Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
--TEST-- Test output_add_rewrite_var() function basic feature --EXTENSIONS-- session --INI..
Decoded Output download
--TEST--
Test output_add_rewrite_var() function basic feature
--EXTENSIONS--
session
--INI--
session.trans_sid_tags="a=href,area=href,frame=src,form="
url_rewriter.tags="a=href,area=href,frame=src,form="
--FILE--
<?php
ob_start();
// Common setting
ini_set('url_rewriter.hosts', 'php.net,www.php.net');
ini_set('session.trans_sid_hosts', 'php.net,www.php.net');
ini_set('session.use_only_cookies', 1);
ini_set('session.use_cookies', 1);
ini_set('session.use_strict_mode', 0);
session_id('testid');
output_add_rewrite_var('<name>', '<value>');
?>
Without session
<a href=""> </a>
<a href="./foo.php"> </a>
<a href="//php.net/foo.php"> </a>
<a href="http://php.net/foo.php"> </a>
<a href="bad://php.net/foo.php"> </a>
<a href="//www.php.net/foo.php"> </a>
<form method="get"> </form>
<form action="./foo.php" method="get"> </a>
<form action="//php.net/bar.php" method="get"> </a>
<form action="http://php.net/bar.php" method="get"> </a>
<form action="bad://php.net/bar.php" method="get"> </a>
<form action="//www.php.net/bar.php" method="get"> </a>
<?php
ini_set('session.use_trans_sid', 0);
session_start();
output_add_rewrite_var('<name>', '<value>');
?>
Test use_trans_sid=0
<a href=""> </a>
<a href="./foo.php"> </a>
<a href="//php.net/foo.php"> </a>
<a href="http://php.net/foo.php"> </a>
<a href="bad://php.net/foo.php"> </a>
<a href="//www.php.net/foo.php"> </a>
<form method="get"> </form>
<form action="./foo.php" method="get"> </a>
<form action="//php.net/bar.php" method="get"> </a>
<form action="http://php.net/bar.php" method="get"> </a>
<form action="bad://php.net/bar.php" method="get"> </a>
<form action="//www.php.net/bar.php" method="get"> </a>
<?php
session_commit();
ini_set('session.use_trans_sid', 1);
output_reset_rewrite_vars();
session_start();
output_add_rewrite_var('<NAME>', '<VALUE>');
?>
Test use_trans_sid=1
<a href=""> </a>
<a href="./foo.php"> </a>
<a href="//php.net/foo.php"> </a>
<a href="http://php.net/foo.php"> </a>
<a href="bad://php.net/foo.php"> </a>
<a href="//www.php.net/foo.php"> </a>
<form method="get"> </form>
<form action="./foo.php" method="get"> </a>
<form action="//php.net/bar.php" method="get"> </a>
<form action="http://php.net/bar.php" method="get"> </a>
<form action="bad://php.net/bar.php" method="get"> </a>
<form action="//www.php.net/bar.php" method="get"> </a>
--EXPECT--
Without session
<a href="?%3CNAME%3E=%3CVALUE%3E"> </a>
<a href="./foo.php?%3CNAME%3E=%3CVALUE%3E"> </a>
<a href="//php.net/foo.php?%3CNAME%3E=%3CVALUE%3E"> </a>
<a href="http://php.net/foo.php?%3CNAME%3E=%3CVALUE%3E"> </a>
<a href="bad://php.net/foo.php"> </a>
<a href="//www.php.net/foo.php?%3CNAME%3E=%3CVALUE%3E"> </a>
<form method="get"><input type="hidden" name="<NAME>" value="<VALUE>" /> </form>
<form action="./foo.php" method="get"><input type="hidden" name="<NAME>" value="<VALUE>" /> </a>
<form action="//php.net/bar.php" method="get"><input type="hidden" name="<NAME>" value="<VALUE>" /> </a>
<form action="http://php.net/bar.php" method="get"><input type="hidden" name="<NAME>" value="<VALUE>" /> </a>
<form action="bad://php.net/bar.php" method="get"> </a>
<form action="//www.php.net/bar.php" method="get"><input type="hidden" name="<NAME>" value="<VALUE>" /> </a>
Test use_trans_sid=0
<a href="?%3CNAME%3E=%3CVALUE%3E"> </a>
<a href="./foo.php?%3CNAME%3E=%3CVALUE%3E"> </a>
<a href="//php.net/foo.php?%3CNAME%3E=%3CVALUE%3E"> </a>
<a href="http://php.net/foo.php?%3CNAME%3E=%3CVALUE%3E"> </a>
<a href="bad://php.net/foo.php"> </a>
<a href="//www.php.net/foo.php?%3CNAME%3E=%3CVALUE%3E"> </a>
<form method="get"><input type="hidden" name="<NAME>" value="<VALUE>" /> </form>
<form action="./foo.php" method="get"><input type="hidden" name="<NAME>" value="<VALUE>" /> </a>
<form action="//php.net/bar.php" method="get"><input type="hidden" name="<NAME>" value="<VALUE>" /> </a>
<form action="http://php.net/bar.php" method="get"><input type="hidden" name="<NAME>" value="<VALUE>" /> </a>
<form action="bad://php.net/bar.php" method="get"> </a>
<form action="//www.php.net/bar.php" method="get"><input type="hidden" name="<NAME>" value="<VALUE>" /> </a>
Test use_trans_sid=1
<a href="?%3CNAME%3E=%3CVALUE%3E"> </a>
<a href="./foo.php?%3CNAME%3E=%3CVALUE%3E"> </a>
<a href="//php.net/foo.php?%3CNAME%3E=%3CVALUE%3E"> </a>
<a href="http://php.net/foo.php?%3CNAME%3E=%3CVALUE%3E"> </a>
<a href="bad://php.net/foo.php"> </a>
<a href="//www.php.net/foo.php?%3CNAME%3E=%3CVALUE%3E"> </a>
<form method="get"><input type="hidden" name="<NAME>" value="<VALUE>" /> </form>
<form action="./foo.php" method="get"><input type="hidden" name="<NAME>" value="<VALUE>" /> </a>
<form action="//php.net/bar.php" method="get"><input type="hidden" name="<NAME>" value="<VALUE>" /> </a>
<form action="http://php.net/bar.php" method="get"><input type="hidden" name="<NAME>" value="<VALUE>" /> </a>
<form action="bad://php.net/bar.php" method="get"> </a>
<form action="//www.php.net/bar.php" method="get"><input type="hidden" name="<NAME>" value="<VALUE>" /> </a>
Did this file decode correctly?
Original Code
--TEST--
Test output_add_rewrite_var() function basic feature
--EXTENSIONS--
session
--INI--
session.trans_sid_tags="a=href,area=href,frame=src,form="
url_rewriter.tags="a=href,area=href,frame=src,form="
--FILE--
<?php
ob_start();
// Common setting
ini_set('url_rewriter.hosts', 'php.net,www.php.net');
ini_set('session.trans_sid_hosts', 'php.net,www.php.net');
ini_set('session.use_only_cookies', 1);
ini_set('session.use_cookies', 1);
ini_set('session.use_strict_mode', 0);
session_id('testid');
output_add_rewrite_var('<name>', '<value>');
?>
Without session
<a href=""> </a>
<a href="./foo.php"> </a>
<a href="//php.net/foo.php"> </a>
<a href="http://php.net/foo.php"> </a>
<a href="bad://php.net/foo.php"> </a>
<a href="//www.php.net/foo.php"> </a>
<form method="get"> </form>
<form action="./foo.php" method="get"> </a>
<form action="//php.net/bar.php" method="get"> </a>
<form action="http://php.net/bar.php" method="get"> </a>
<form action="bad://php.net/bar.php" method="get"> </a>
<form action="//www.php.net/bar.php" method="get"> </a>
<?php
ini_set('session.use_trans_sid', 0);
session_start();
output_add_rewrite_var('<name>', '<value>');
?>
Test use_trans_sid=0
<a href=""> </a>
<a href="./foo.php"> </a>
<a href="//php.net/foo.php"> </a>
<a href="http://php.net/foo.php"> </a>
<a href="bad://php.net/foo.php"> </a>
<a href="//www.php.net/foo.php"> </a>
<form method="get"> </form>
<form action="./foo.php" method="get"> </a>
<form action="//php.net/bar.php" method="get"> </a>
<form action="http://php.net/bar.php" method="get"> </a>
<form action="bad://php.net/bar.php" method="get"> </a>
<form action="//www.php.net/bar.php" method="get"> </a>
<?php
session_commit();
ini_set('session.use_trans_sid', 1);
output_reset_rewrite_vars();
session_start();
output_add_rewrite_var('<NAME>', '<VALUE>');
?>
Test use_trans_sid=1
<a href=""> </a>
<a href="./foo.php"> </a>
<a href="//php.net/foo.php"> </a>
<a href="http://php.net/foo.php"> </a>
<a href="bad://php.net/foo.php"> </a>
<a href="//www.php.net/foo.php"> </a>
<form method="get"> </form>
<form action="./foo.php" method="get"> </a>
<form action="//php.net/bar.php" method="get"> </a>
<form action="http://php.net/bar.php" method="get"> </a>
<form action="bad://php.net/bar.php" method="get"> </a>
<form action="//www.php.net/bar.php" method="get"> </a>
--EXPECT--
Without session
<a href="?%3CNAME%3E=%3CVALUE%3E"> </a>
<a href="./foo.php?%3CNAME%3E=%3CVALUE%3E"> </a>
<a href="//php.net/foo.php?%3CNAME%3E=%3CVALUE%3E"> </a>
<a href="http://php.net/foo.php?%3CNAME%3E=%3CVALUE%3E"> </a>
<a href="bad://php.net/foo.php"> </a>
<a href="//www.php.net/foo.php?%3CNAME%3E=%3CVALUE%3E"> </a>
<form method="get"><input type="hidden" name="<NAME>" value="<VALUE>" /> </form>
<form action="./foo.php" method="get"><input type="hidden" name="<NAME>" value="<VALUE>" /> </a>
<form action="//php.net/bar.php" method="get"><input type="hidden" name="<NAME>" value="<VALUE>" /> </a>
<form action="http://php.net/bar.php" method="get"><input type="hidden" name="<NAME>" value="<VALUE>" /> </a>
<form action="bad://php.net/bar.php" method="get"> </a>
<form action="//www.php.net/bar.php" method="get"><input type="hidden" name="<NAME>" value="<VALUE>" /> </a>
Test use_trans_sid=0
<a href="?%3CNAME%3E=%3CVALUE%3E"> </a>
<a href="./foo.php?%3CNAME%3E=%3CVALUE%3E"> </a>
<a href="//php.net/foo.php?%3CNAME%3E=%3CVALUE%3E"> </a>
<a href="http://php.net/foo.php?%3CNAME%3E=%3CVALUE%3E"> </a>
<a href="bad://php.net/foo.php"> </a>
<a href="//www.php.net/foo.php?%3CNAME%3E=%3CVALUE%3E"> </a>
<form method="get"><input type="hidden" name="<NAME>" value="<VALUE>" /> </form>
<form action="./foo.php" method="get"><input type="hidden" name="<NAME>" value="<VALUE>" /> </a>
<form action="//php.net/bar.php" method="get"><input type="hidden" name="<NAME>" value="<VALUE>" /> </a>
<form action="http://php.net/bar.php" method="get"><input type="hidden" name="<NAME>" value="<VALUE>" /> </a>
<form action="bad://php.net/bar.php" method="get"> </a>
<form action="//www.php.net/bar.php" method="get"><input type="hidden" name="<NAME>" value="<VALUE>" /> </a>
Test use_trans_sid=1
<a href="?%3CNAME%3E=%3CVALUE%3E"> </a>
<a href="./foo.php?%3CNAME%3E=%3CVALUE%3E"> </a>
<a href="//php.net/foo.php?%3CNAME%3E=%3CVALUE%3E"> </a>
<a href="http://php.net/foo.php?%3CNAME%3E=%3CVALUE%3E"> </a>
<a href="bad://php.net/foo.php"> </a>
<a href="//www.php.net/foo.php?%3CNAME%3E=%3CVALUE%3E"> </a>
<form method="get"><input type="hidden" name="<NAME>" value="<VALUE>" /> </form>
<form action="./foo.php" method="get"><input type="hidden" name="<NAME>" value="<VALUE>" /> </a>
<form action="//php.net/bar.php" method="get"><input type="hidden" name="<NAME>" value="<VALUE>" /> </a>
<form action="http://php.net/bar.php" method="get"><input type="hidden" name="<NAME>" value="<VALUE>" /> </a>
<form action="bad://php.net/bar.php" method="get"> </a>
<form action="//www.php.net/bar.php" method="get"><input type="hidden" name="<NAME>" value="<VALUE>" /> </a>
Function Calls
ini_set | 5 |
ob_start | 1 |
session_id | 1 |
Stats
MD5 | 0816eceaff458b795d4b3574f0e42b98 |
Eval Count | 0 |
Decode Time | 79 ms |