From 98c86aa7ffd11ab2895b797ab32d4b255c41ac2b Mon Sep 17 00:00:00 2001 From: Chad Horohoe Date: Fri, 15 Aug 2008 01:54:59 +0000 Subject: [PATCH] * Bug 12976: Use $WebResponse->setCookie() rather than raw setcookie() calls. * Moved all of the debugging/logic to WebResponse so it can be properly used elsewhere. * A bit of cleanup so cookies set by $wgUser->setCookie() use $wgCookiePath as they should. * Bug 14887: $wgEnablePersistentCookies has been added to allow for disabling of persistent cookies. --- RELEASE-NOTES | 2 ++ includes/DefaultSettings.php | 5 +++++ includes/User.php | 42 ++++-------------------------------- includes/WebResponse.php | 42 +++++++++++++++++++++++++++++++++--- 4 files changed, 50 insertions(+), 41 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 575141a901..7f198ef91b 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -35,6 +35,8 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN $wgAddGroups and $wgRemoveGroups, where the user must belong to a specified group in order to add or remove those groups from themselves. Backwards compatibility is maintained. +* $wgEnablePersistentCookies has been added. Setting to false disables the + setting of persistent cookies. Defaults to true. === New features in 1.14 === diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 9a3c567002..9a1ae62910 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -1556,6 +1556,11 @@ $wgCookiePrefix = false; */ $wgCookieHttpOnly = version_compare("5.2", PHP_VERSION, "<"); +/** + * Allow MediaWiki to set persistent cookies for login, etc. + */ +$wgEnablePersistentCookies = true; + /** * If the requesting browser matches a regex in this blacklist, we won't * send it cookies with HttpOnly mode, even if $wgCookieHttpOnly is on. diff --git a/includes/User.php b/includes/User.php index 59c8c4cc91..b7efd25579 100644 --- a/includes/User.php +++ b/includes/User.php @@ -2189,46 +2189,12 @@ class User { } /** - * Set a cookie on the user's client - * @param $name \type{\string} Name of the cookie to set - * @param $name \type{\string} Value to set - * @param $name \type{\int} Expiration time, as a UNIX time value; - * if 0 or not specified, use the default $wgCookieExpiration + * Set a cookie on the user's client. Wrapper for + * WebResponse::setCookie */ protected function setCookie( $name, $value, $exp=0 ) { - global $wgCookiePrefix,$wgCookieDomain,$wgCookieSecure,$wgCookieExpiration, $wgCookieHttpOnly; - if( $exp == 0 ) { - $exp = time() + $wgCookieExpiration; - } - $httpOnlySafe = wfHttpOnlySafe(); - wfDebugLog( 'cookie', - 'setcookie: "' . implode( '", "', - array( - $wgCookiePrefix . $name, - $value, - $exp, - '/', - $wgCookieDomain, - $wgCookieSecure, - $httpOnlySafe && $wgCookieHttpOnly ) ) . '"' ); - if( $httpOnlySafe && isset( $wgCookieHttpOnly ) ) { - setcookie( $wgCookiePrefix . $name, - $value, - $exp, - '/', - $wgCookieDomain, - $wgCookieSecure, - $wgCookieHttpOnly ); - } else { - // setcookie() fails on PHP 5.1 if you give it future-compat paramters. - // stab stab! - setcookie( $wgCookiePrefix . $name, - $value, - $exp, - '/', - $wgCookieDomain, - $wgCookieSecure ); - } + global $wgRequest; + $wgRequest->response()->setcookie( $name, $value, $exp ); } /** diff --git a/includes/WebResponse.php b/includes/WebResponse.php index 05023e1590..5ebc699764 100644 --- a/includes/WebResponse.php +++ b/includes/WebResponse.php @@ -11,8 +11,44 @@ class WebResponse { } /** Set the browser cookie */ - function setcookie($name, $value, $expire) { - global $wgCookiePath, $wgCookieDomain, $wgCookieSecure; - setcookie($name,$value,$expire, $wgCookiePath, $wgCookieDomain, $wgCookieSecure); + function setcookie( $name, $value, $expire = 0 ) { + global $wgEnablePersistentCookies; + if ( !$wgEnablePersistentCookies ) { + return false; + } + global $wgCookiePath, $wgCookiePrefix, $wgCookieDomain; + global $wgCookieSecure,$wgCookieExpiration, $wgCookieHttpOnly; + if( $expire == 0 ) { + $expire = time() + $wgCookieExpiration; + } + $httpOnlySafe = wfHttpOnlySafe(); + wfDebugLog( 'cookie', + 'setcookie: "' . implode( '", "', + array( + $wgCookiePrefix . $name, + $value, + $expire, + $wgCookiePath, + $wgCookieDomain, + $wgCookieSecure, + $httpOnlySafe && $wgCookieHttpOnly ) ) . '"' ); + if( $httpOnlySafe && isset( $wgCookieHttpOnly ) ) { + setcookie( $wgCookiePrefix . $name, + $value, + $expire, + $wgCookiePath, + $wgCookieDomain, + $wgCookieSecure, + $wgCookieHttpOnly ); + } else { + // setcookie() fails on PHP 5.1 if you give it future-compat paramters. + // stab stab! + setcookie( $wgCookiePrefix . $name, + $value, + $expire, + $wgCookiePath, + $wgCookieDomain, + $wgCookieSecure ); + } } } -- 2.20.1