Deprecate disabling use_only_cookies (#13578)

2025-08-15 21:48:51 +02:00 · 2024-08-24 16:33:45 +02:00 · 2024-08-24 16:33:45 +02:00 · c5bce0d8a2
commit c5bce0d8a2
parent 9c267778d2
39 changed files with 233 additions and 25 deletions
--- a/ext/session/session.c
+++ b/ext/session/session.c
@ -846,6 +846,40 @@ static PHP_INI_MH(OnUpdateRfc1867Freq) /* {{{ */
 	return SUCCESS;
 } /* }}} */
 static PHP_INI_MH(OnUpdateUseOnlyCookies)
 {
 	SESSION_CHECK_ACTIVE_STATE;
 	SESSION_CHECK_OUTPUT_STATE;
 	bool *p = (bool *) ZEND_INI_GET_ADDR();
 	*p = zend_ini_parse_bool(new_value);
 	if (!*p) {
 		php_error_docref("session.configuration", E_DEPRECATED, "Disabling session.use_only_cookies INI setting is deprecated");
 	}
 	return SUCCESS;
 }
 static PHP_INI_MH(OnUpdateUseTransSid)
 {
 	SESSION_CHECK_ACTIVE_STATE;
 	SESSION_CHECK_OUTPUT_STATE;
 	bool *p = (bool *) ZEND_INI_GET_ADDR();
 	*p = zend_ini_parse_bool(new_value);
 	if (*p) {
 		php_error_docref("session.configuration", E_DEPRECATED, "Enabling session.use_trans_sid INI setting is deprecated");
 	}
 	return SUCCESS;
 }
 static PHP_INI_MH(OnUpdateRefererCheck)
 {
 	SESSION_CHECK_ACTIVE_STATE;
 	SESSION_CHECK_OUTPUT_STATE;
 	if (ZSTR_LEN(new_value) != 0) {
 		php_error_docref("session.configuration", E_DEPRECATED, "Usage of session.referer_check INI setting is deprecated");
 	}
 	return OnUpdateString(entry, new_value, mh_arg1, mh_arg2, mh_arg3, stage);
 }
 /* {{{ PHP_INI */
 PHP_INI_BEGIN()
 	STD_PHP_INI_ENTRY("session.save_path",          "",          PHP_INI_ALL, OnUpdateSaveDir,       save_path,          php_ps_globals,    ps_globals)
@ -863,12 +897,12 @@ PHP_INI_BEGIN()
 	STD_PHP_INI_BOOLEAN("session.cookie_httponly",  "0",         PHP_INI_ALL, OnUpdateSessionBool,   cookie_httponly,    php_ps_globals,    ps_globals)
 	STD_PHP_INI_ENTRY("session.cookie_samesite",    "",          PHP_INI_ALL, OnUpdateSessionString, cookie_samesite,    php_ps_globals,    ps_globals)
 	STD_PHP_INI_BOOLEAN("session.use_cookies",      "1",         PHP_INI_ALL, OnUpdateSessionBool,   use_cookies,        php_ps_globals,    ps_globals)
-	STD_PHP_INI_BOOLEAN("session.use_only_cookies", "1",         PHP_INI_ALL, OnUpdateSessionBool,   use_only_cookies,   php_ps_globals,    ps_globals)
+	STD_PHP_INI_BOOLEAN("session.use_only_cookies", "1",         PHP_INI_ALL, OnUpdateUseOnlyCookies,   use_only_cookies,   php_ps_globals,    ps_globals)
 	STD_PHP_INI_BOOLEAN("session.use_strict_mode",  "0",         PHP_INI_ALL, OnUpdateSessionBool,   use_strict_mode,    php_ps_globals,    ps_globals)
-	STD_PHP_INI_ENTRY("session.referer_check",      "",          PHP_INI_ALL, OnUpdateSessionString, extern_referer_chk, php_ps_globals,    ps_globals)
+	STD_PHP_INI_ENTRY("session.referer_check",      "",          PHP_INI_ALL, OnUpdateRefererCheck, extern_referer_chk, php_ps_globals,    ps_globals)
 	STD_PHP_INI_ENTRY("session.cache_limiter",      "nocache",   PHP_INI_ALL, OnUpdateSessionString, cache_limiter,      php_ps_globals,    ps_globals)
 	STD_PHP_INI_ENTRY("session.cache_expire",       "180",       PHP_INI_ALL, OnUpdateSessionLong,   cache_expire,       php_ps_globals,    ps_globals)
-	STD_PHP_INI_BOOLEAN("session.use_trans_sid",    "0",         PHP_INI_ALL, OnUpdateSessionBool,   use_trans_sid,      php_ps_globals,    ps_globals)
+	STD_PHP_INI_BOOLEAN("session.use_trans_sid",    "0",         PHP_INI_ALL, OnUpdateUseTransSid,   use_trans_sid,      php_ps_globals,    ps_globals)
 	PHP_INI_ENTRY("session.sid_length",             "32",        PHP_INI_ALL, OnUpdateSidLength)
 	PHP_INI_ENTRY("session.sid_bits_per_character", "4",         PHP_INI_ALL, OnUpdateSidBits)
 	STD_PHP_INI_BOOLEAN("session.lazy_write",       "1",         PHP_INI_ALL, OnUpdateSessionBool,    lazy_write,         php_ps_globals,    ps_globals)
@ -1516,7 +1550,7 @@ PHPAPI zend_result php_session_reset_id(void) /* {{{ */
 			zval_ptr_dtor_str(sid);
 			ZVAL_STR(sid, smart_str_extract(&var));
 		} else {
-			REGISTER_STRINGL_CONSTANT("SID", ZSTR_VAL(var.s), ZSTR_LEN(var.s), 0);
+			REGISTER_STRINGL_CONSTANT("SID", ZSTR_VAL(var.s), ZSTR_LEN(var.s),  CONST_DEPRECATED);
 			smart_str_free(&var);
 		}
 	} else {
@ -1524,7 +1558,7 @@ PHPAPI zend_result php_session_reset_id(void) /* {{{ */
 			zval_ptr_dtor_str(sid);
 			ZVAL_EMPTY_STRING(sid);
 		} else {
-			REGISTER_STRINGL_CONSTANT("SID", "", 0, 0);
+			REGISTER_STRINGL_CONSTANT("SID", "", 0, CONST_DEPRECATED);
 		}
 	}
--- a/ext/session/tests/015.phpt
+++ b/ext/session/tests/015.phpt
@ -20,10 +20,16 @@ error_reporting(E_ALL);
 session_id("test015");
 session_start();
 $sid = SID;
 ?>
-<a href="/link?<?php echo SID; ?>">
+<a href="/link?<?=$sid ?>">
 <?php
 session_destroy();
 ?>
--EXPECT--
+--EXPECTF--
 Deprecated: PHP Startup: Disabling session.use_only_cookies INI setting is deprecated in Unknown on line 0
 Deprecated: PHP Startup: Enabling session.use_trans_sid INI setting is deprecated in Unknown on line 0
 Deprecated: Constant SID is deprecated in %s on line 6
 <a href="/link?PHPSESSID=test015&PHPSESSID=test015">
--- a/ext/session/tests/018.phpt
+++ b/ext/session/tests/018.phpt
@ -26,4 +26,7 @@ session_start();
 session_destroy();
 ?>
 --EXPECT--
 Deprecated: PHP Startup: Disabling session.use_only_cookies INI setting is deprecated in Unknown on line 0
 Deprecated: PHP Startup: Enabling session.use_trans_sid INI setting is deprecated in Unknown on line 0
 <form accept-charset="ISO-8859-15, ISO-8859-1" action=url.php><input type="hidden" name="PHPSESSID" value="test018" />
--- a/ext/session/tests/020.phpt
+++ b/ext/session/tests/020.phpt
@ -27,4 +27,7 @@ session_start();
 session_destroy();
 ?>
 --EXPECT--
 Deprecated: PHP Startup: Disabling session.use_only_cookies INI setting is deprecated in Unknown on line 0
 Deprecated: PHP Startup: Enabling session.use_trans_sid INI setting is deprecated in Unknown on line 0
 <a href="link.php?a=b&amp;PHPSESSID=test020">
--- a/ext/session/tests/021.phpt
+++ b/ext/session/tests/021.phpt
@ -59,7 +59,12 @@ ini_set("url_rewriter.tags", "a=href,fieldset=,area=href,frame=src,input=src");
 session_destroy();
 ?>
--EXPECT--
+--EXPECTF--
 Deprecated: PHP Startup: Disabling session.use_only_cookies INI setting is deprecated in Unknown on line 0
 Deprecated: PHP Startup: Enabling session.use_trans_sid INI setting is deprecated in Unknown on line 0
 Deprecated: ini_set(): Usage of session.trans_sid_hosts INI setting is deprecated in %s on line 4
 <form action="//bad.net/do.php">
 <fieldset>
 <form action="//php.net/do.php"><input type="hidden" name="PHPSESSID" value="test021" />
--- a/ext/session/tests/bug36459.phpt
+++ b/ext/session/tests/bug36459.phpt
@ -30,6 +30,9 @@ session_start();
  </body>
 </html>
 --EXPECTF--
 Deprecated: PHP Startup: Disabling session.use_only_cookies INI setting is deprecated in Unknown on line 0
 Deprecated: PHP Startup: Enabling session.use_trans_sid INI setting is deprecated in Unknown on line 0
 <html>
  <head>
    <title>Bug #36459 Incorrect adding PHPSESSID to links, which contains \r\n</title>
--- a/ext/session/tests/bug41600.phpt
+++ b/ext/session/tests/bug41600.phpt
@ -27,4 +27,7 @@ session_start();
 session_destroy();
 ?>
 --EXPECT--
 Deprecated: PHP Startup: Disabling session.use_only_cookies INI setting is deprecated in Unknown on line 0
 Deprecated: PHP Startup: Enabling session.use_trans_sid INI setting is deprecated in Unknown on line 0
 <a href="link.php?a=b&amp;PHPSESSID=bug41600">
--- a/ext/session/tests/bug42596.phpt
+++ b/ext/session/tests/bug42596.phpt
@ -34,5 +34,6 @@ foreach (glob($sessdir. "*") as $sessfile) {
 rmdir($sessdir);
 ?>
 --EXPECT--
 Deprecated: PHP Startup: Enabling session.use_trans_sid INI setting is deprecated in Unknown on line 0
 hello world
 string(6) "100777"
--- a/ext/session/tests/bug50308.phpt
+++ b/ext/session/tests/bug50308.phpt
@ -25,6 +25,9 @@ session.use_only_cookies=0
 <a href=./>
 <a href="./">
 --EXPECTF--
 Deprecated: PHP Startup: Disabling session.use_only_cookies INI setting is deprecated in Unknown on line 0
 Deprecated: PHP Startup: Enabling session.use_trans_sid INI setting is deprecated in Unknown on line 0
 <a href="?PHPSESSID=%s"/>
 <a href="?PHPSESSID=%s" />
 <a href="foo?PHPSESSID=%s"/>
--- a/ext/session/tests/bug51338.phpt
+++ b/ext/session/tests/bug51338.phpt
@ -13,6 +13,7 @@ session_start();
 print_r(ob_list_handlers());
 ?>
 --EXPECT--
 Deprecated: PHP Startup: Enabling session.use_trans_sid INI setting is deprecated in Unknown on line 0
 Array
 (
 )
--- a/ext/session/tests/bug71683.phpt
+++ b/ext/session/tests/bug71683.phpt
@ -14,4 +14,5 @@ ob_start();
 echo "ok\n";
 ?>
 --EXPECT--
 Deprecated: PHP Startup: Disabling session.use_only_cookies INI setting is deprecated in Unknown on line 0
 ok
--- a/ext/session/tests/bug71974.phpt
+++ b/ext/session/tests/bug71974.phpt
@ -5,6 +5,7 @@ session
 --SKIPIF--
 <?php include('skipif.inc'); ?>
 --INI--
 display_startup_errors=0
 session.save_handler=files
 session.auto_start=0
 session.use_cookies=1
--- a/ext/session/tests/bug72940.phpt
+++ b/ext/session/tests/bug72940.phpt
@ -31,8 +31,15 @@ session_start();
 var_dump(session_id(), SID);
 session_destroy();
 ?>
--EXPECT--
+--EXPECTF--
 Deprecated: ini_set(): Disabling session.use_only_cookies INI setting is deprecated in %s on line 6
 Deprecated: Constant SID is deprecated in %s on line 8
 string(12) "bug72940test"
 string(0) ""
 Deprecated: ini_set(): Disabling session.use_only_cookies INI setting is deprecated in %s on line 13
 Deprecated: Constant SID is deprecated in %s on line 15
 string(11) "bug72940get"
 string(21) "PHPSESSID=bug72940get"
--- a/ext/session/tests/bug74892.phpt
+++ b/ext/session/tests/bug74892.phpt
@ -1,15 +1,17 @@
 --TEST--
 Bug #74892 Url Rewriting (trans_sid) not working on urls that start with #
 --INI--
 session.use_cookies=0
 session.use_only_cookies=0
 session.use_trans_sid=1
 --EXTENSIONS--
 session
 --SKIPIF--
 <?php include('skipif.inc'); ?>
 --FILE--
 <?php
-ini_set('session.use_cookies', '0');
+ob_start();
-ini_set('session.use_only_cookies',0);
+ini_set('session.trans_sid_hosts','php.net'); // This value cannot be set in the INI file
 ini_set('session.use_trans_sid',1);
 ini_set('session.trans_sid_hosts','php.net');
 session_id('sessionidhere');
 session_start();
@ -18,7 +20,12 @@ session_start();
 <p><a href="index.php#place">External link with anchor</a></p>
 <p><a href="http://php.net#foo">External link with anchor 2</a></p>
 <p><a href="#place">Internal link</a></p>
--EXPECT--
+--EXPECTF--
 Deprecated: PHP Startup: Disabling session.use_only_cookies INI setting is deprecated in Unknown on line 0
 Deprecated: PHP Startup: Enabling session.use_trans_sid INI setting is deprecated in Unknown on line 0
 Deprecated: ini_set(): Usage of session.trans_sid_hosts INI setting is deprecated in %s on line 3
 <p><a href="index.php?PHPSESSID=sessionidhere">Click This Anchor Tag!</a></p>
 <p><a href="index.php?PHPSESSID=sessionidhere#place">External link with anchor</a></p>
 <p><a href="http://php.net?PHPSESSID=sessionidhere#foo">External link with anchor 2</a></p>
--- a/ext/session/tests/deprecations.phpt
+++ b/ext/session/tests/deprecations.phpt
@ -0,0 +1,64 @@
 --TEST--
 Deprecated GET/POST sessions
 --EXTENSIONS--
 session
 --SKIPIF--
 <?php include 'skipif.inc'; ?>
 --INI--
 session.use_cookies=0
 session.use_only_cookies=1
 session.use_trans_sid=0
 --FILE--
 <?php
 ob_start();
 // Expecting deprecation here
 ini_set("session.use_only_cookies", "0");
 // Expecting no deprecation
 ini_set("session.use_only_cookies", "1");
 // Expecting deprecation here
 ini_set("session.use_trans_sid", "1");
 // Expecting no deprecation
 ini_set("session.use_trans_sid", "0");
 // Expecting deprecation here
 ini_set("session.trans_sid_tags", "a=href");
 // Expecting no deprecation (default value)
 ini_set("session.trans_sid_tags", "a=href,area=href,frame=src,form=");
 // Expecting deprecation here
 ini_set("session.trans_sid_hosts", "php.net");
 // Expecting no deprecation (default value)
 ini_set("session.trans_sid_hosts", "");
 // Expecting deprecation here
 ini_set("session.referer_check", "php.net");
 // Expecting no deprecation (default value)
 ini_set("session.referer_check", "");
 // Setting deprecated values directly in session_start()
 // Expecting deprecation here
 session_start([ 'use_cookies' => '0', 'use_only_cookies' => '0', 'use_trans_sid' => '1']);
 echo SID;
 ?>
 --EXPECTF--
 Deprecated: ini_set(): Disabling session.use_only_cookies INI setting is deprecated in %s on line 6
 Deprecated: ini_set(): Enabling session.use_trans_sid INI setting is deprecated in %s on line 11
 Deprecated: ini_set(): Usage of session.trans_sid_tags INI setting is deprecated in %s on line 16
 Deprecated: ini_set(): Usage of session.trans_sid_hosts INI setting is deprecated in %s on line 21
 Deprecated: ini_set(): Usage of session.referer_check INI setting is deprecated in %s on line 26
 Deprecated: session_start(): Disabling session.use_only_cookies INI setting is deprecated in %s on line 32
 Deprecated: session_start(): Enabling session.use_trans_sid INI setting is deprecated in %s on line 32
 Deprecated: Constant SID is deprecated in %s on line 34
 PHPSESSID=%s
--- a/ext/session/tests/gh13891.phpt
+++ b/ext/session/tests/gh13891.phpt
@ -14,4 +14,13 @@ session
 // We *must* set it here because the bug only triggers on a runtime edit
 ini_set('session.trans_sid_hosts','php.net');
 ?>
--EXPECT--
+--EXPECTF--
 Deprecated: PHP Startup: Disabling session.use_only_cookies INI setting is deprecated in Unknown on line 0
 Deprecated: PHP Startup: Enabling session.use_trans_sid INI setting is deprecated in Unknown on line 0
 Deprecated: PHP Startup: Usage of session.trans_sid_hosts INI setting is deprecated in Unknown on line 0
 Deprecated: ini_set(): Usage of session.trans_sid_hosts INI setting is deprecated in %s on line 3
 Deprecated: PHP Request Shutdown: Usage of session.trans_sid_hosts INI setting is deprecated in Unknown on line 0
--- a/ext/session/tests/rfc1867.phpt
+++ b/ext/session/tests/rfc1867.phpt
@ -1,6 +1,7 @@
 --TEST--
 session rfc1867
 --INI--
 display_startup_errors=0
 file_uploads=1
 upload_max_filesize=1024
 session.save_path=
--- a/ext/session/tests/rfc1867_cleanup.phpt
+++ b/ext/session/tests/rfc1867_cleanup.phpt
@ -1,6 +1,7 @@
 --TEST--
 session rfc1867
 --INI--
 display_startup_errors=0
 file_uploads=1
 upload_max_filesize=1024
 session.save_path=
--- a/ext/session/tests/rfc1867_disabled.phpt
+++ b/ext/session/tests/rfc1867_disabled.phpt
@ -1,6 +1,7 @@
 --TEST--
 session rfc1867 disabled
 --INI--
 display_startup_errors=0
 file_uploads=1
 upload_max_filesize=1024
 session.save_path=
--- a/ext/session/tests/rfc1867_disabled_2.phpt
+++ b/ext/session/tests/rfc1867_disabled_2.phpt
@ -1,6 +1,7 @@
 --TEST--
 session rfc1867 disabled 2
 --INI--
 display_startup_errors=0
 file_uploads=1
 upload_max_filesize=1024
 session.save_path=
--- a/ext/session/tests/rfc1867_inter.phpt
+++ b/ext/session/tests/rfc1867_inter.phpt
@ -1,6 +1,7 @@
 --TEST--
 session rfc1867
 --INI--
 display_startup_errors=0
 file_uploads=1
 upload_max_filesize=1024
 session.save_path=
--- a/ext/session/tests/rfc1867_no_name.phpt
+++ b/ext/session/tests/rfc1867_no_name.phpt
@ -1,6 +1,7 @@
 --TEST--
 session rfc1867 no name
 --INI--
 display_startup_errors=0
 file_uploads=1
 upload_max_filesize=1024
 session.save_path=
--- a/ext/session/tests/rfc1867_sid_cookie.phpt
+++ b/ext/session/tests/rfc1867_sid_cookie.phpt
@ -1,6 +1,7 @@
 --TEST--
 session rfc1867 sid cookie
 --INI--
 display_startup_errors=0
 file_uploads=1
 upload_max_filesize=1024
 session.save_path=
--- a/ext/session/tests/rfc1867_sid_get.phpt
+++ b/ext/session/tests/rfc1867_sid_get.phpt
@ -1,6 +1,7 @@
 --TEST--
 session rfc1867 sid get
 --INI--
 display_startup_errors=0
 file_uploads=1
 upload_max_filesize=1024
 session.save_path=
--- a/ext/session/tests/rfc1867_sid_get_2.phpt
+++ b/ext/session/tests/rfc1867_sid_get_2.phpt
@ -1,6 +1,7 @@
 --TEST--
 session rfc1867 sid get 2
 --INI--
 display_startup_errors=0
 file_uploads=1
 upload_max_filesize=1024
 session.save_path=
--- a/ext/session/tests/rfc1867_sid_invalid.phpt
+++ b/ext/session/tests/rfc1867_sid_invalid.phpt
@ -6,7 +6,6 @@ upload_max_filesize=1024
 session.save_path=
 session.name=PHPSESSID
 session.use_cookies=1
 session.use_only_cookies=0
 session.use_strict_mode=0
 session.auto_start=0
 session.upload_progress.enabled=1
--- a/ext/session/tests/rfc1867_sid_post.phpt
+++ b/ext/session/tests/rfc1867_sid_post.phpt
@ -1,6 +1,7 @@
 --TEST--
 session rfc1867 sid post
 --INI--
 display_startup_errors=0
 file_uploads=1
 upload_max_filesize=1024
 session.save_path=
--- a/ext/session/tests/session_basic3.phpt
+++ b/ext/session/tests/session_basic3.phpt
@ -222,6 +222,9 @@ var_dump(session_destroy());
 ob_end_flush();
 ?>
 --EXPECT--
 Deprecated: PHP Startup: Disabling session.use_only_cookies INI setting is deprecated in Unknown on line 0
 Deprecated: PHP Startup: Enabling session.use_trans_sid INI setting is deprecated in Unknown on line 0
 *** Testing basic session functionality : variation3 use_trans_sid ***
 *** Test trans sid ***
--- a/ext/session/tests/session_basic4.phpt
+++ b/ext/session/tests/session_basic4.phpt
@ -48,6 +48,9 @@ echo '
 ';
 ?>
 --EXPECT--
 Deprecated: PHP Startup: Disabling session.use_only_cookies INI setting is deprecated in Unknown on line 0
 Deprecated: PHP Startup: Enabling session.use_trans_sid INI setting is deprecated in Unknown on line 0
 *** Testing basic session functionality : variation4 use_trans_sid ***
 *** Test trans sid ***
--- a/ext/session/tests/session_basic5.phpt
+++ b/ext/session/tests/session_basic5.phpt
@ -234,7 +234,12 @@ var_dump(session_destroy());
 ob_end_flush();
 ?>
--EXPECT--
+--EXPECTF--
 Deprecated: PHP Startup: Disabling session.use_only_cookies INI setting is deprecated in Unknown on line 0
 Deprecated: PHP Startup: Enabling session.use_trans_sid INI setting is deprecated in Unknown on line 0
 Deprecated: ini_set(): Usage of session.trans_sid_hosts INI setting is deprecated in %s on line 5
 *** Testing basic session functionality : variation5 use_trans_sid ***
 *** Test trans sid ***
--- a/ext/standard/tests/general_functions/bug44394_2.phpt
+++ b/ext/standard/tests/general_functions/bug44394_2.phpt
@ -5,12 +5,12 @@ session
 --INI--
 session.name=PHPSESSID
 session.use_only_cookies=0
 session.use_trans_sid=1
 session.trans_sid_tags="a=href,area=href,frame=src,form="
 url_rewriter.tags="a=href,area=href,frame=src,form="
 --FILE--
 <?php
 ini_set('session.use_trans_sid', 1);
 session_save_path(__DIR__);
 session_start();
@ -34,4 +34,7 @@ foreach (glob(__DIR__ . '/sess_*') as $filename) {
 }
 ?>
 --EXPECTF--
 Deprecated: PHP Startup: Disabling session.use_only_cookies INI setting is deprecated in Unknown on line 0
 Deprecated: PHP Startup: Enabling session.use_trans_sid INI setting is deprecated in Unknown on line 0
 <a href='a?q=1&a=b&PHPSESSID=%s'>asd</a>
--- a/ext/standard/tests/general_functions/output_add_rewrite_var_basic1.phpt
+++ b/ext/standard/tests/general_functions/output_add_rewrite_var_basic1.phpt
@ -74,7 +74,10 @@ Test use_trans_sid=1
 <form action="http://php.net/bar.php" method="get"> </form>
 <form action="bad://php.net/bar.php" method="get"> </form>
 <form action="//www.php.net/bar.php" method="get"> </form>
--EXPECT--
+--EXPECTF--
 Deprecated: ini_set(): Usage of session.trans_sid_hosts INI setting is deprecated in %s on line 5
 Deprecated: ini_set(): Disabling session.use_only_cookies INI setting is deprecated in %s on line 6
 Without session
 <a href="?%3CNAME%3E=%3CVALUE%3E"> </a>
 <a href="./foo.php?%3CNAME%3E=%3CVALUE%3E"> </a>
@ -105,6 +108,8 @@ Test use_trans_sid=0
 <form action="bad://php.net/bar.php" method="get"> </form>
 <form action="//www.php.net/bar.php" method="get"><input type="hidden" name="&lt;NAME&gt;" value="&lt;VALUE&gt;" /> </form>
 Deprecated: ini_set(): Enabling session.use_trans_sid INI setting is deprecated in %s on line 50
 Test use_trans_sid=1
 <a href="?PHPSESSID=testid&%3CNAME%3E=%3CVALUE%3E"> </a>
 <a href="./foo.php?PHPSESSID=testid&%3CNAME%3E=%3CVALUE%3E"> </a>
--- a/ext/standard/tests/general_functions/output_add_rewrite_var_basic2.phpt
+++ b/ext/standard/tests/general_functions/output_add_rewrite_var_basic2.phpt
@ -74,7 +74,8 @@ Test use_trans_sid=1
 <form action="http://php.net/bar.php" method="get"> </a>
 <form action="bad://php.net/bar.php" method="get"> </a>
 <form action="//www.php.net/bar.php" method="get"> </a>
--EXPECT--
+--EXPECTF--
 Deprecated: ini_set(): Usage of session.trans_sid_hosts INI setting is deprecated in %s on line 5
 Without session
 <a href="?%3CNAME%3E=%3CVALUE%3E"> </a>
 <a href="./foo.php?%3CNAME%3E=%3CVALUE%3E"> </a>
@ -105,6 +106,8 @@ Test use_trans_sid=0
 <form action="bad://php.net/bar.php" method="get"> </a>
 <form action="//www.php.net/bar.php" method="get"><input type="hidden" name="&lt;NAME&gt;" value="&lt;VALUE&gt;" /> </a>
 Deprecated: ini_set(): Enabling session.use_trans_sid INI setting is deprecated in %s on line 50
 Test use_trans_sid=1
 <a href="?%3CNAME%3E=%3CVALUE%3E"> </a>
 <a href="./foo.php?%3CNAME%3E=%3CVALUE%3E"> </a>
--- a/ext/standard/tests/general_functions/output_add_rewrite_var_basic3.phpt
+++ b/ext/standard/tests/general_functions/output_add_rewrite_var_basic3.phpt
@ -73,7 +73,8 @@ Test use_trans_sid=1
 <form action="http://php.net/bar.php" method="get"> </a>
 <form action="bad://php.net/bar.php" method="get"> </a>
 <form action="//www.php.net/bar.php" method="get"> </a>
--EXPECT--
+--EXPECTF--
 Deprecated: ini_set(): Disabling session.use_only_cookies INI setting is deprecated in %s on line 5
 Without session
 <a href="?%3CNAME%3E=%3CVALUE%3E"> </a>
 <a href="./foo.php?%3CNAME%3E=%3CVALUE%3E"> </a>
@ -104,6 +105,8 @@ Test use_trans_sid=0
 <form action="bad://php.net/bar.php" method="get"> </a>
 <form action="//www.php.net/bar.php" method="get"> </a>
 Deprecated: ini_set(): Enabling session.use_trans_sid INI setting is deprecated in %s on line 49
 Test use_trans_sid=1
 <a href="?PHPSESSID=testid&%3CNAME%3E=%3CVALUE%3E"> </a>
 <a href="./foo.php?PHPSESSID=testid&%3CNAME%3E=%3CVALUE%3E"> </a>
--- a/ext/standard/tests/general_functions/output_add_rewrite_var_basic4.phpt
+++ b/ext/standard/tests/general_functions/output_add_rewrite_var_basic4.phpt
@ -73,7 +73,7 @@ Test use_trans_sid=1
 <form action="http://php.net/bar.php" method="get"> </a>
 <form action="bad://php.net/bar.php" method="get"> </a>
 <form action="//www.php.net/bar.php" method="get"> </a>
--EXPECT--
+--EXPECTF--
 Without session
 <a href="?%3CNAME%3E=%3CVALUE%3E"> </a>
 <a href="./foo.php?%3CNAME%3E=%3CVALUE%3E"> </a>
@ -104,6 +104,8 @@ Test use_trans_sid=0
 <form action="bad://php.net/bar.php" method="get"> </a>
 <form action="//www.php.net/bar.php" method="get"> </a>
 Deprecated: ini_set(): Enabling session.use_trans_sid INI setting is deprecated in %s on line 49
 Test use_trans_sid=1
 <a href="?%3CNAME%3E=%3CVALUE%3E"> </a>
 <a href="./foo.php?%3CNAME%3E=%3CVALUE%3E"> </a>
--- a/ext/standard/tests/general_functions/url_rewriting_basic1.phpt
+++ b/ext/standard/tests/general_functions/url_rewriting_basic1.phpt
@ -76,7 +76,8 @@ session_start();
 echo "\nURL-Rewriting with transparent session id support without output_add_rewrite_var()\n";
 echo $testTags;
--EXPECT--
+--EXPECTF--
 Deprecated: ini_set(): Usage of session.trans_sid_hosts INI setting is deprecated in %s on line 44
 URL-Rewriting with output_add_rewrite_var() without transparent session id support
 <a href="?%3Cname%3E=%3Cvalue%3E"></a>
@ -115,6 +116,10 @@ URL-Rewriting with output_add_rewrite_var() without transparent session id suppo
 <form action="bad://url-rewriter.com/bar.php" method="get"></form>
 <form action="//www.url-rewriter.com/bar.php" method="get"></form>
 Deprecated: ini_set(): Disabling session.use_only_cookies INI setting is deprecated in %s on line 60
 Deprecated: ini_set(): Enabling session.use_trans_sid INI setting is deprecated in %s on line 63
 URL-Rewriting with transparent session id support without output_add_rewrite_var()
 <a href="?PHPSESSID=testid"></a>
--- a/ext/standard/tests/general_functions/url_rewriting_basic2.phpt
+++ b/ext/standard/tests/general_functions/url_rewriting_basic2.phpt
@ -87,7 +87,8 @@ output_add_rewrite_var('<name2>', '<value2>');
 echo "\nURL-Rewriting with output_add_rewrite_var() without transparent session id support\n";
 echo $testTags;
--EXPECT--
+--EXPECTF--
 Deprecated: ini_set(): Usage of session.trans_sid_hosts INI setting is deprecated in %s on line 44
 URL-Rewriting with output_add_rewrite_var() without transparent session id support
 <a href="?%3Cname%3E=%3Cvalue%3E"></a>
@ -126,6 +127,10 @@ URL-Rewriting with output_add_rewrite_var() without transparent session id suppo
 <form action="bad://url-rewriter.com/bar.php" method="get"></form>
 <form action="//www.url-rewriter.com/bar.php" method="get"></form>
 Deprecated: ini_set(): Disabling session.use_only_cookies INI setting is deprecated in %s on line 61
 Deprecated: ini_set(): Enabling session.use_trans_sid INI setting is deprecated in %s on line 64
 URL-Rewriting with transparent session id support without output_add_rewrite_var()
 <a href="?PHPSESSID=testid&%3CNAME%3E=%3CVALUE%3E&%3Cname2%3E=%3Cvalue2%3E"></a>
--- a/ext/standard/tests/general_functions/url_rewriting_basic3.phpt
+++ b/ext/standard/tests/general_functions/url_rewriting_basic3.phpt
@ -80,7 +80,12 @@ output_add_rewrite_var('<name2>', '<value2>');
 echo "\nURL-Rewriting with transparent session id support without output_add_rewrite_var()\n";
 echo $testTags;
--EXPECT--
+--EXPECTF--
 Deprecated: ini_set(): Usage of session.trans_sid_hosts INI setting is deprecated in %s on line 44
 Deprecated: ini_set(): Disabling session.use_only_cookies INI setting is deprecated in %s on line 47
 Deprecated: ini_set(): Enabling session.use_trans_sid INI setting is deprecated in %s on line 50
 URL-Rewriting with transparent session id support without output_add_rewrite_var()
 <a href="?PHPSESSID=testid"></a>
--- a/ext/standard/url_scanner_ex.re
+++ b/ext/standard/url_scanner_ex.re
@ -102,6 +102,9 @@ static zend_result php_ini_on_update_tags(zend_ini_entry *entry, zend_string *ne
 static PHP_INI_MH(OnUpdateSessionTags)
 {
 	if (!zend_string_starts_with_literal(new_value, "a=href,area=href,frame=src,form=")) {
 		php_error_docref("session.configuration", E_DEPRECATED, "Usage of session.trans_sid_tags INI setting is deprecated");
 	}
 	return php_ini_on_update_tags(entry, new_value, mh_arg1, mh_arg2, mh_arg3, stage, /* is_session */ true);
 }
@ -152,6 +155,9 @@ static zend_result php_ini_on_update_hosts(zend_ini_entry *entry, zend_string *n
 static PHP_INI_MH(OnUpdateSessionHosts)
 {
 	if (ZSTR_LEN(new_value) != 0) {
 		php_error_docref("session.configuration", E_DEPRECATED, "Usage of session.trans_sid_hosts INI setting is deprecated");
 	}
 	return php_ini_on_update_hosts(entry, new_value, mh_arg1, mh_arg2, mh_arg3, stage, /* is_session */ true);
 }