From bc8abfe5b1c53d1fb9a83090da6af443ec0587e7 Mon Sep 17 00:00:00 2001 From: Alexandre Emsenhuber Date: Fri, 1 Apr 2011 09:50:09 +0000 Subject: [PATCH] Drop 5.1 compatibility calls to session_set_cookie_params() and setcookie() since we require 5.2.3+ now --- includes/GlobalFunctions.php | 11 +++-------- includes/WebResponse.php | 31 ++++++++++--------------------- 2 files changed, 13 insertions(+), 29 deletions(-) diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php index 6604435037..9cdce49b82 100644 --- a/includes/GlobalFunctions.php +++ b/includes/GlobalFunctions.php @@ -2787,7 +2787,7 @@ function wfSetupSession( $sessionId = false ) { # hasn't already been set to the desired value (that causes errors) ini_set( 'session.save_handler', $wgSessionHandler ); } - $httpOnlySafe = wfHttpOnlySafe(); + $httpOnlySafe = wfHttpOnlySafe() && $wgCookieHttpOnly; wfDebugLog( 'cookie', 'session_set_cookie_params: "' . implode( '", "', array( @@ -2795,13 +2795,8 @@ function wfSetupSession( $sessionId = false ) { $wgCookiePath, $wgCookieDomain, $wgCookieSecure, - $httpOnlySafe && $wgCookieHttpOnly ) ) . '"' ); - if( $httpOnlySafe && $wgCookieHttpOnly ) { - session_set_cookie_params( 0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgCookieHttpOnly ); - } else { - // PHP 5.1 throws warnings if you pass the HttpOnly parameter for 5.2. - session_set_cookie_params( 0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure ); - } + $httpOnlySafe ) ) . '"' ); + session_set_cookie_params( 0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $httpOnlySafe ); session_cache_limiter( 'private, must-revalidate' ); if ( $sessionId ) { session_id( $sessionId ); diff --git a/includes/WebResponse.php b/includes/WebResponse.php index 2b1ec04cb9..a0f7776618 100644 --- a/includes/WebResponse.php +++ b/includes/WebResponse.php @@ -33,7 +33,7 @@ class WebResponse { if ( $expire == 0 ) { $expire = time() + $wgCookieExpiration; } - $httpOnlySafe = wfHttpOnlySafe(); + $httpOnlySafe = wfHttpOnlySafe() && $wgCookieHttpOnly; wfDebugLog( 'cookie', 'setcookie: "' . implode( '", "', array( @@ -43,25 +43,14 @@ class WebResponse { $wgCookiePath, $wgCookieDomain, $wgCookieSecure, - $httpOnlySafe && $wgCookieHttpOnly ) ) . '"' ); - if( $httpOnlySafe && isset( $wgCookieHttpOnly ) ) { - setcookie( $wgCookiePrefix . $name, - $value, - $expire, - $wgCookiePath, - $wgCookieDomain, - $wgCookieSecure, - $wgCookieHttpOnly ); - } else { - // setcookie() fails on PHP 5.1 if you give it future-compat paramters. - // stab stab! - setcookie( $wgCookiePrefix . $name, - $value, - $expire, - $wgCookiePath, - $wgCookieDomain, - $wgCookieSecure ); - } + $httpOnlySafe ) ) . '"' ); + setcookie( $wgCookiePrefix . $name, + $value, + $expire, + $wgCookiePath, + $wgCookieDomain, + $wgCookieSecure, + $httpOnlySafe ); } } @@ -91,4 +80,4 @@ class FauxResponse extends WebResponse { return $this->cookies[$name]; } } -} \ No newline at end of file +} -- 2.20.1