php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #24963 url_rewriter.tags for JavaScript?
Submitted: 2003-08-06 04:55 UTC Modified: 2010-11-18 23:16 UTC
From: thochgreve at php-resource dot de Assigned:
Status: Wont fix Package: Session related
PHP Version: * OS: *
Private report: No CVE-ID: None
View Developer Edit
 [2003-08-06 04:55 UTC] thochgreve at php-resource dot de 
Description:
------------
I am searching for an easy way to enable transparent SIDs for JavaScript.
url_rewriter.tags seemed to be the thing at first glance; but apparently there?s no way yet to tell PHP what JS snippets define URLs.


This would be my approach for a solution;
please consider to add this functionality to PHP
and PLEASE let me know your decision.

-----

js_rewriter.funcname="addsid"
js_rewriter.properties="*.location,*.src,*.action"


First, insert '<script language="JavaScript" src="'. $PHP_SELF. '?='.php_sessionjs_guid(). '"></script>' into the HTML source.
The guid above should define a function addsid(url) (function name depending on js_rewriter.funcname) which assumes the parameter being a url and provide the same functionality as the trans_sid feature.

Of course this should only apply if classic trans_sid applies as well.


See the input below for example results.

Sending the string through addsid in any case should work around the trouble with dynamic values.


You might want to add type recognition to addsid, so that
old: myimage.src="dummy.php";
new: myimage.src = addsid('myimage', 'src', "dummy.php");
with addsid determining the type of myimage

but so far every src or location attribute holds in fact an URL and any change is improbable, so this would most likely be wasted time.

Reproduce code:
---------------
<script>
  myimage.src="dummy.php";

  pagename  = 'index';
  extension = (phpflag ? 'php':'html');
  top.frames[1].src = pagename + '.' + extension;
</script>
<a href="javascript:top.frames[1].src='index.html';">home</a>
<a href="javascript:;" onClick="top.frames[1].src='index.html';">home</a>
<button onClick="top.frames[1].src='index.html';">home</button>

<form action="submit.php">
  <input type="submit" value="submit">
  <button onClick="this.form.action='rollback.php';this.form.submit();">rollback</button>
</form>

Expected result:
----------------
<script language="JavaScript" src="thisscript.php?=PHP..."></script>

<script>
  myimage.src=addsid("dummy.php");

  pagename  = 'index';
  extension = (phpflag ? 'php':'html');
  top.frames[1].src = addsid(pagename + '.' + extension);
</script>
<a href="javascript:top.frames[1].src=addsid('index.html');">home</a>
<a href="javascript:;" onClick="top.frames[1].src=addsid('index.html');">home</a>
<button onClick="top.frames[1].src=addsid('index.html');">home</button>

<form action="submit.php">
  <input type="submit" value="submit">
  <button onClick="this.form.action=addsid('rollback.php');this.form.submit();">rollback</button>
</form>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-11-18 23:16 UTC] jani@php.net
-Status: Open +Status: Wont fix -Package: Feature/Change Request +Package: Session related -Operating System: any +Operating System: * -PHP Version: Irrelevant +PHP Version: *
 [2010-11-18 23:16 UTC] jani@php.net 
This is not something PHP should do since you can easily do this yourself by creating the Javascript on server side. Also, transparent SID is bad.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sat Nov 01 05:00:01 2025 UTC