ID: 21632 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Open +Status: Bogus Bug Type: Session related Operating System: Slackware8.1/kernel2.4.19grsecur PHP Version: 4.2.3 New Comment:
Thank you for taking the time to report a problem with PHP. Unfortunately you are not using a current version of PHP -- the problem might already be fixed. Please download a new PHP version from http://www.php.net/downloads.php If you are able to reproduce the bug with one of the latest versions of PHP, please change the PHP version on this bug report to the version you tested and change the status back to "Open". Again, thank you for your continued support of PHP. Previous Comments: ------------------------------------------------------------------------ [2003-01-14 07:47:29] [EMAIL PROTECTED] I've read the HOW TO REPORT A BUG and except this is the old 4.2.3 version, I don't think the description of the bug was not so precise. So, if you need a sample of code : Under the htdocs of Apache, there is a PHP page with this : ========================================================== // INCLUDE A FILE WITH A $path var handling a // directory not in the apache web-root // (/usr/local/apache/scripts-php) for security reasons include_once("ini.php"); // Include a PHP page with functions not in the apache web //root include_once("$path/fonctions_mysql.php"); ... ... echo "<a href="toto.php">"; // PERFECTLY TRANS-SID modified ... // DISPLAY A NAVIG TEXT WITH LINKS NOT MODIFIED BY TRANS-SID getNavigationBar($cle_temp, $cle_dossier, 0, $maxLocalisation); ... ========================================================== And in the fonctions_mysql.php under /usr/local/apache/scripts-php (not the apache web root so) : function getNavigationBar($key, $cleDossier, $currentLocalisation, $maxLocalisation){ $navigation[0] = "coordonnées|http://minisites.nordnet.fr/generateur_mini_site/coordonnees.php?cle_temp=$key";; $navigation[1] = "choix du site|http://minisites.nordnet.fr/generateur_mini_site/type_site.php?cle_temp=$key&localisation=site";; $navigation[2] = "pages du site|http://minisites.nordnet.fr/generateur_mini_site/type_site.php?cle_temp=$key&localisation=info_site";; if($maxLocalisation != null){ echo "you are here: "; for($i=0; $i<count($navigation); $i++){ if(!$activee[$i]){ continue; } $nomEtape = strtok($navigation[$i],"|"); $url = strtok("|"); // GET THE URL BY STRTOKIN' THE | // DISPLAY THE LINK BUT IT IS NOT MODIFIED BY TRANS-SID TO INCLUDE THE SESSION ID echo ">> <a href=\"$url\">$nomEtape</a> "; } } } } ?> ------------------------------------------------------------------------ [2003-01-14 05:35:52] [EMAIL PROTECTED] Not enough information was provided for us to be able to handle this bug. Please re-read the instructions at http://bugs.php.net/how-to-report.php If you can provide more information, feel free to add it to this bug and change the status back to "Open". Thank you for your interest in PHP. ------------------------------------------------------------------------ [2003-01-14 05:28:24] [EMAIL PROTECTED] Hi, I've noticed a fact. I don't know if it's a bug or a normal stuff. The website is in /usr/local/apache/htdocs and there the links in the php pages are automatically modified by --enable-trans-sid. But, in this pages, I call a function in a php file not present under the htdocs repository but in /usr/local/apache/scripts-php for security reasons (mysql password...) and there is a function that take a session value to display a navigation bar writing links. Those links are not post-processed by trans-sid. Is this a bug or a normal stuff ? ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=21632&edit=1
