* Remove unused OutputPage::addCookie()

* Set cookies to secure mode based on use of HTTPS or $wgCookieSecure
Note; this currently doesn't override the session cookie params. Set separately

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index ef14dde..bf782b8 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -360,6 +360,8 @@ fully support the editing toolbar, but was found to be too confusing.
   1.6 dev behavior.
 * Add 'GetInternalURL' hook to match the GetFullURL and GetLocalURL ones
 * (bug 4389) Fix math options on zh-hk and zh-tw (but not localized)
+* Remove unused OutputPage::addCookie()
+* Set cookies to secure mode based on use of HTTPS or $wgCookieSecure
 
 
 === Caveats ===

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 6e79fbc..ae32c7b 100644 (file)
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -66,7 +66,6 @@ if(    isset( $_SERVER['SERVER_PORT'] )
 
        $wgServer .= ":" . $_SERVER['SERVER_PORT'];
 }
-unset($wgProto);
 
 
 /**
@@ -1005,6 +1004,7 @@ $wgHTCPMulticastTTL = 1;
  */
 $wgCookieDomain = '';
 $wgCookiePath = '/';
+$wgCookieSecure = ($wgProto == 'https');
 $wgDisableCookieCheck = false;
 
 /**  Whether to allow inline image pointing to other websites */

diff --git a/includes/OutputPage.php b/includes/OutputPage.php
index 23cdd84..f75c90e 100644 (file)
--- a/includes/OutputPage.php
+++ b/includes/OutputPage.php
@@ -17,7 +17,7 @@ if($wgUseTeX) require_once( 'Math.php' );
  * @package MediaWiki
  */
 class OutputPage {
-       var $mHeaders, $mCookies, $mMetatags, $mKeywords;
+       var $mHeaders, $mMetatags, $mKeywords;
        var $mLinktags, $mPagetitle, $mBodytext, $mDebugtext;
        var $mHTMLtitle, $mRobotpolicy, $mIsarticle, $mPrintable;
        var $mSubtitle, $mRedirect, $mStatusCode;
@@ -39,7 +39,7 @@ class OutputPage {
         * Initialise private variables
         */
        function OutputPage() {
-               $this->mHeaders = $this->mCookies = $this->mMetatags =
+               $this->mHeaders = $this->mMetatags =
                $this->mKeywords = $this->mLinktags = array();
                $this->mHTMLtitle = $this->mPagetitle = $this->mBodytext =
                $this->mRedirect = $this->mLastModified =
@@ -59,7 +59,6 @@ class OutputPage {
        }
 
        function addHeader( $name, $val ) { array_push( $this->mHeaders, $name.': '.$val ) ; }
-       function addCookie( $name, $val ) { array_push( $this->mCookies, array( $name, $val ) ); }
        function redirect( $url, $responsecode = '302' ) { $this->mRedirect = $url; $this->mRedirectCode = $responsecode; }
        function setStatusCode( $statusCode ) { $this->mStatusCode = $statusCode; }
        
@@ -422,7 +421,7 @@ class OutputPage {
         * the object, let's actually output it:
         */
        function output() {
-               global $wgUser, $wgCookieExpiration, $wgOutputEncoding;
+               global $wgUser, $wgOutputEncoding;
                global $wgContLanguageCode, $wgDebugRedirects, $wgMimeType, $wgProfiler;
 
                if( $this->mDoNothing ){
@@ -523,11 +522,6 @@ class OutputPage {
                header( "Content-type: $wgMimeType; charset={$wgOutputEncoding}" );
                header( 'Content-language: '.$wgContLanguageCode );
 
-               $exp = time() + $wgCookieExpiration;
-               foreach( $this->mCookies as $name => $val ) {
-                       setcookie( $name, $val, $exp, '/' );
-               }
-
                if ($this->mArticleBodyOnly) {
                        $this->out($this->mBodytext);
                } else {

diff --git a/includes/SpecialUserlogin.php b/includes/SpecialUserlogin.php
index eedbdee..ec8d457 100644 (file)
--- a/includes/SpecialUserlogin.php
+++ b/includes/SpecialUserlogin.php
@@ -381,7 +381,7 @@ class LoginForm {
         * @access private
         */
        function mailPasswordInternal( $u ) {
-               global $wgDBname, $wgCookiePath, $wgCookieDomain;
+               global $wgDBname, $wgCookiePath, $wgCookieDomain, $wgCookieSecure;
 
                if ( '' == $u->getEmail() ) {
                        return wfMsg( 'noemail', $u->getName() );
@@ -390,7 +390,7 @@ class LoginForm {
                $np = $u->randomPassword();
                $u->setNewpassword( $np );
 
-               setcookie( "{$wgDBname}Token", '', time() - 3600, $wgCookiePath, $wgCookieDomain );
+               setcookie( "{$wgDBname}Token", '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
 
                $u->saveSettings();
 

diff --git a/includes/SpecialUserlogout.php b/includes/SpecialUserlogout.php
index 58da683..7f057a9 100644 (file)
--- a/includes/SpecialUserlogout.php
+++ b/includes/SpecialUserlogout.php
@@ -17,7 +17,6 @@ function wfSpecialUserlogout() {
 
                wfRunHooks('UserLogoutComplete', array(&$wgUser));
                
-               $wgOut->mCookies = array();
                $wgOut->setRobotpolicy( 'noindex,nofollow' );
                $wgOut->addHTML( wfMsg( 'logouttext' ) );
                $wgOut->returnToMain();

diff --git a/includes/User.php b/includes/User.php
index c09d0bb..1245eed 100644 (file)
--- a/includes/User.php
+++ b/includes/User.php
@@ -1302,20 +1302,20 @@ class User {
        }
 
        function setCookies() {
-               global $wgCookieExpiration, $wgCookiePath, $wgCookieDomain, $wgDBname;
+               global $wgCookieExpiration, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgDBname;
                if ( 0 == $this->mId ) return;
                $this->loadFromDatabase();
                $exp = time() + $wgCookieExpiration;
 
                $_SESSION['wsUserID'] = $this->mId;
-               setcookie( $wgDBname.'UserID', $this->mId, $exp, $wgCookiePath, $wgCookieDomain );
+               setcookie( $wgDBname.'UserID', $this->mId, $exp, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
 
                $_SESSION['wsUserName'] = $this->getName();
-               setcookie( $wgDBname.'UserName', $this->getName(), $exp, $wgCookiePath, $wgCookieDomain );
+               setcookie( $wgDBname.'UserName', $this->getName(), $exp, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
 
                $_SESSION['wsToken'] = $this->mToken;
                if ( 1 == $this->getOption( 'rememberpassword' ) ) {
-                       setcookie( $wgDBname.'Token', $this->mToken, $exp, $wgCookiePath, $wgCookieDomain );
+                       setcookie( $wgDBname.'Token', $this->mToken, $exp, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
                } else {
                        setcookie( $wgDBname.'Token', '', time() - 3600 );
                }
@@ -1326,17 +1326,17 @@ class User {
         * It will clean the session cookie
         */
        function logout() {
-               global $wgCookiePath, $wgCookieDomain, $wgDBname;
+               global $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgDBname;
                $this->loadDefaults();
                $this->setLoaded( true );
 
                $_SESSION['wsUserID'] = 0;
 
-               setcookie( $wgDBname.'UserID', '', time() - 3600, $wgCookiePath, $wgCookieDomain );
-               setcookie( $wgDBname.'Token', '', time() - 3600, $wgCookiePath, $wgCookieDomain );
+               setcookie( $wgDBname.'UserID', '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
+               setcookie( $wgDBname.'Token', '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
 
                # Remember when user logged out, to prevent seeing cached pages
-               setcookie( $wgDBname.'LoggedOut', wfTimestampNow(), time() + 86400, $wgCookiePath, $wgCookieDomain );
+               setcookie( $wgDBname.'LoggedOut', wfTimestampNow(), time() + 86400, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
        }
 
        /**