ID: 23827
Updated by: [EMAIL PROTECTED]
Reported By: flying at dom dot natm dot ru
Status: Open
-Bug Type: Session related
+Bug Type: Feature/Change Request
Operating System: All
PHP Version: 4.3.1
New Comment:
Not really bug, but a feature request.
Fast solution: Never use trans-sid, it's unsafe anyway.
Previous Comments:
------------------------------------------------------------------------
[2003-05-27 03:49:36] flying at dom dot natm dot ru
When enable-trans-sid is ON in php.ini - PHP transforms all generated
contents, regardless of its actual type, but it should only do it for
HTML (XHTML, WML and so on) contents.
For example take a look at this example:
<?php
header('Content-type: text/plain');
session_start();
echo '<html><body><a href="test.php">test</a></body></html>';
?>
Generated content is HTML, but actual type of generated content is
text/plain and hence it have nothing to do with sessions. But content
transformation still occurs and resulted output is:
<html><body><a
href="test.php?PHPSESSID=135a5afcbbf97014a56caf4bd8c4200b">test</a></body></html>
instead of expected:
<html><body><a href="test.php">test</a></body></html>
Even more interesting things may appear when somebody will try to
output som mixed code+text content when there will be something like
HTML link.
Suggested way to fix is to add a parameter to php.ini where will be
listed MIME types of content, which should be transformed.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=23827&edit=1
