php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #21632 Links not always modified by trans-sid
Submitted: 2003-01-14 05:28 UTC Modified: 2003-01-14 19:14 UTC
From: florent at chantret dot com Assigned:
Status: Not a bug Package: Session related
PHP Version: 4.2.3 OS: Slackware8.1/kernel2.4.19grsecur
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2003-01-14 05:28 UTC] florent at chantret dot com 
Hi,

I've noticed a fact. I don't know if it's a bug or a normal stuff.

The website is in /usr/local/apache/htdocs and there the links in the php pages are automatically modified by --enable-trans-sid.

But, in this pages, I call a function in a php file not present under the htdocs repository but in /usr/local/apache/scripts-php for security reasons (mysql password...) and there is a function that take a session value to display a navigation bar writing links. Those links are not post-processed by trans-sid.

Is this a bug or a normal stuff ?

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-01-14 05:35 UTC] cynic@php.net 
Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at
http://bugs.php.net/how-to-report.php

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".

Thank you for your interest in PHP.
 [2003-01-14 07:47 UTC] florent at chantret dot com 
I've read the HOW TO REPORT A BUG and except this is the old 4.2.3 version, I don't think the description of the bug was not so precise.

So, if you need a sample of code :

Under the htdocs of Apache, there is a PHP page with this :

==========================================================

// INCLUDE A FILE WITH A $path var handling a
// directory not in the apache web-root
// (/usr/local/apache/scripts-php) for security reasons

include_once("ini.php");

// Include a PHP page with functions not in the apache web
//root

include_once("$path/fonctions_mysql.php");

...
...
echo "<a href="toto.php">"; // PERFECTLY TRANS-SID modified
...

// DISPLAY A NAVIG TEXT WITH LINKS NOT MODIFIED BY TRANS-SID
getNavigationBar($cle_temp, $cle_dossier, 0, $maxLocalisation); 
...

==========================================================


And in the fonctions_mysql.php under /usr/local/apache/scripts-php (not the apache web root so) :

function getNavigationBar($key, $cleDossier, $currentLocalisation, $maxLocalisation){

	$navigation[0] = "coordonn?es|http://minisites.nordnet.fr/generateur_mini_site/coordonnees.php?cle_temp=$key";
	$navigation[1] = "choix du site|http://minisites.nordnet.fr/generateur_mini_site/type_site.php?cle_temp=$key&localisation=site";
	$navigation[2] = "pages du site|http://minisites.nordnet.fr/generateur_mini_site/type_site.php?cle_temp=$key&localisation=info_site";
	
	if($maxLocalisation != null){
		echo "you are here: ";
		
		for($i=0; $i<count($navigation); $i++){
			if(!$activee[$i]){
				continue;
			}
			
			$nomEtape = strtok($navigation[$i],"|");
			$url = strtok("|"); // GET THE URL BY STRTOKIN' THE |
			
			// DISPLAY THE LINK BUT IT IS NOT MODIFIED BY TRANS-SID TO INCLUDE THE SESSION ID
			echo ">> <a href=\"$url\">$nomEtape</a> ";
			}
		}
	}		
}
?>
 [2003-01-14 19:14 UTC] sniper@php.net 
Thank you for taking the time to report a problem with PHP.
Unfortunately you are not using a current version of PHP -- 
the problem might already be fixed. Please download a new
PHP version from http://www.php.net/downloads.php

If you are able to reproduce the bug with one of the latest
versions of PHP, please change the PHP version on this bug report
to the version you tested and change the status back to "Open".
Again, thank you for your continued support of PHP.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Wed May 15 17:01:33 2024 UTC