1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
--TEST--
rewriter handles form and fieldset tags correctly
--SKIPIF--
<?php include('skipif.inc'); ?>
--INI--
session.use_cookies=0
session.use_only_cookies=0
session.use_strict_mode=0
session.cache_limiter=
session.use_trans_sid=1
url_rewriter.tags="a=href,area=href,frame=src,input=src,form=,fieldset="
session.name=PHPSESSID
session.serialize_handler=php
session.save_handler=files
--FILE--
<?php
error_reporting(E_ALL);
ini_set('session.trans_sid_hosts', 'php.net');
$_SERVER['HTTP_HOST'] = 'php.net';
session_id("abtest");
session_start();
?>
<form action="//bad.net/do.php">
<fieldset>
<form action="//php.net/do.php">
<fieldset>
<?php
ob_flush();
ini_set("url_rewriter.tags", "a=href,area=href,frame=src,input=src,form=");
?>
<form action="../do.php">
<fieldset>
<?php
ob_flush();
ini_set("url_rewriter.tags", "a=href,area=href,frame=src,input=src,form=fakeentry");
?>
<form action="/do.php">
<fieldset>
<?php
ob_flush();
ini_set("url_rewriter.tags", "a=href,fieldset=,area=href,frame=src,input=src");
?>
<form action="/foo/do.php">
<fieldset>
<?php
session_destroy();
?>
--EXPECT--
<form action="//bad.net/do.php">
<fieldset>
<form action="//php.net/do.php"><input type="hidden" name="PHPSESSID" value="abtest" />
<fieldset>
<form action="../do.php"><input type="hidden" name="PHPSESSID" value="abtest" />
<fieldset>
<form action="/do.php"><input type="hidden" name="PHPSESSID" value="abtest" />
<fieldset>
<form action="/foo/do.php"><input type="hidden" name="PHPSESSID" value="abtest" />
<fieldset>
|
