MediaWiki  REL1_31
SetCookieCompat.php
Go to the documentation of this file.
1 <?php
2 
3 namespace Wikimedia\Http;
4 
21  public static function setcookie( $name, $value, $options = [] ) {
22  return ( new self )->setCookieInternal( true, $name, $value, $options );
23  }
24 
36  public static function setrawcookie( $name, $value, $options = [] ) {
37  return ( new self )->setCookieInternal( false, $name, $value, $options );
38  }
39 
48  public function setCookieInternal( $urlEncode, $name, $value, $options = [] ) {
49  $supportsAssoc = version_compare( PHP_VERSION, '7.3.0', '>=' );
50  if ( $supportsAssoc ) {
51  if ( $urlEncode ) {
52  // @phan-suppress-next-line PhanTypeMismatchArgumentInternal
53  return setcookie( $name, $value, $options );
54  } else {
55  // Phan has a new prototype for setcookie() but not yet for setrawcookie()
56  // @phan-suppress-next-line PhanTypeMismatchArgumentInternal
57  return setrawcookie( $name, $value, $options );
58  }
59  }
60 
61  if ( !isset( $options['samesite'] ) || !strlen( $options['samesite'] ) ) {
62  if ( $urlEncode ) {
63  return setcookie(
64  $name,
65  $value,
66  $options['expires'],
67  $options['path'],
68  $options['domain'],
69  $options['secure'],
70  $options['httponly']
71  );
72  } else {
73  return setrawcookie(
74  $name,
75  $value,
76  $options['expires'],
77  $options['path'],
78  $options['domain'],
79  $options['secure'],
80  $options['httponly']
81  );
82  }
83  }
84 
85  return self::setCookieEmulated( $urlEncode, $name, $value, $options );
86  }
87 
101  public function setCookieEmulated( $urlEncode, $name, $value, $options = [] ) {
102  $func = $urlEncode ? 'setcookie()' : 'setrawcookie()';
103  $expires = 0;
104  $path = null;
105  $domain = null;
106  $secure = false;
107  $httponly = false;
108  $samesite = null;
109  $found = 0;
110  foreach ( $options as $key => $opt ) {
111  if ( $key === 'expires' ) {
112  $expires = (int)$opt;
113  $found++;
114  } elseif ( $key === 'path' ) {
115  $path = (string)$opt;
116  $found++;
117  } elseif ( $key === 'domain' ) {
118  $domain = (string)$opt;
119  $found++;
120  } elseif ( $key === 'secure' ) {
121  $secure = (bool)$opt;
122  $found++;
123  } elseif ( $key === 'httponly' ) {
124  $httponly = (bool)$opt;
125  $found++;
126  } elseif ( $key === 'samesite' ) {
127  $samesite = (string)$opt;
128  $found++;
129  } else {
130  $this->error( "$func: Unrecognized key '$key' found in the options array" );
131  }
132  }
133 
134  if ( $found == 0 && count( $options ) > 0 ) {
135  $this->error( "$func: No valid options were found in the given array" );
136  }
137 
138  if ( !strlen( $name ) ) {
139  $this->error( 'Cookie names must not be empty' );
140  return false;
141  } elseif ( strpbrk( $name, "=,; \t\r\n\013\014" ) !== false ) {
142  $this->error( "Cookie names cannot contain any of the following " .
143  "'=,; \\t\\r\\n\\013\\014'" );
144  return false;
145  }
146 
147  if ( !$urlEncode && $value !== null
148  && strpbrk( $value, ",; \t\r\n\013\014" ) !== false
149  ) {
150  $this->error( "Cookie values cannot contain any of the following ',; \\t\\r\\n\\013\\014'" );
151  return false;
152  }
153 
154  if ( $path !== null && strpbrk( $path, ",; \t\r\n\013\014" ) !== false ) {
155  $this->error( "Cookie paths cannot contain any of the following ',; \\t\\r\\n\\013\\014'" );
156  return false;
157  }
158 
159  if ( $domain !== null && strpbrk( $domain, ",; \t\r\n\013\014" ) !== false ) {
160  $this->error( "Cookie domains cannot contain any of the following ',; \\t\\r\\n\\013\\014'" );
161  return false;
162  }
163 
164  $buf = '';
165  if ( $value === null || strlen( $value ) === 0 ) {
166  $dt = gmdate( "D, d-M-Y H:i:s T", 1 );
167  $buf .= "Set-Cookie: $name=deleted; expires=$dt; Max-Age=0";
168  } else {
169  $buf .= "Set-Cookie: $name=";
170  if ( $urlEncode ) {
171  $buf .= urlencode( $value );
172  } else {
173  $buf .= $value;
174  }
175 
176  if ( $expires > 0 ) {
177  $dt = gmdate( "D, d-M-Y H:i:s T", $expires );
178  $p = strrpos( $dt, '-' );
179  if ( $p === false || substr( $dt, $p + 5, 1 ) !== ' ' ) {
180  $this->error( "Expiry date cannot have a year greater than 9999" );
181  return false;
182  }
183 
184  $buf .= "; expires=$dt";
185 
186  $diff = $expires - $this->time();
187  if ( $diff < 0 ) {
188  $diff = 0;
189  }
190  $buf .= "; Max-Age=$diff";
191  }
192  }
193 
194  if ( $path !== null && strlen( $path ) ) {
195  $buf .= "; path=$path";
196  }
197  if ( $domain !== null && strlen( $domain ) ) {
198  $buf .= "; domain=$domain";
199  }
200  if ( $secure ) {
201  $buf .= "; secure";
202  }
203  if ( $httponly ) {
204  $buf .= "; HttpOnly";
205  }
206  if ( $samesite !== null && strlen( $samesite ) ) {
207  $buf .= "; SameSite=$samesite";
208  }
209 
210  // sapi_header_op() returns a value which setcookie() uses, but
211  // header() discards it. The most likely way for sapi_header_op() to
212  // fail is due to headers already being sent.
213  if ( $this->headers_sent() ) {
214  $this->error( "Cannot modify header information - headers already sent" );
215  return false;
216  }
217  $this->header( $buf );
218  return true;
219  }
220 
221  protected function time() {
222  return time();
223  }
224 
225  protected function error( $message ) {
226  trigger_error( $message, E_USER_WARNING );
227  }
228 
229  protected function headers_sent() {
230  return headers_sent();
231  }
232 
233  protected function header( $header ) {
234  header( $header, false );
235  }
236 }
$opt
$opt
Definition: postprocess-phan.php:119
string
This code would result in ircNotify being run twice when an article is and once for brion Hooks can return three possible true was required This is the default since MediaWiki *some string
Definition: hooks.txt:181
Wikimedia\Http\SetCookieCompat\setrawcookie
static setrawcookie( $name, $value, $options=[])
Temporary emulation for setrawcookie() with a SameSite option.
Definition: SetCookieCompat.php:36
Wikimedia\Http\SetCookieCompat
Definition: SetCookieCompat.php:9
Wikimedia\Http\SetCookieCompat\error
error( $message)
Definition: SetCookieCompat.php:225
Wikimedia\Http\SetCookieCompat\header
header( $header)
Definition: SetCookieCompat.php:233
php
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition: injection.txt:37
Wikimedia\Http\SetCookieCompat\setCookieEmulated
setCookieEmulated( $urlEncode, $name, $value, $options=[])
Temporary emulation for setcookie() with a SameSite option.
Definition: SetCookieCompat.php:101
Wikimedia\Http
Utility for parsing a HTTP Accept header value into a weight map.
Definition: HttpAcceptNegotiator.php:3
Wikimedia\Http\SetCookieCompat\time
time()
Definition: SetCookieCompat.php:221
$options
null means default in associative array with keys and values unescaped Should be merged with default with a value of false meaning to suppress the attribute in associative array with keys and values unescaped & $options
Definition: hooks.txt:2001
$value
$value
Definition: styleTest.css.php:45
$header
$header
Definition: updateCredits.php:35
$name
Allows to change the fields on the form that will be generated $name
Definition: hooks.txt:302
$path
$path
Definition: NoLocalSettings.php:25
as
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such as
Definition: distributors.txt:22
Wikimedia\Http\SetCookieCompat\setCookieInternal
setCookieInternal( $urlEncode, $name, $value, $options=[])
Definition: SetCookieCompat.php:48
Wikimedia\Http\SetCookieCompat\headers_sent
headers_sent()
Definition: SetCookieCompat.php:229
Wikimedia\Http\SetCookieCompat\setcookie
static setcookie( $name, $value, $options=[])
Temporary emulation for setcookie() with a SameSite option.
Definition: SetCookieCompat.php:21