MediaWiki REL1_32
Cookie.php
Go to the documentation of this file.
1<?php
24class Cookie {
25 protected $name;
26 protected $value;
27 protected $expires;
28 protected $path;
29 protected $domain;
30 protected $isSessionKey = true;
31 // TO IMPLEMENT protected $secure
32 // TO IMPLEMENT? protected $maxAge (add onto expires)
33 // TO IMPLEMENT? protected $version
34 // TO IMPLEMENT? protected $comment
35
36 function __construct( $name, $value, $attr ) {
37 $this->name = $name;
38 $this->set( $value, $attr );
39 }
40
53 public function set( $value, $attr ) {
54 $this->value = $value;
55
56 if ( isset( $attr['expires'] ) ) {
57 $this->isSessionKey = false;
58 $this->expires = strtotime( $attr['expires'] );
59 }
60
61 if ( isset( $attr['path'] ) ) {
62 $this->path = $attr['path'];
63 } else {
64 $this->path = '/';
65 }
66
67 if ( isset( $attr['domain'] ) ) {
68 if ( self::validateCookieDomain( $attr['domain'] ) ) {
69 $this->domain = $attr['domain'];
70 }
71 } else {
72 throw new InvalidArgumentException( '$attr must contain a domain' );
73 }
74 }
75
92 public static function validateCookieDomain( $domain, $originDomain = null ) {
93 $dc = explode( ".", $domain );
94
95 // Don't allow a trailing dot or addresses without a or just a leading dot
96 if ( substr( $domain, -1 ) == '.' ||
97 count( $dc ) <= 1 ||
98 count( $dc ) == 2 && $dc[0] === ''
99 ) {
100 return false;
101 }
102
103 // Only allow full, valid IP addresses
104 if ( preg_match( '/^[0-9.]+$/', $domain ) ) {
105 if ( count( $dc ) != 4 ) {
106 return false;
107 }
108
109 if ( ip2long( $domain ) === false ) {
110 return false;
111 }
112
113 if ( $originDomain == null || $originDomain == $domain ) {
114 return true;
115 }
116
117 }
118
119 // Don't allow cookies for "co.uk" or "gov.uk", etc, but allow "supermarket.uk"
120 if ( strrpos( $domain, "." ) - strlen( $domain ) == -3 ) {
121 if ( ( count( $dc ) == 2 && strlen( $dc[0] ) <= 2 )
122 || ( count( $dc ) == 3 && strlen( $dc[0] ) == "" && strlen( $dc[1] ) <= 2 ) ) {
123 return false;
124 }
125 if ( ( count( $dc ) == 2 || ( count( $dc ) == 3 && $dc[0] == '' ) )
126 && preg_match( '/(com|net|org|gov|edu)\...$/', $domain ) ) {
127 return false;
128 }
129 }
130
131 if ( $originDomain != null ) {
132 if ( substr( $domain, 0, 1 ) != '.' && $domain != $originDomain ) {
133 return false;
134 }
135
136 if ( substr( $domain, 0, 1 ) == '.'
137 && substr_compare(
138 $originDomain,
139 $domain,
140 -strlen( $domain ),
141 strlen( $domain ),
142 true
143 ) != 0
144 ) {
145 return false;
146 }
147 }
148
149 return true;
150 }
151
159 public function serializeToHttpRequest( $path, $domain ) {
160 $ret = '';
161
162 if ( $this->canServeDomain( $domain )
163 && $this->canServePath( $path )
164 && $this->isUnExpired() ) {
165 $ret = $this->name . '=' . $this->value;
166 }
167
168 return $ret;
169 }
170
175 protected function canServeDomain( $domain ) {
176 if ( $domain == $this->domain
177 || ( strlen( $domain ) > strlen( $this->domain )
178 && substr( $this->domain, 0, 1 ) == '.'
179 && substr_compare(
180 $domain,
181 $this->domain,
182 -strlen( $this->domain ),
183 strlen( $this->domain ),
184 true
185 ) == 0
186 )
187 ) {
188 return true;
189 }
190
191 return false;
192 }
193
198 protected function canServePath( $path ) {
199 return ( $this->path && substr_compare( $this->path, $path, 0, strlen( $this->path ) ) == 0 );
200 }
201
205 protected function isUnExpired() {
206 return $this->isSessionKey || $this->expires > time();
207 }
208}
serializeToHttpRequest( $path, $domain)
Serialize the cookie jar into a format useful for HTTP Request headers.
Definition Cookie.php:159
$domain
Definition Cookie.php:29
canServeDomain( $domain)
Definition Cookie.php:175
isUnExpired()
Definition Cookie.php:205
__construct( $name, $value, $attr)
Definition Cookie.php:36
canServePath( $path)
Definition Cookie.php:198
$isSessionKey
Definition Cookie.php:30
$expires
Definition Cookie.php:27
static validateCookieDomain( $domain, $originDomain=null)
Return the true if the cookie is valid is valid.
Definition Cookie.php:92
null means default in associative array with keys and values unescaped Should be merged with default with a value of false meaning to suppress the attribute in associative array with keys and values unescaped noclasses & $ret
Definition hooks.txt:2054
> value, names are case insensitive). Two headers get special handling:If-Modified-Since(value must be a valid HTTP date) and Range(must be of the form "bytes=(\d*-\d*)") will be honored when streaming the file. 'ImportHandleLogItemXMLTag':When parsing a XML tag in a log item. Return false to stop further processing of the tag $reader:XMLReader object $logInfo:Array of information 'ImportHandlePageXMLTag':When parsing a XML tag in a page. Return false to stop further processing of the tag $reader:XMLReader object & $pageInfo:Array of information 'ImportHandleRevisionXMLTag':When parsing a XML tag in a page revision. Return false to stop further processing of the tag $reader:XMLReader object $pageInfo:Array of page information $revisionInfo:Array of revision information 'ImportHandleToplevelXMLTag':When parsing a top level XML tag. Return false to stop further processing of the tag $reader:XMLReader object 'ImportHandleUnknownUser':When a user doesn 't exist locally, this hook is called to give extensions an opportunity to auto-create it. If the auto-creation is successful, return false. $name:User name 'ImportHandleUploadXMLTag':When parsing a XML tag in a file upload. Return false to stop further processing of the tag $reader:XMLReader object $revisionInfo:Array of information 'ImportLogInterwikiLink':Hook to change the interwiki link used in log entries and edit summaries for transwiki imports. & $fullInterwikiPrefix:Interwiki prefix, may contain colons. & $pageTitle:String that contains page title. 'ImportSources':Called when reading from the $wgImportSources configuration variable. Can be used to lazy-load the import sources list. & $importSources:The value of $wgImportSources. Modify as necessary. See the comment in DefaultSettings.php for the detail of how to structure this array. 'InfoAction':When building information to display on the action=info page. $context:IContextSource object & $pageInfo:Array of information 'InitializeArticleMaybeRedirect':MediaWiki check to see if title is a redirect. & $title:Title object for the current page & $request:WebRequest & $ignoreRedirect:boolean to skip redirect check & $target:Title/string of redirect target & $article:Article object 'InternalParseBeforeLinks':during Parser 's internalParse method before links but after nowiki/noinclude/includeonly/onlyinclude and other processings. & $parser:Parser object & $text:string containing partially parsed text & $stripState:Parser 's internal StripState object 'InternalParseBeforeSanitize':during Parser 's internalParse method just before the parser removes unwanted/dangerous HTML tags and after nowiki/noinclude/includeonly/onlyinclude and other processings. Ideal for syntax-extensions after template/parser function execution which respect nowiki and HTML-comments. & $parser:Parser object & $text:string containing partially parsed text & $stripState:Parser 's internal StripState object 'InterwikiLoadPrefix':When resolving if a given prefix is an interwiki or not. Return true without providing an interwiki to continue interwiki search. $prefix:interwiki prefix we are looking for. & $iwData:output array describing the interwiki with keys iw_url, iw_local, iw_trans and optionally iw_api and iw_wikiid. 'InvalidateEmailComplete':Called after a user 's email has been invalidated successfully. $user:user(object) whose email is being invalidated 'IRCLineURL':When constructing the URL to use in an IRC notification. Callee may modify $url and $query, URL will be constructed as $url . $query & $url:URL to index.php & $query:Query string $rc:RecentChange object that triggered url generation 'IsFileCacheable':Override the result of Article::isFileCacheable()(if true) & $article:article(object) being checked 'IsTrustedProxy':Override the result of IP::isTrustedProxy() & $ip:IP being check & $result:Change this value to override the result of IP::isTrustedProxy() 'IsUploadAllowedFromUrl':Override the result of UploadFromUrl::isAllowedUrl() $url:URL used to upload from & $allowed:Boolean indicating if uploading is allowed for given URL 'isValidEmailAddr':Override the result of Sanitizer::validateEmail(), for instance to return false if the domain name doesn 't match your organization. $addr:The e-mail address entered by the user & $result:Set this and return false to override the internal checks 'isValidPassword':Override the result of User::isValidPassword() $password:The password entered by the user & $result:Set this and return false to override the internal checks $user:User the password is being validated for 'Language::getMessagesFileName':$code:The language code or the language we 're looking for a messages file for & $file:The messages file path, you can override this to change the location. 'LanguageGetMagic':DEPRECATED since 1.16! Use $magicWords in a file listed in $wgExtensionMessagesFiles instead. Use this to define synonyms of magic words depending of the language & $magicExtensions:associative array of magic words synonyms $lang:language code(string) 'LanguageGetNamespaces':Provide custom ordering for namespaces or remove namespaces. Do not use this hook to add namespaces. Use CanonicalNamespaces for that. & $namespaces:Array of namespaces indexed by their numbers 'LanguageGetSpecialPageAliases':DEPRECATED! Use $specialPageAliases in a file listed in $wgExtensionMessagesFiles instead. Use to define aliases of special pages names depending of the language & $specialPageAliases:associative array of magic words synonyms $lang:language code(string) 'LanguageGetTranslatedLanguageNames':Provide translated language names. & $names:array of language code=> language name $code:language of the preferred translations 'LanguageLinks':Manipulate a page 's language links. This is called in various places to allow extensions to define the effective language links for a page. $title:The page 's Title. & $links:Array with elements of the form "language:title" in the order that they will be output. & $linkFlags:Associative array mapping prefixed links to arrays of flags. Currently unused, but planned to provide support for marking individual language links in the UI, e.g. for featured articles. 'LanguageSelector':Hook to change the language selector available on a page. $out:The output page. $cssClassName:CSS class name of the language selector. 'LinkBegin':DEPRECATED since 1.28! Use HtmlPageLinkRendererBegin instead. Used when generating internal and interwiki links in Linker::link(), before processing starts. Return false to skip default processing and return $ret. See documentation for Linker::link() for details on the expected meanings of parameters. $skin:the Skin object $target:the Title that the link is pointing to & $html:the contents that the< a > tag should have(raw HTML) name
Definition hooks.txt:1889