MediaWiki  REL1_31
Cookie.php
Go to the documentation of this file.
1 <?php
24 class Cookie {
25  protected $name;
26  protected $value;
27  protected $expires;
28  protected $path;
29  protected $domain;
30  protected $isSessionKey = true;
31  // TO IMPLEMENT protected $secure
32  // TO IMPLEMENT? protected $maxAge (add onto expires)
33  // TO IMPLEMENT? protected $version
34  // TO IMPLEMENT? protected $comment
35 
36  function __construct( $name, $value, $attr ) {
37  $this->name = $name;
38  $this->set( $value, $attr );
39  }
40 
53  public function set( $value, $attr ) {
54  $this->value = $value;
55 
56  if ( isset( $attr['expires'] ) ) {
57  $this->isSessionKey = false;
58  $this->expires = strtotime( $attr['expires'] );
59  }
60 
61  if ( isset( $attr['path'] ) ) {
62  $this->path = $attr['path'];
63  } else {
64  $this->path = '/';
65  }
66 
67  if ( isset( $attr['domain'] ) ) {
68  if ( self::validateCookieDomain( $attr['domain'] ) ) {
69  $this->domain = $attr['domain'];
70  }
71  } else {
72  throw new InvalidArgumentException( '$attr must contain a domain' );
73  }
74  }
75 
92  public static function validateCookieDomain( $domain, $originDomain = null ) {
93  $dc = explode( ".", $domain );
94 
95  // Don't allow a trailing dot or addresses without a or just a leading dot
96  if ( substr( $domain, -1 ) == '.' ||
97  count( $dc ) <= 1 ||
98  count( $dc ) == 2 && $dc[0] === ''
99  ) {
100  return false;
101  }
102 
103  // Only allow full, valid IP addresses
104  if ( preg_match( '/^[0-9.]+$/', $domain ) ) {
105  if ( count( $dc ) != 4 ) {
106  return false;
107  }
108 
109  if ( ip2long( $domain ) === false ) {
110  return false;
111  }
112 
113  if ( $originDomain == null || $originDomain == $domain ) {
114  return true;
115  }
116 
117  }
118 
119  // Don't allow cookies for "co.uk" or "gov.uk", etc, but allow "supermarket.uk"
120  if ( strrpos( $domain, "." ) - strlen( $domain ) == -3 ) {
121  if ( ( count( $dc ) == 2 && strlen( $dc[0] ) <= 2 )
122  || ( count( $dc ) == 3 && strlen( $dc[0] ) == "" && strlen( $dc[1] ) <= 2 ) ) {
123  return false;
124  }
125  if ( ( count( $dc ) == 2 || ( count( $dc ) == 3 && $dc[0] == '' ) )
126  && preg_match( '/(com|net|org|gov|edu)\...$/', $domain ) ) {
127  return false;
128  }
129  }
130 
131  if ( $originDomain != null ) {
132  if ( substr( $domain, 0, 1 ) != '.' && $domain != $originDomain ) {
133  return false;
134  }
135 
136  if ( substr( $domain, 0, 1 ) == '.'
137  && substr_compare(
138  $originDomain,
139  $domain,
140  -strlen( $domain ),
141  strlen( $domain ),
142  true
143  ) != 0
144  ) {
145  return false;
146  }
147  }
148 
149  return true;
150  }
151 
159  public function serializeToHttpRequest( $path, $domain ) {
160  $ret = '';
161 
162  if ( $this->canServeDomain( $domain )
163  && $this->canServePath( $path )
164  && $this->isUnExpired() ) {
165  $ret = $this->name . '=' . $this->value;
166  }
167 
168  return $ret;
169  }
170 
175  protected function canServeDomain( $domain ) {
176  if ( $domain == $this->domain
177  || ( strlen( $domain ) > strlen( $this->domain )
178  && substr( $this->domain, 0, 1 ) == '.'
179  && substr_compare(
180  $domain,
181  $this->domain,
182  -strlen( $this->domain ),
183  strlen( $this->domain ),
184  true
185  ) == 0
186  )
187  ) {
188  return true;
189  }
190 
191  return false;
192  }
193 
198  protected function canServePath( $path ) {
199  return ( $this->path && substr_compare( $this->path, $path, 0, strlen( $this->path ) ) == 0 );
200  }
201 
205  protected function isUnExpired() {
206  return $this->isSessionKey || $this->expires > time();
207  }
208 }
Cookie\canServeDomain
canServeDomain( $domain)
Definition: Cookie.php:175
$ret
null means default in associative array with keys and values unescaped Should be merged with default with a value of false meaning to suppress the attribute in associative array with keys and values unescaped noclasses & $ret
Definition: hooks.txt:2005
php
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition: injection.txt:37
Cookie\$path
$path
Definition: Cookie.php:28
Cookie\__construct
__construct( $name, $value, $attr)
Definition: Cookie.php:36
Cookie\canServePath
canServePath( $path)
Definition: Cookie.php:198
Cookie\$domain
$domain
Definition: Cookie.php:29
Cookie\validateCookieDomain
static validateCookieDomain( $domain, $originDomain=null)
Return the true if the cookie is valid is valid.
Definition: Cookie.php:92
Cookie
Definition: Cookie.php:24
Cookie\serializeToHttpRequest
serializeToHttpRequest( $path, $domain)
Serialize the cookie jar into a format useful for HTTP Request headers.
Definition: Cookie.php:159
Cookie\$name
$name
Definition: Cookie.php:25
Cookie\isUnExpired
isUnExpired()
Definition: Cookie.php:205
name
design txt This is a brief overview of the new design More thorough and up to date information is available on the documentation wiki at name
Definition: design.txt:12
Cookie\$expires
$expires
Definition: Cookie.php:27
Cookie\$value
$value
Definition: Cookie.php:26
Cookie\$isSessionKey
$isSessionKey
Definition: Cookie.php:30