Drop 5.1 compatibility calls to session_set_cookie_params() and setcookie() since...

diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php
index 6604435..9cdce49 100644 (file)
--- a/includes/GlobalFunctions.php
+++ b/includes/GlobalFunctions.php
@@ -2787,7 +2787,7 @@ function wfSetupSession( $sessionId = false ) {
                # hasn't already been set to the desired value (that causes errors)
                ini_set( 'session.save_handler', $wgSessionHandler );
        }
-       $httpOnlySafe = wfHttpOnlySafe();
+       $httpOnlySafe = wfHttpOnlySafe() && $wgCookieHttpOnly;
        wfDebugLog( 'cookie',
                'session_set_cookie_params: "' . implode( '", "',
                        array(
@@ -2795,13 +2795,8 @@ function wfSetupSession( $sessionId = false ) {
                                $wgCookiePath,
                                $wgCookieDomain,
                                $wgCookieSecure,
-                               $httpOnlySafe && $wgCookieHttpOnly ) ) . '"' );
-       if( $httpOnlySafe && $wgCookieHttpOnly ) {
-               session_set_cookie_params( 0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgCookieHttpOnly );
-       } else {
-               // PHP 5.1 throws warnings if you pass the HttpOnly parameter for 5.2.
-               session_set_cookie_params( 0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
-       }
+                               $httpOnlySafe ) ) . '"' );
+       session_set_cookie_params( 0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $httpOnlySafe );
        session_cache_limiter( 'private, must-revalidate' );
        if ( $sessionId ) {
                session_id( $sessionId );

diff --git a/includes/WebResponse.php b/includes/WebResponse.php
index 2b1ec04..a0f7776 100644 (file)
--- a/includes/WebResponse.php
+++ b/includes/WebResponse.php
@@ -33,7 +33,7 @@ class WebResponse {
                if ( $expire == 0 ) {
                        $expire = time() + $wgCookieExpiration;
                }
-               $httpOnlySafe = wfHttpOnlySafe();
+               $httpOnlySafe = wfHttpOnlySafe() && $wgCookieHttpOnly;
                wfDebugLog( 'cookie',
                        'setcookie: "' . implode( '", "',
                                array(
@@ -43,25 +43,14 @@ class WebResponse {
                                        $wgCookiePath,
                                        $wgCookieDomain,
                                        $wgCookieSecure,
-                                       $httpOnlySafe && $wgCookieHttpOnly ) ) . '"' );
-               if( $httpOnlySafe && isset( $wgCookieHttpOnly ) ) {
-                       setcookie( $wgCookiePrefix . $name,
-                               $value,
-                               $expire,
-                               $wgCookiePath,
-                               $wgCookieDomain,
-                               $wgCookieSecure,
-                               $wgCookieHttpOnly );
-               } else {
-                       // setcookie() fails on PHP 5.1 if you give it future-compat paramters.
-                       // stab stab!
-                       setcookie( $wgCookiePrefix . $name,
-                               $value,
-                               $expire,
-                               $wgCookiePath,
-                               $wgCookieDomain,
-                               $wgCookieSecure );
-               }
+                                       $httpOnlySafe ) ) . '"' );
+               setcookie( $wgCookiePrefix . $name,
+                       $value,
+                       $expire,
+                       $wgCookiePath,
+                       $wgCookieDomain,
+                       $wgCookieSecure,
+                       $httpOnlySafe );
        }
 }
 
@@ -91,4 +80,4 @@ class FauxResponse extends WebResponse {
                        return $this->cookies[$name];
                }
        }
-}
\ No newline at end of file
+}