MediaWiki REL1_31
SetCookieCompat.php
Go to the documentation of this file.
1<?php
2
3namespace Wikimedia\Http;
4
9class SetCookieCompat {
21 public static function setcookie( $name, $value, $options = [] ) {
22 return ( new self )->setCookieInternal( true, $name, $value, $options );
23 }
24
36 public static function setrawcookie( $name, $value, $options = [] ) {
37 return ( new self )->setCookieInternal( false, $name, $value, $options );
38 }
39
48 public function setCookieInternal( $urlEncode, $name, $value, $options = [] ) {
49 $supportsAssoc = version_compare( PHP_VERSION, '7.3.0', '>=' );
50 if ( $supportsAssoc ) {
51 if ( $urlEncode ) {
52 // @phan-suppress-next-line PhanTypeMismatchArgumentInternal
53 return setcookie( $name, $value, $options );
54 } else {
55 // Phan has a new prototype for setcookie() but not yet for setrawcookie()
56 // @phan-suppress-next-line PhanTypeMismatchArgumentInternal
57 return setrawcookie( $name, $value, $options );
58 }
59 }
60
61 if ( !isset( $options['samesite'] ) || !strlen( $options['samesite'] ) ) {
62 if ( $urlEncode ) {
63 return setcookie(
64 $name,
65 $value,
66 $options['expires'],
67 $options['path'],
68 $options['domain'],
69 $options['secure'],
70 $options['httponly']
71 );
72 } else {
73 return setrawcookie(
74 $name,
75 $value,
76 $options['expires'],
77 $options['path'],
78 $options['domain'],
79 $options['secure'],
80 $options['httponly']
81 );
82 }
83 }
84
85 return self::setCookieEmulated( $urlEncode, $name, $value, $options );
86 }
87
101 public function setCookieEmulated( $urlEncode, $name, $value, $options = [] ) {
102 $func = $urlEncode ? 'setcookie()' : 'setrawcookie()';
103 $expires = 0;
104 $path = null;
105 $domain = null;
106 $secure = false;
107 $httponly = false;
108 $samesite = null;
109 $found = 0;
110 foreach ( $options as $key => $opt ) {
111 if ( $key === 'expires' ) {
112 $expires = (int)$opt;
113 $found++;
114 } elseif ( $key === 'path' ) {
115 $path = (string)$opt;
116 $found++;
117 } elseif ( $key === 'domain' ) {
118 $domain = (string)$opt;
119 $found++;
120 } elseif ( $key === 'secure' ) {
121 $secure = (bool)$opt;
122 $found++;
123 } elseif ( $key === 'httponly' ) {
124 $httponly = (bool)$opt;
125 $found++;
126 } elseif ( $key === 'samesite' ) {
127 $samesite = (string)$opt;
128 $found++;
129 } else {
130 $this->error( "$func: Unrecognized key '$key' found in the options array" );
131 }
132 }
133
134 if ( $found == 0 && count( $options ) > 0 ) {
135 $this->error( "$func: No valid options were found in the given array" );
136 }
137
138 if ( !strlen( $name ) ) {
139 $this->error( 'Cookie names must not be empty' );
140 return false;
141 } elseif ( strpbrk( $name, "=,; \t\r\n\013\014" ) !== false ) {
142 $this->error( "Cookie names cannot contain any of the following " .
143 "'=,; \\t\\r\\n\\013\\014'" );
144 return false;
145 }
146
147 if ( !$urlEncode && $value !== null
148 && strpbrk( $value, ",; \t\r\n\013\014" ) !== false
149 ) {
150 $this->error( "Cookie values cannot contain any of the following ',; \\t\\r\\n\\013\\014'" );
151 return false;
152 }
153
154 if ( $path !== null && strpbrk( $path, ",; \t\r\n\013\014" ) !== false ) {
155 $this->error( "Cookie paths cannot contain any of the following ',; \\t\\r\\n\\013\\014'" );
156 return false;
157 }
158
159 if ( $domain !== null && strpbrk( $domain, ",; \t\r\n\013\014" ) !== false ) {
160 $this->error( "Cookie domains cannot contain any of the following ',; \\t\\r\\n\\013\\014'" );
161 return false;
162 }
163
164 $buf = '';
165 if ( $value === null || strlen( $value ) === 0 ) {
166 $dt = gmdate( "D, d-M-Y H:i:s T", 1 );
167 $buf .= "Set-Cookie: $name=deleted; expires=$dt; Max-Age=0";
168 } else {
169 $buf .= "Set-Cookie: $name=";
170 if ( $urlEncode ) {
171 $buf .= urlencode( $value );
172 } else {
173 $buf .= $value;
174 }
175
176 if ( $expires > 0 ) {
177 $dt = gmdate( "D, d-M-Y H:i:s T", $expires );
178 $p = strrpos( $dt, '-' );
179 if ( $p === false || substr( $dt, $p + 5, 1 ) !== ' ' ) {
180 $this->error( "Expiry date cannot have a year greater than 9999" );
181 return false;
182 }
183
184 $buf .= "; expires=$dt";
185
186 $diff = $expires - $this->time();
187 if ( $diff < 0 ) {
188 $diff = 0;
189 }
190 $buf .= "; Max-Age=$diff";
191 }
192 }
193
194 if ( $path !== null && strlen( $path ) ) {
195 $buf .= "; path=$path";
196 }
197 if ( $domain !== null && strlen( $domain ) ) {
198 $buf .= "; domain=$domain";
199 }
200 if ( $secure ) {
201 $buf .= "; secure";
202 }
203 if ( $httponly ) {
204 $buf .= "; HttpOnly";
205 }
206 if ( $samesite !== null && strlen( $samesite ) ) {
207 $buf .= "; SameSite=$samesite";
208 }
209
210 // sapi_header_op() returns a value which setcookie() uses, but
211 // header() discards it. The most likely way for sapi_header_op() to
212 // fail is due to headers already being sent.
213 if ( $this->headers_sent() ) {
214 $this->error( "Cannot modify header information - headers already sent" );
215 return false;
216 }
217 $this->header( $buf );
218 return true;
219 }
220
221 protected function time() {
222 return time();
223 }
224
225 protected function error( $message ) {
226 trigger_error( $message, E_USER_WARNING );
227 }
228
229 protected function headers_sent() {
230 return headers_sent();
231 }
232
233 protected function header( $header ) {
234 header( $header, false );
235 }
236}
Wikimedia\Http\SetCookieCompat\setCookieEmulated
setCookieEmulated( $urlEncode, $name, $value, $options=[])
Temporary emulation for setcookie() with a SameSite option.
Definition SetCookieCompat.php:101
Wikimedia\Http\SetCookieCompat\setrawcookie
static setrawcookie( $name, $value, $options=[])
Temporary emulation for setrawcookie() with a SameSite option.
Definition SetCookieCompat.php:36
Wikimedia\Http\SetCookieCompat\setCookieInternal
setCookieInternal( $urlEncode, $name, $value, $options=[])
Definition SetCookieCompat.php:48
Wikimedia\Http\SetCookieCompat\setcookie
static setcookie( $name, $value, $options=[])
Temporary emulation for setcookie() with a SameSite option.
Definition SetCookieCompat.php:21
as
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such as
Definition distributors.txt:22
string
This code would result in ircNotify being run twice when an article is and once for brion Hooks can return three possible true was required This is the default since MediaWiki *some string
Definition hooks.txt:181
$options
null means default in associative array with keys and values unescaped Should be merged with default with a value of false meaning to suppress the attribute in associative array with keys and values unescaped & $options
Definition hooks.txt:2001
$name
Allows to change the fields on the form that will be generated $name
Definition hooks.txt:302
php
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition injection.txt:37
Wikimedia\Http
Utility for parsing a HTTP Accept header value into a weight map.
Definition HttpAcceptNegotiator.php:3
$header
$header
Definition updateCredits.php:35