Using flyspray with commented out "output_reset_rewrite_vars()" in fix.inc.php.

[j ikeda]

I tried install flyspray 1.0 RC1 with PHP 5.6.99-hhvm (HHVM Version 3.14.5), I got this error and I didn't run setup.

`\nFatal error: f_output_reset_rewrite_vars is not supported: bad coding style in /home/user/flyspray/includes/fix.inc.php on line 178`

So I commented out `output_reset_rewrite_vars()` in fix.inc.php. 

Then I succeeded the installation.

I'm using it for a while, it looks to be working without troubles.

Is this a bad usage? Let me know if there anyone who knows it.

[peterdd]

Mmh, PHP docu says  http://php.net/manual/en/function.output-reset-rewrite-vars.php :

This function resets the URL rewriter and removes all rewrite variables previously set by the output_add_rewrite_var() function.

But there is no output_add_rewrite_var() call in current Flyspray source code or required 3rd party libs. Maybe we just can get rid of that line of code in fix.inc.php.

http://php.net/manual/en/session.configuration.php#ini.session.trans-sid :

session.use_trans_sid whether transparent sid support is enabled or not. Defaults to 0 (disabled).

Is set to 0 by default and disabled at some parts of Flyspray too to:

grep -rn use_trans_sid *
htaccess.dist:26:php_flag session.use_trans_sid 0
htaccess.dist:40:php_flag session.use_trans_sid 0
includes/fix.inc.php:26:        ini_set('session.use_trans_sid', 0);
setup/index.php:43:ini_set('session.use_trans_sid', 0);

output_reset_rewrite_vars() was probably a second/third line of defense to prevent adding the sessionid automatically to link/htmltags on output.
The sessionid should by only transmitted by cookie (with httonly and ideally secure flag(https))

[j ikeda]

Oh, I see !

Thank you for the advice.