input type="text" name="test1"></input> 333 <input type="text" name="test2" /> 334</form> 335<form action="../script.php" method="post"><input type="hidden" name="PHPSESSID" value="session-basic5" />r 336 <input type="text" name="test1"></input> 337 <input type="text" name="test2" /> 338</form> 339<form action="/path/script.php" method="post"><input type="hidden" name="PHPSESSID" value="session-basic5" /> 340 <input type="text" name="test1"></input> 341 <input type="text" name="test2" /> 342</form> 343<form action="../path/script.php" method="post"><input type="hidden" name="PHPSESSID" value="session-basic5" /> 344 <input type="text" name="test1"></input> 345 <input type="text" name="test2" /> 346</form> 347<form method="post" action="http://php.net/script.php"><input type="hidden" name="PHPSESSID" value="session-basic5" /> 348 <input type="text" name="test1"></input> 349 <input type="text" name="test2" /> 350</form> 351<form method="post" action="https://php.net/script.php"><input type="hidden" name="PHPSESSID" value="session-basic5" /> 352 <input type="text" name="test1"></input> 353 <input type="text" name="test2" /> 354</form> 355<form method="post" action="//php.net/script.php"><input type="hidden" name="PHPSESSID" value="session-basic5" /> 356 <input type="text" name="test1"></input> 357 <input type="text" name="test2" /> 358</form> 359 360 361<a href="http://bad.com">test</a> 362<a href="http://bad.com/">test</a> 363<a href="http://bad.com/#bar">test</a> 364<a href="http://bad.com/?foo">test</a> 365<a href="http://bad.com/?foo#bar">test</a> 366<a href="http://bad.com/?foo=var">test</a> 367<a href="http://bad.com/?foo=var#bar">test</a> 368<a href="http://bad.com/file.php">test</a> 369<a href="http://bad.com/file.php#bar">test</a> 370<a href="http://bad.com/file.php?foo">test</a> 371<a href="http://bad.com/file.php?foo#bar">test</a> 372<a href="http://bad.com/file.php?foo=var">test</a> 373<a href="http://bad.com/file.php?foo=var#bar">test</a> 374<a href="http://bad.com/some/path/file.php">test</a> 375<a href="http://bad.com/some/path/file.php?foo">test</a> 376<a href="http://bad.com/some/path/file.php?foo=var">test</a> 377<a href="http://bad.com/some/path/file.php?foo=var#bar">test</a> 378 379<a href="https://bad.com">test</a> 380<a href="https://bad.com/">test</a> 381<a href="https://bad.com/?foo=var#bar">test</a> 382<a href="https://bad.com/file.php">test</a> 383<a href="https://bad.com/file.php?foo=var#bar">test</a> 384<a href="https://bad.com/some/path/file.php">test</a> 385<a href="https://bad.com/some/path/file.php?foo=var#bar">test</a> 386<a href="https://bad.com:8443">test</a> 387<a href="https://bad.com:8443/">test</a> 388<a href="https://bad.com:8443/?foo=var#bar">test</a> 389<a href="https://bad.com:8443/file.php">test</a> 390<a href="https://bad.com:8443/file.php?foo=var#bar">test</a> 391<a href="https://bad.com:8443/some/path/file.php">test</a> 392<a href="https://bad.com:8443/some/path/file.php?foo=var#bar">test</a> 393 394<a href="//bad.com">test</a> 395<a href="//bad.com/">test</a> 396<a href="//bad.com/#bar">test</a> 397<a href="//bad.com/?foo">test</a> 398<a href="//bad.com/?foo#bar">test</a> 399<a href="//bad.com/?foo=var">test</a> 400<a href="//bad.com/?foo=var#bar">test</a> 401<a href="//bad.com/file.php">test</a> 402<a href="//bad.com/file.php#bar">test</a> 403<a href="//bad.com/file.php?foo">test</a> 404<a href="//bad.com/file.php?foo#bar">test</a> 405<a href="//bad.com/file.php?foo=var">test</a> 406<a href="//bad.com/file.php?foo=var#bar">test</a> 407<a href="//bad.com/some/path/file.php">test</a> 408<a href="//bad.com/some/path/file.php?foo">test</a> 409<a href="//bad.com/some/path/file.php?foo=var">test</a> 410<a href="//bad.com/some/path/file.php?foo=var#bar">test</a> 411 412<form action="//bad.com/script.php" method="post"> 413 <input type="text" name="test1"></input> 414 <input type="text" name="test2" /> 415</form> 416<form action="https://bad.com/foo/../script.php" method="post"> 417 <input type="text" name="test1"></input> 418 <input type="text" name="test2" /> 419</form> 420<form action="https://bad.com//path/script.php" method="post"> 421 <input type="text" name="test1"></input> 422 <input type="text" name="test2" /> 423</form> 424<form action="https://bad.com/foo/bar../path/script.php" method="post"> 425 <input type="text" name="test1"></input> 426 <input type="text" name="test2" /> 427</form> 428<form method="post" action="http://bad.com/script.php"> 429 <input type="text" name="test1"></input> 430 <input type="text" name="test2" /> 431</form> 432<form method="post" action="https://bad.com/script.php"> 433 <input type="text" name="test1"></input> 434 <input type="text" name="test2" /> 435</form> 436<form method="post" action="//bad.com/script.php"> 437 <input type="text" name="test1"></input> 438 <input type="text" name="test2" /> 439</form> 440 441bool(true) 442*** Cleanup *** 443bool(true) 444string(14) "session-basic5" 445bool(true) 446
