|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #24963 url_rewriter.tags for JavaScript?
Submitted: 2003-08-06 04:55 UTC Modified: 2010-11-18 23:16 UTC
From: thochgreve at php-resource dot de Assigned:
Status: Wont fix Package: Session related
PHP Version: * OS: *
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2003-08-06 04:55 UTC] thochgreve at php-resource dot de
I am searching for an easy way to enable transparent SIDs for JavaScript.
url_rewriter.tags seemed to be the thing at first glance; but apparently there?s no way yet to tell PHP what JS snippets define URLs.

This would be my approach for a solution;
please consider to add this functionality to PHP
and PLEASE let me know your decision.



First, insert '<script language="JavaScript" src="'. $PHP_SELF. '?='.php_sessionjs_guid(). '"></script>' into the HTML source.
The guid above should define a function addsid(url) (function name depending on js_rewriter.funcname) which assumes the parameter being a url and provide the same functionality as the trans_sid feature.

Of course this should only apply if classic trans_sid applies as well.

See the input below for example results.

Sending the string through addsid in any case should work around the trouble with dynamic values.

You might want to add type recognition to addsid, so that
old: myimage.src="dummy.php";
new: myimage.src = addsid('myimage', 'src', "dummy.php");
with addsid determining the type of myimage

but so far every src or location attribute holds in fact an URL and any change is improbable, so this would most likely be wasted time.

Reproduce code:

  pagename  = 'index';
  extension = (phpflag ? 'php':'html');
  top.frames[1].src = pagename + '.' + extension;
<a href="javascript:top.frames[1].src='index.html';">home</a>
<a href="javascript:;" onClick="top.frames[1].src='index.html';">home</a>
<button onClick="top.frames[1].src='index.html';">home</button>

<form action="submit.php">
  <input type="submit" value="submit">
  <button onClick="this.form.action='rollback.php';this.form.submit();">rollback</button>

Expected result:
<script language="JavaScript" src="thisscript.php?=PHP..."></script>


  pagename  = 'index';
  extension = (phpflag ? 'php':'html');
  top.frames[1].src = addsid(pagename + '.' + extension);
<a href="javascript:top.frames[1].src=addsid('index.html');">home</a>
<a href="javascript:;" onClick="top.frames[1].src=addsid('index.html');">home</a>
<button onClick="top.frames[1].src=addsid('index.html');">home</button>

<form action="submit.php">
  <input type="submit" value="submit">
  <button onClick="this.form.action=addsid('rollback.php');this.form.submit();">rollback</button>


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2010-11-18 23:16 UTC]
-Status: Open +Status: Wont fix -Package: Feature/Change Request +Package: Session related -Operating System: any +Operating System: * -PHP Version: Irrelevant +PHP Version: *
 [2010-11-18 23:16 UTC]
This is not something PHP should do since you can easily do this yourself by creating the Javascript on server side. Also, transparent SID is bad.
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sat Dec 05 06:01:23 2020 UTC