php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #42869 URL rewrite mechanism - data sent to foreign sites
Submitted: 2007-10-05 16:11 UTC Modified: 2007-10-10 00:36 UTC
From: mpub at meiners-online dot de Assigned: iliaa
Status: Closed Package: Output Control
PHP Version: 5.2.4 OS: Linux
Private report: No CVE-ID:
 [2007-10-05 16:11 UTC] mpub at meiners-online dot de
Description:
------------
When I use output_add_rewrite_var($key, $value), it also adds a hidden field containing $key and $value to forms which have an absolute URL as action-attribute of the form-tag.

The transparent session-ID support (using the directive session.use_trans_sid) is also affected.

I also reported this problem as 42804 in the session-section and was a bit shocked about the answer that I simply shouldn't use the feature and the classification "bogus". This section is maybe better anyway.



The configure-line of my provider:

../configure --program-suffix=5 --with-pear=/usr/local/lib/php5 --with-config-file-path=/usr/local/lib/php5 --with-libxml-dir=/usr/local/php5 --with-mysqli=/usr/local/mysql/bin/mysql_config --enable-soap --with-xsl=/usr/local/php5 --enable-mbstring=all --with-curl=/usr/local/php5 --with-mcrypt=/usr/local/php5 --with-gd --with-pdo-mysql=/usr/local/mysql --with-freetype-dir --with-libxml-dir=/usr/local/php5 --with-mysql=/usr/local/mysql --with-zlib --enable-debug=no --enable-safe-mode=no --enable-discard-path=no --with-png-dir=/usr/lib --enable-track-vars --with-db --with-gdbm --enable-force-cgi-redirect --with-ttf=/usr/ --enable-ftp --enable-dbase --enable-memory-limit --enable-calendar --enable-wddx --with-jpeg-dir=/usr/src/kundenserver/jpeg-6b --enable-bcmath --enable-gd-imgstrttf --enable-shmop --enable-mhash --with-mhash=/usr/src/kundenserver/mhash-0.8.9/ --with-openssl --enable-xslt --with-xslt-sablot --with-dom --with-dom-xslt --with-dom-exslt --with-imap --with-iconv=/usr/local --with-bz2 --with-gettext --enable-exif --with-idn --with-sqlite --enable-sqlite-utf8

Reproduce code:
---------------
output_add_rewrite_var('sessionID','12345');

?>
Type in your city to get to know how you can find us:
<form action="http://www.carRoutes.com/search.php">
<input type="text" name="city" />
<input type="submit" />
</form>
<?php

Expected result:
----------------
I expect to get the form unchanged as output because the manual says "Please note that absolute URLs (http://example.com/..) aren't rewritten."

Actual result:
--------------
The output is:

Type in your city to get to know how you can find us:
<form action="http://www.carRoutes.com/search.php"><input type="hidden" name="sessionID" value="12345" />
<input type="text" name="city" />
<input type="submit" />
</form>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-10-10 00:36 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Mon Apr 21 12:02:07 2014 UTC