From: Brion Vibber <brion@users.mediawiki.org>
Date: Mon, 26 Dec 2005 10:29:22 +0000 (+0000)
Subject: * Remove unused OutputPage::addCookie()
X-Git-Tag: 1.6.0~881
X-Git-Url: http://git.cyclocoop.org/clavettes/images/siteon3.jpg?a=commitdiff_plain;h=0f3e2091d10c28d9d143b3591085c5a9e46435ca;p=lhc%2Fweb%2Fwiklou.git

* Remove unused OutputPage::addCookie()
* Set cookies to secure mode based on use of HTTPS or $wgCookieSecure
Note; this currently doesn't override the session cookie params. Set separately
---

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index ef14dde0d8..bf782b8eb9 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -360,6 +360,8 @@ fully support the editing toolbar, but was found to be too confusing.
   1.6 dev behavior.
 * Add 'GetInternalURL' hook to match the GetFullURL and GetLocalURL ones
 * (bug 4389) Fix math options on zh-hk and zh-tw (but not localized)
+* Remove unused OutputPage::addCookie()
+* Set cookies to secure mode based on use of HTTPS or $wgCookieSecure
 
 
 === Caveats ===
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 6e79fbcb02..ae32c7b419 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -66,7 +66,6 @@ if(    isset( $_SERVER['SERVER_PORT'] )
 
 	$wgServer .= ":" . $_SERVER['SERVER_PORT'];
 }
-unset($wgProto);
 
 
 /**
@@ -1005,6 +1004,7 @@ $wgHTCPMulticastTTL = 1;
  */
 $wgCookieDomain = '';
 $wgCookiePath = '/';
+$wgCookieSecure = ($wgProto == 'https');
 $wgDisableCookieCheck = false;
 
 /**  Whether to allow inline image pointing to other websites */
diff --git a/includes/OutputPage.php b/includes/OutputPage.php
index 23cdd84fbc..f75c90e952 100644
--- a/includes/OutputPage.php
+++ b/includes/OutputPage.php
@@ -17,7 +17,7 @@ if($wgUseTeX) require_once( 'Math.php' );
  * @package MediaWiki
  */
 class OutputPage {
-	var $mHeaders, $mCookies, $mMetatags, $mKeywords;
+	var $mHeaders, $mMetatags, $mKeywords;
 	var $mLinktags, $mPagetitle, $mBodytext, $mDebugtext;
 	var $mHTMLtitle, $mRobotpolicy, $mIsarticle, $mPrintable;
 	var $mSubtitle, $mRedirect, $mStatusCode;
@@ -39,7 +39,7 @@ class OutputPage {
 	 * Initialise private variables
 	 */
 	function OutputPage() {
-		$this->mHeaders = $this->mCookies = $this->mMetatags =
+		$this->mHeaders = $this->mMetatags =
 		$this->mKeywords = $this->mLinktags = array();
 		$this->mHTMLtitle = $this->mPagetitle = $this->mBodytext =
 		$this->mRedirect = $this->mLastModified =
@@ -59,7 +59,6 @@ class OutputPage {
 	}
 
 	function addHeader( $name, $val ) { array_push( $this->mHeaders, $name.': '.$val ) ; }
-	function addCookie( $name, $val ) { array_push( $this->mCookies, array( $name, $val ) ); }
 	function redirect( $url, $responsecode = '302' ) { $this->mRedirect = $url; $this->mRedirectCode = $responsecode; }
 	function setStatusCode( $statusCode ) { $this->mStatusCode = $statusCode; }
 	
@@ -422,7 +421,7 @@ class OutputPage {
 	 * the object, let's actually output it:
 	 */
 	function output() {
-		global $wgUser, $wgCookieExpiration, $wgOutputEncoding;
+		global $wgUser, $wgOutputEncoding;
 		global $wgContLanguageCode, $wgDebugRedirects, $wgMimeType, $wgProfiler;
 
 		if( $this->mDoNothing ){
@@ -523,11 +522,6 @@ class OutputPage {
 		header( "Content-type: $wgMimeType; charset={$wgOutputEncoding}" );
 		header( 'Content-language: '.$wgContLanguageCode );
 
-		$exp = time() + $wgCookieExpiration;
-		foreach( $this->mCookies as $name => $val ) {
-			setcookie( $name, $val, $exp, '/' );
-		}
-
 		if ($this->mArticleBodyOnly) {
 			$this->out($this->mBodytext);
 		} else {
diff --git a/includes/SpecialUserlogin.php b/includes/SpecialUserlogin.php
index eedbdeeb08..ec8d4578ed 100644
--- a/includes/SpecialUserlogin.php
+++ b/includes/SpecialUserlogin.php
@@ -381,7 +381,7 @@ class LoginForm {
 	 * @access private
 	 */
 	function mailPasswordInternal( $u ) {
-		global $wgDBname, $wgCookiePath, $wgCookieDomain;
+		global $wgDBname, $wgCookiePath, $wgCookieDomain, $wgCookieSecure;
 
 		if ( '' == $u->getEmail() ) {
 			return wfMsg( 'noemail', $u->getName() );
@@ -390,7 +390,7 @@ class LoginForm {
 		$np = $u->randomPassword();
 		$u->setNewpassword( $np );
 
-		setcookie( "{$wgDBname}Token", '', time() - 3600, $wgCookiePath, $wgCookieDomain );
+		setcookie( "{$wgDBname}Token", '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
 
 		$u->saveSettings();
 
diff --git a/includes/SpecialUserlogout.php b/includes/SpecialUserlogout.php
index 58da6838a5..7f057a94eb 100644
--- a/includes/SpecialUserlogout.php
+++ b/includes/SpecialUserlogout.php
@@ -17,7 +17,6 @@ function wfSpecialUserlogout() {
 
 		wfRunHooks('UserLogoutComplete', array(&$wgUser));
 		
-		$wgOut->mCookies = array();
 		$wgOut->setRobotpolicy( 'noindex,nofollow' );
 		$wgOut->addHTML( wfMsg( 'logouttext' ) );
 		$wgOut->returnToMain();
diff --git a/includes/User.php b/includes/User.php
index c09d0bb053..1245eed173 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -1302,20 +1302,20 @@ class User {
 	}
 
 	function setCookies() {
-		global $wgCookieExpiration, $wgCookiePath, $wgCookieDomain, $wgDBname;
+		global $wgCookieExpiration, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgDBname;
 		if ( 0 == $this->mId ) return;
 		$this->loadFromDatabase();
 		$exp = time() + $wgCookieExpiration;
 
 		$_SESSION['wsUserID'] = $this->mId;
-		setcookie( $wgDBname.'UserID', $this->mId, $exp, $wgCookiePath, $wgCookieDomain );
+		setcookie( $wgDBname.'UserID', $this->mId, $exp, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
 
 		$_SESSION['wsUserName'] = $this->getName();
-		setcookie( $wgDBname.'UserName', $this->getName(), $exp, $wgCookiePath, $wgCookieDomain );
+		setcookie( $wgDBname.'UserName', $this->getName(), $exp, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
 
 		$_SESSION['wsToken'] = $this->mToken;
 		if ( 1 == $this->getOption( 'rememberpassword' ) ) {
-			setcookie( $wgDBname.'Token', $this->mToken, $exp, $wgCookiePath, $wgCookieDomain );
+			setcookie( $wgDBname.'Token', $this->mToken, $exp, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
 		} else {
 			setcookie( $wgDBname.'Token', '', time() - 3600 );
 		}
@@ -1326,17 +1326,17 @@ class User {
 	 * It will clean the session cookie
 	 */
 	function logout() {
-		global $wgCookiePath, $wgCookieDomain, $wgDBname;
+		global $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgDBname;
 		$this->loadDefaults();
 		$this->setLoaded( true );
 
 		$_SESSION['wsUserID'] = 0;
 
-		setcookie( $wgDBname.'UserID', '', time() - 3600, $wgCookiePath, $wgCookieDomain );
-		setcookie( $wgDBname.'Token', '', time() - 3600, $wgCookiePath, $wgCookieDomain );
+		setcookie( $wgDBname.'UserID', '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
+		setcookie( $wgDBname.'Token', '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
 
 		# Remember when user logged out, to prevent seeing cached pages
-		setcookie( $wgDBname.'LoggedOut', wfTimestampNow(), time() + 86400, $wgCookiePath, $wgCookieDomain );
+		setcookie( $wgDBname.'LoggedOut', wfTimestampNow(), time() + 86400, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
 	}
 
 	/**