* Moved all of the debugging/logic to WebResponse so it can be properly used elsewhere.
* A bit of cleanup so cookies set by $wgUser->setCookie() use $wgCookiePath as they should.
* Bug 14887: $wgEnablePersistentCookies has been added to allow for disabling of persistent cookies.
$wgAddGroups and $wgRemoveGroups, where the user must belong to a specified
group in order to add or remove those groups from themselves.
Backwards compatibility is maintained.
+* $wgEnablePersistentCookies has been added. Setting to false disables the
+ setting of persistent cookies. Defaults to true.
=== New features in 1.14 ===
*/
$wgCookieHttpOnly = version_compare("5.2", PHP_VERSION, "<");
+/**
+ * Allow MediaWiki to set persistent cookies for login, etc.
+ */
+$wgEnablePersistentCookies = true;
+
/**
* If the requesting browser matches a regex in this blacklist, we won't
* send it cookies with HttpOnly mode, even if $wgCookieHttpOnly is on.
}
/**
- * Set a cookie on the user's client
- * @param $name \type{\string} Name of the cookie to set
- * @param $name \type{\string} Value to set
- * @param $name \type{\int} Expiration time, as a UNIX time value;
- * if 0 or not specified, use the default $wgCookieExpiration
+ * Set a cookie on the user's client. Wrapper for
+ * WebResponse::setCookie
*/
protected function setCookie( $name, $value, $exp=0 ) {
- global $wgCookiePrefix,$wgCookieDomain,$wgCookieSecure,$wgCookieExpiration, $wgCookieHttpOnly;
- if( $exp == 0 ) {
- $exp = time() + $wgCookieExpiration;
- }
- $httpOnlySafe = wfHttpOnlySafe();
- wfDebugLog( 'cookie',
- 'setcookie: "' . implode( '", "',
- array(
- $wgCookiePrefix . $name,
- $value,
- $exp,
- '/',
- $wgCookieDomain,
- $wgCookieSecure,
- $httpOnlySafe && $wgCookieHttpOnly ) ) . '"' );
- if( $httpOnlySafe && isset( $wgCookieHttpOnly ) ) {
- setcookie( $wgCookiePrefix . $name,
- $value,
- $exp,
- '/',
- $wgCookieDomain,
- $wgCookieSecure,
- $wgCookieHttpOnly );
- } else {
- // setcookie() fails on PHP 5.1 if you give it future-compat paramters.
- // stab stab!
- setcookie( $wgCookiePrefix . $name,
- $value,
- $exp,
- '/',
- $wgCookieDomain,
- $wgCookieSecure );
- }
+ global $wgRequest;
+ $wgRequest->response()->setcookie( $name, $value, $exp );
}
/**
}
/** Set the browser cookie */
- function setcookie($name, $value, $expire) {
- global $wgCookiePath, $wgCookieDomain, $wgCookieSecure;
- setcookie($name,$value,$expire, $wgCookiePath, $wgCookieDomain, $wgCookieSecure);
+ function setcookie( $name, $value, $expire = 0 ) {
+ global $wgEnablePersistentCookies;
+ if ( !$wgEnablePersistentCookies ) {
+ return false;
+ }
+ global $wgCookiePath, $wgCookiePrefix, $wgCookieDomain;
+ global $wgCookieSecure,$wgCookieExpiration, $wgCookieHttpOnly;
+ if( $expire == 0 ) {
+ $expire = time() + $wgCookieExpiration;
+ }
+ $httpOnlySafe = wfHttpOnlySafe();
+ wfDebugLog( 'cookie',
+ 'setcookie: "' . implode( '", "',
+ array(
+ $wgCookiePrefix . $name,
+ $value,
+ $expire,
+ $wgCookiePath,
+ $wgCookieDomain,
+ $wgCookieSecure,
+ $httpOnlySafe && $wgCookieHttpOnly ) ) . '"' );
+ if( $httpOnlySafe && isset( $wgCookieHttpOnly ) ) {
+ setcookie( $wgCookiePrefix . $name,
+ $value,
+ $expire,
+ $wgCookiePath,
+ $wgCookieDomain,
+ $wgCookieSecure,
+ $wgCookieHttpOnly );
+ } else {
+ // setcookie() fails on PHP 5.1 if you give it future-compat paramters.
+ // stab stab!
+ setcookie( $wgCookiePrefix . $name,
+ $value,
+ $expire,
+ $wgCookiePath,
+ $wgCookieDomain,
+ $wgCookieSecure );
+ }
}
}