"show hidden categories" option on
* (bug 13915) Undefined variable $wltsfield in includes/SpecialWatchlist.php
* (bug 13913) Special:Whatlinkshere now has correct HTML markup
+* (bug 13905) Blacklist Mac IE from HttpOnly cookies; it eats them sometimes
=== API changes in 1.13 ===
*/
$wgCookieHttpOnly = version_compare("5.2", PHP_VERSION, "<");
+/**
+ * If the requesting browser matches a regex in this blacklist, we won't
+ * send it cookies with HttpOnly mode, even if $wgCookieHttpOnly is on.
+ */
+$wgHttpOnlyBlacklist = array(
+ // Internet Explorer for Mac; sometimes the cookies work, sometimes
+ // they don't. It's difficult to predict, as combinations of path
+ // and expiration options affect its parsing.
+ '/^Mozilla\/4\.0 \(compatible; MSIE \d+\.\d+; Mac_PowerPC\)/',
+);
+
/** A list of cookies that vary the cache (for use by extensions) */
$wgCacheVaryCookies = array();
return Http::isLocalURL( $url );
}
+function wfHttpOnlySafe() {
+ global $wgHttpOnlyBlacklist;
+ if( !version_compare("5.2", PHP_VERSION, "<") )
+ return false;
+
+ if( isset( $_SERVER['HTTP_USER_AGENT'] ) ) {
+ foreach( $wgHttpOnlyBlacklist as $regex ) {
+ if( preg_match( $regex, $_SERVER['HTTP_USER_AGENT'] ) ) {
+ return false;
+ }
+ }
+ }
+
+ return true;
+}
+
/**
* Initialise php session
*/
# application, it will end up failing. Try to recover.
ini_set ( 'session.save_handler', 'files' );
}
- $httpOnlySafe = version_compare("5.2", PHP_VERSION, "<");
+ $httpOnlySafe = wfHttpOnlySafe();
+ wfDebugLog( 'cookie',
+ 'session_set_cookie_params: "' . implode( '", "',
+ array(
+ 0,
+ $wgCookiePath,
+ $wgCookieDomain,
+ $wgCookieSecure,
+ $httpOnlySafe && $wgCookieHttpOnly ) ) . '"' );
if( $httpOnlySafe && $wgCookieHttpOnly ) {
session_set_cookie_params( 0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgCookieHttpOnly );
} else {
if( $exp == 0 ) {
$exp = time() + $wgCookieExpiration;
}
- $httpOnlySafe = version_compare("5.2", PHP_VERSION, "<");
-
+ $httpOnlySafe = wfHttpOnlySafe();
+ wfDebugLog( 'cookie',
+ 'setcookie: "' . implode( '", "',
+ array(
+ $wgCookiePrefix . $name,
+ $value,
+ $exp,
+ '/',
+ $wgCookieDomain,
+ $wgCookieSecure,
+ $httpOnlySafe && $wgCookieHttpOnly ) ) . '"' );
if( $httpOnlySafe && isset( $wgCookieHttpOnly ) ) {
setcookie( $wgCookiePrefix . $name,
$value,