php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #24963 url_rewriter.tags for JavaScript?
Submitted: 2003-08-06 04:55 UTC Modified: 2010-11-18 23:16 UTC
From: thochgreve at php-resource dot de Assigned:
Status: Wont fix Package: Session related
PHP Version: * OS: *
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: thochgreve at php-resource dot de
New email:
PHP Version: OS:

 

 [2003-08-06 04:55 UTC] thochgreve at php-resource dot de
Description:
------------
I am searching for an easy way to enable transparent SIDs for JavaScript.
url_rewriter.tags seemed to be the thing at first glance; but apparently there?s no way yet to tell PHP what JS snippets define URLs.


This would be my approach for a solution;
please consider to add this functionality to PHP
and PLEASE let me know your decision.

-----

js_rewriter.funcname="addsid"
js_rewriter.properties="*.location,*.src,*.action"


First, insert '<script language="JavaScript" src="'. $PHP_SELF. '?='.php_sessionjs_guid(). '"></script>' into the HTML source.
The guid above should define a function addsid(url) (function name depending on js_rewriter.funcname) which assumes the parameter being a url and provide the same functionality as the trans_sid feature.

Of course this should only apply if classic trans_sid applies as well.


See the input below for example results.

Sending the string through addsid in any case should work around the trouble with dynamic values.


You might want to add type recognition to addsid, so that
old: myimage.src="dummy.php";
new: myimage.src = addsid('myimage', 'src', "dummy.php");
with addsid determining the type of myimage

but so far every src or location attribute holds in fact an URL and any change is improbable, so this would most likely be wasted time.

Reproduce code:
---------------
<script>
  myimage.src="dummy.php";

  pagename  = 'index';
  extension = (phpflag ? 'php':'html');
  top.frames[1].src = pagename + '.' + extension;
</script>
<a href="javascript:top.frames[1].src='index.html';">home</a>
<a href="javascript:;" onClick="top.frames[1].src='index.html';">home</a>
<button onClick="top.frames[1].src='index.html';">home</button>

<form action="submit.php">
  <input type="submit" value="submit">
  <button onClick="this.form.action='rollback.php';this.form.submit();">rollback</button>
</form>

Expected result:
----------------
<script language="JavaScript" src="thisscript.php?=PHP..."></script>

<script>
  myimage.src=addsid("dummy.php");

  pagename  = 'index';
  extension = (phpflag ? 'php':'html');
  top.frames[1].src = addsid(pagename + '.' + extension);
</script>
<a href="javascript:top.frames[1].src=addsid('index.html');">home</a>
<a href="javascript:;" onClick="top.frames[1].src=addsid('index.html');">home</a>
<button onClick="top.frames[1].src=addsid('index.html');">home</button>

<form action="submit.php">
  <input type="submit" value="submit">
  <button onClick="this.form.action=addsid('rollback.php');this.form.submit();">rollback</button>
</form>


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-11-18 23:16 UTC] jani@php.net
-Status: Open +Status: Wont fix -Package: Feature/Change Request +Package: Session related -Operating System: any +Operating System: * -PHP Version: Irrelevant +PHP Version: *
 [2010-11-18 23:16 UTC] jani@php.net
This is not something PHP should do since you can easily do this yourself by creating the Javascript on server side. Also, transparent SID is bad.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Oct 31 22:01:27 2024 UTC