php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #24963 url_rewriter.tags for JavaScript?
Submitted: 2003-08-06 04:55 UTC Modified: 2010-11-18 23:16 UTC
From: thochgreve at php-resource dot de Assigned:
Status: Wont fix Package: Session related
PHP Version: * OS: *
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
MUST BE VALID
Solve the problem:
38 - 25 = ?
Subscribe to this entry?

 
 [2003-08-06 04:55 UTC] thochgreve at php-resource dot de 
Description:
------------
I am searching for an easy way to enable transparent SIDs for JavaScript.
url_rewriter.tags seemed to be the thing at first glance; but apparently there?s no way yet to tell PHP what JS snippets define URLs.


This would be my approach for a solution;
please consider to add this functionality to PHP
and PLEASE let me know your decision.

-----

js_rewriter.funcname="addsid"
js_rewriter.properties="*.location,*.src,*.action"


First, insert '<script language="JavaScript" src="'. $PHP_SELF. '?='.php_sessionjs_guid(). '"></script>' into the HTML source.
The guid above should define a function addsid(url) (function name depending on js_rewriter.funcname) which assumes the parameter being a url and provide the same functionality as the trans_sid feature.

Of course this should only apply if classic trans_sid applies as well.


See the input below for example results.

Sending the string through addsid in any case should work around the trouble with dynamic values.


You might want to add type recognition to addsid, so that
old: myimage.src="dummy.php";
new: myimage.src = addsid('myimage', 'src', "dummy.php");
with addsid determining the type of myimage

but so far every src or location attribute holds in fact an URL and any change is improbable, so this would most likely be wasted time.

Reproduce code:
---------------
<script>
  myimage.src="dummy.php";

  pagename  = 'index';
  extension = (phpflag ? 'php':'html');
  top.frames[1].src = pagename + '.' + extension;
</script>
<a href="javascript:top.frames[1].src='index.html';">home</a>
<a href="javascript:;" onClick="top.frames[1].src='index.html';">home</a>
<button onClick="top.frames[1].src='index.html';">home</button>

<form action="submit.php">
  <input type="submit" value="submit">
  <button onClick="this.form.action='rollback.php';this.form.submit();">rollback</button>
</form>

Expected result:
----------------
<script language="JavaScript" src="thisscript.php?=PHP..."></script>

<script>
  myimage.src=addsid("dummy.php");

  pagename  = 'index';
  extension = (phpflag ? 'php':'html');
  top.frames[1].src = addsid(pagename + '.' + extension);
</script>
<a href="javascript:top.frames[1].src=addsid('index.html');">home</a>
<a href="javascript:;" onClick="top.frames[1].src=addsid('index.html');">home</a>
<button onClick="top.frames[1].src=addsid('index.html');">home</button>

<form action="submit.php">
  <input type="submit" value="submit">
  <button onClick="this.form.action=addsid('rollback.php');this.form.submit();">rollback</button>
</form>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-11-18 23:16 UTC] jani@php.net
-Status: Open +Status: Wont fix -Package: Feature/Change Request +Package: Session related -Operating System: any +Operating System: * -PHP Version: Irrelevant +PHP Version: *
 [2010-11-18 23:16 UTC] jani@php.net 
This is not something PHP should do since you can easily do this yourself by creating the Javascript on server side. Also, transparent SID is bad.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Wed Apr 24 08:01:29 2024 UTC