MediaWiki  1.23.13
Cookie.php
Go to the documentation of this file.
1 <?php
24 class Cookie {
25  protected $name;
26  protected $value;
27  protected $expires;
28  protected $path;
29  protected $domain;
30  protected $isSessionKey = true;
31  // TO IMPLEMENT protected $secure
32  // TO IMPLEMENT? protected $maxAge (add onto expires)
33  // TO IMPLEMENT? protected $version
34  // TO IMPLEMENT? protected $comment
35 
36  function __construct( $name, $value, $attr ) {
37  $this->name = $name;
38  $this->set( $value, $attr );
39  }
40 
53  public function set( $value, $attr ) {
54  $this->value = $value;
55 
56  if ( isset( $attr['expires'] ) ) {
57  $this->isSessionKey = false;
58  $this->expires = strtotime( $attr['expires'] );
59  }
60 
61  if ( isset( $attr['path'] ) ) {
62  $this->path = $attr['path'];
63  } else {
64  $this->path = '/';
65  }
66 
67  if ( isset( $attr['domain'] ) ) {
68  if ( self::validateCookieDomain( $attr['domain'] ) ) {
69  $this->domain = $attr['domain'];
70  }
71  } else {
72  throw new MWException( 'You must specify a domain.' );
73  }
74  }
75 
92  public static function validateCookieDomain( $domain, $originDomain = null ) {
93  // Don't allow a trailing dot
94  if ( substr( $domain, -1 ) == '.' ) {
95  return false;
96  }
97 
98  $dc = explode( ".", $domain );
99 
100  // Only allow full, valid IP addresses
101  if ( preg_match( '/^[0-9.]+$/', $domain ) ) {
102  if ( count( $dc ) != 4 ) {
103  return false;
104  }
105 
106  if ( ip2long( $domain ) === false ) {
107  return false;
108  }
109 
110  if ( $originDomain == null || $originDomain == $domain ) {
111  return true;
112  }
113 
114  }
115 
116  // Don't allow cookies for "co.uk" or "gov.uk", etc, but allow "supermarket.uk"
117  if ( strrpos( $domain, "." ) - strlen( $domain ) == -3 ) {
118  if ( ( count( $dc ) == 2 && strlen( $dc[0] ) <= 2 )
119  || ( count( $dc ) == 3 && strlen( $dc[0] ) == "" && strlen( $dc[1] ) <= 2 ) ) {
120  return false;
121  }
122  if ( ( count( $dc ) == 2 || ( count( $dc ) == 3 && $dc[0] == '' ) )
123  && preg_match( '/(com|net|org|gov|edu)\...$/', $domain ) ) {
124  return false;
125  }
126  }
127 
128  if ( $originDomain != null ) {
129  if ( substr( $domain, 0, 1 ) != '.' && $domain != $originDomain ) {
130  return false;
131  }
132 
133  if ( substr( $domain, 0, 1 ) == '.'
134  && substr_compare(
135  $originDomain,
136  $domain,
137  -strlen( $domain ),
138  strlen( $domain ),
139  true
140  ) != 0
141  ) {
142  return false;
143  }
144  }
145 
146  return true;
147  }
148 
156  public function serializeToHttpRequest( $path, $domain ) {
157  $ret = '';
158 
159  if ( $this->canServeDomain( $domain )
160  && $this->canServePath( $path )
161  && $this->isUnExpired() ) {
162  $ret = $this->name . '=' . $this->value;
163  }
164 
165  return $ret;
166  }
167 
172  protected function canServeDomain( $domain ) {
173  if ( $domain == $this->domain
174  || ( strlen( $domain ) > strlen( $this->domain )
175  && substr( $this->domain, 0, 1 ) == '.'
176  && substr_compare(
177  $domain,
178  $this->domain,
179  -strlen( $this->domain ),
180  strlen( $this->domain ),
181  true
182  ) == 0
183  )
184  ) {
185  return true;
186  }
187 
188  return false;
189  }
190 
195  protected function canServePath( $path ) {
196  return ( $this->path && substr_compare( $this->path, $path, 0, strlen( $this->path ) ) == 0 );
197  }
198 
202  protected function isUnExpired() {
203  return $this->isSessionKey || $this->expires > time();
204  }
205 }
206 
207 class CookieJar {
208  private $cookie = array();
209 
214  public function setCookie( $name, $value, $attr ) {
215  /* cookies: case insensitive, so this should work.
216  * We'll still send the cookies back in the same case we got them, though.
217  */
218  $index = strtoupper( $name );
219 
220  if ( isset( $this->cookie[$index] ) ) {
221  $this->cookie[$index]->set( $value, $attr );
222  } else {
223  $this->cookie[$index] = new Cookie( $name, $value, $attr );
224  }
225  }
226 
231  public function serializeToHttpRequest( $path, $domain ) {
232  $cookies = array();
233 
234  foreach ( $this->cookie as $c ) {
235  $serialized = $c->serializeToHttpRequest( $path, $domain );
236 
237  if ( $serialized ) {
238  $cookies[] = $serialized;
239  }
240  }
241 
242  return implode( '; ', $cookies );
243  }
244 
252  public function parseCookieResponseHeader( $cookie, $domain ) {
253  $len = strlen( 'Set-Cookie:' );
254 
255  if ( substr_compare( 'Set-Cookie:', $cookie, 0, $len, true ) === 0 ) {
256  $cookie = substr( $cookie, $len );
257  }
258 
259  $bit = array_map( 'trim', explode( ';', $cookie ) );
260 
261  if ( count( $bit ) >= 1 ) {
262  list( $name, $value ) = explode( '=', array_shift( $bit ), 2 );
263  $attr = array();
264 
265  foreach ( $bit as $piece ) {
266  $parts = explode( '=', $piece );
267  if ( count( $parts ) > 1 ) {
268  $attr[strtolower( $parts[0] )] = $parts[1];
269  } else {
270  $attr[strtolower( $parts[0] )] = true;
271  }
272  }
273 
274  if ( !isset( $attr['domain'] ) ) {
275  $attr['domain'] = $domain;
276  } elseif ( !Cookie::validateCookieDomain( $attr['domain'], $domain ) ) {
277  return null;
278  }
279 
280  $this->setCookie( $name, $value, $attr );
281  }
282  }
283 }
CookieJar\$cookie
$cookie
Definition: Cookie.php:208
Cookie\canServeDomain
canServeDomain( $domain)
Definition: Cookie.php:172
php
skin txt MediaWiki includes four core it has been set as the default in MediaWiki since the replacing Monobook it had been been the default skin since before being replaced by Vector largely rewritten in while keeping its appearance Several legacy skins were removed in the as the burden of supporting them became too heavy to bear Those in etc for skin dependent CSS etc for skin dependent JavaScript These can also be customised on a per user by etc This feature has led to a wide variety of user styles becoming that gallery is a good place to ending in php
Definition: skin.txt:62
$ret
null means default in associative array with keys and values unescaped Should be merged with default with a value of false meaning to suppress the attribute in associative array with keys and values unescaped noclasses & $ret
Definition: hooks.txt:1530
$serialized
foreach( $res as $row) $serialized
Definition: testCompression.php:77
Cookie\$path
$path
Definition: Cookie.php:28
Cookie\__construct
__construct( $name, $value, $attr)
Definition: Cookie.php:36
MWException
MediaWiki exception.
Definition: MWException.php:26
CookieJar\setCookie
setCookie( $name, $value, $attr)
Set a cookie in the cookie jar.
Definition: Cookie.php:214
Cookie\canServePath
canServePath( $path)
Definition: Cookie.php:195
array
the array() calling protocol came about after MediaWiki 1.4rc1.
List of Api Query prop modules.
Cookie\$domain
$domain
Definition: Cookie.php:29
$cookies
return false to override stock group removal can be modified modifiable will be added to $_SESSION & $cookies
Definition: hooks.txt:2843
list
deferred txt A few of the database updates required by various functions here can be deferred until after the result page is displayed to the user For updating the view updating the linked to tables after a etc PHP does not yet have any way to tell the server to actually return and disconnect while still running these but it might have such a feature in the future We handle these by creating a deferred update object and putting those objects on a global list
Definition: deferred.txt:11
$name
Allows to change the fields on the form that will be generated $name
Definition: hooks.txt:336
$value
$value
Definition: styleTest.css.php:45
Cookie\validateCookieDomain
static validateCookieDomain( $domain, $originDomain=null)
Return the true if the cookie is valid is valid.
Definition: Cookie.php:92
Cookie
Definition: Cookie.php:24
Cookie\serializeToHttpRequest
serializeToHttpRequest( $path, $domain)
Serialize the cookie jar into a format useful for HTTP Request headers.
Definition: Cookie.php:156
Cookie\$name
$name
Definition: Cookie.php:25
CookieJar
Definition: Cookie.php:207
$path
$path
Definition: NoLocalSettings.php:35
as
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such as
Definition: distributors.txt:9
Cookie\isUnExpired
isUnExpired()
Definition: Cookie.php:202
CookieJar\serializeToHttpRequest
serializeToHttpRequest( $path, $domain)
Definition: Cookie.php:231
name
design txt This is a brief overview of the new design More thorough and up to date information is available on the documentation wiki at name
Definition: design.txt:12
Cookie\$expires
$expires
Definition: Cookie.php:27
Cookie\$value
$value
Definition: Cookie.php:26
CookieJar\parseCookieResponseHeader
parseCookieResponseHeader( $cookie, $domain)
Parse the content of an Set-Cookie HTTP Response header.
Definition: Cookie.php:252
Cookie\$isSessionKey
$isSessionKey
Definition: Cookie.php:30