Req #23827 [Opn->Wfx]: trans sid don't takes care about MIME type of generated content

Fri, 30 Mar 2012 21:38:36 -0700 

Edit report at https://bugs.php.net/bug.php?id=23827&edit=1

 ID:                 23827
 Updated by:         [email protected]
 Reported by:        flying at dom dot natm dot ru
 Summary:            trans sid don't takes care about MIME type of
                     generated content
-Status:             Open
+Status:             Wont fix
 Type:               Feature/Change Request
 Package:            Session related
 Operating System:   All
 PHP Version:        4.3.1
 Block user comment: N
 Private report:     N

 New Comment:

With output buffer, header() can may be called anywhere. 
Therefore, fixing this involves rewriting output buffers which is not feasible.

You should control it via session.use_trans_sid.


Previous Comments:
------------------------------------------------------------------------
[2003-05-27 11:43:08] [email protected]

Not really bug, but a feature request. 
Fast solution: Never use trans-sid, it's unsafe anyway.


------------------------------------------------------------------------
[2003-05-27 03:49:36] flying at dom dot natm dot ru

 When enable-trans-sid is ON in php.ini - PHP transforms all generated 
contents, regardless of its actual type, but it should only do it for HTML 
(XHTML, WML and so on) contents.
 For example take a look at this example:

<?php
header('Content-type: text/plain');
session_start();
echo '<html><body><a href="test.php">test</a></body></html>';
?>

 Generated content is HTML, but actual type of generated content is text/plain 
and hence it have nothing to do with sessions. But content transformation still 
occurs and resulted output is:

<html><body><a 
href="test.php?PHPSESSID=135a5afcbbf97014a56caf4bd8c4200b">test</a></body></html>

instead of expected:

<html><body><a href="test.php">test</a></body></html>

 Even more interesting things may appear when somebody will try to output som 
mixed code+text content when there will be something like HTML link.

 Suggested way to fix is to add a parameter to php.ini where will be listed 
MIME types of content, which should be transformed.

------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=23827&edit=1

Reply via email to