From: Brad Jorsch Date: Sun, 8 Jul 2018 19:25:18 +0000 (-0400) Subject: WebReponse: Use values altered in 'WebResponseSetCookie' hook X-Git-Tag: 1.34.0-rc.0~4795^2 X-Git-Url: http://git.cyclocoop.org/%7B%24www_url%7Dadmin/membres/User:Test/%27http:/jquery.khurshid.com/ifixpng.php/%22%20.%20chemin_image%28%24icone%29%20.%20%22?a=commitdiff_plain;h=8885b548ad5f36a45c9119f7f03bc3d43a29a5a3;p=lhc%2Fweb%2Fwiklou.git WebReponse: Use values altered in 'WebResponseSetCookie' hook The 'WebResponseSetCookie' hook is allowed to alter the data for the cookie being set. We need to actually use those altered values, rather than setting $cookie and $data earlier in the function. Bug: T198525 Change-Id: Ia817e3dc5ce17fdcf5057ee5fcb6980baa1333d6 --- diff --git a/includes/WebResponse.php b/includes/WebResponse.php index 0e5999ddfb..3a4faf0faa 100644 --- a/includes/WebResponse.php +++ b/includes/WebResponse.php @@ -151,21 +151,19 @@ class WebResponse { $expire = time() + $wgCookieExpiration; } - $cookie = $options['prefix'] . $name; - $data = [ - 'name' => (string)$cookie, - 'value' => (string)$value, - 'expire' => (int)$expire, - 'path' => (string)$options['path'], - 'domain' => (string)$options['domain'], - 'secure' => (bool)$options['secure'], - 'httpOnly' => (bool)$options['httpOnly'], - ]; - if ( self::$disableForPostSend ) { + $cookie = $options['prefix'] . $name; wfDebugLog( 'cookie', 'ignored post-send cookie {cookie}', 'all', [ 'cookie' => $cookie, - 'data' => $data, + 'data' => [ + 'name' => (string)$cookie, + 'value' => (string)$value, + 'expire' => (int)$expire, + 'path' => (string)$options['path'], + 'domain' => (string)$options['domain'], + 'secure' => (bool)$options['secure'], + 'httpOnly' => (bool)$options['httpOnly'], + ], 'exception' => new RuntimeException( 'Ignored post-send cookie' ), ] ); return; @@ -174,6 +172,19 @@ class WebResponse { $func = $options['raw'] ? 'setrawcookie' : 'setcookie'; if ( Hooks::run( 'WebResponseSetCookie', [ &$name, &$value, &$expire, &$options ] ) ) { + // Note: Don't try to move this earlier to reuse it for self::$disableForPostSend, + // we need to use the altered values from the hook here. (T198525) + $cookie = $options['prefix'] . $name; + $data = [ + 'name' => (string)$cookie, + 'value' => (string)$value, + 'expire' => (int)$expire, + 'path' => (string)$options['path'], + 'domain' => (string)$options['domain'], + 'secure' => (bool)$options['secure'], + 'httpOnly' => (bool)$options['httpOnly'], + ]; + // Per RFC 6265, key is name + domain + path $key = "{$data['name']}\n{$data['domain']}\n{$data['path']}";