MediaWiki REL1_33
Cookie.php
Go to the documentation of this file.
1<?php
24class Cookie {
25 protected $name;
26 protected $value;
27 protected $expires;
28 protected $path;
29 protected $domain;
30 protected $isSessionKey = true;
31 // TO IMPLEMENT protected $secure
32 // TO IMPLEMENT? protected $maxAge (add onto expires)
33 // TO IMPLEMENT? protected $version
34 // TO IMPLEMENT? protected $comment
35
36 function __construct( $name, $value, $attr ) {
37 $this->name = $name;
38 $this->set( $value, $attr );
39 }
40
53 public function set( $value, $attr ) {
54 $this->value = $value;
55
56 if ( isset( $attr['expires'] ) ) {
57 $this->isSessionKey = false;
58 $this->expires = strtotime( $attr['expires'] );
59 }
60
61 $this->path = $attr['path'] ?? '/';
62
63 if ( isset( $attr['domain'] ) ) {
64 if ( self::validateCookieDomain( $attr['domain'] ) ) {
65 $this->domain = $attr['domain'];
66 }
67 } else {
68 throw new InvalidArgumentException( '$attr must contain a domain' );
69 }
70 }
71
88 public static function validateCookieDomain( $domain, $originDomain = null ) {
89 $dc = explode( ".", $domain );
90
91 // Don't allow a trailing dot or addresses without a or just a leading dot
92 if ( substr( $domain, -1 ) == '.' ||
93 count( $dc ) <= 1 ||
94 count( $dc ) == 2 && $dc[0] === ''
95 ) {
96 return false;
97 }
98
99 // Only allow full, valid IP addresses
100 if ( preg_match( '/^[0-9.]+$/', $domain ) ) {
101 if ( count( $dc ) != 4 ) {
102 return false;
103 }
104
105 if ( ip2long( $domain ) === false ) {
106 return false;
107 }
108
109 if ( $originDomain == null || $originDomain == $domain ) {
110 return true;
111 }
112
113 }
114
115 // Don't allow cookies for "co.uk" or "gov.uk", etc, but allow "supermarket.uk"
116 if ( strrpos( $domain, "." ) - strlen( $domain ) == -3 ) {
117 if ( ( count( $dc ) == 2 && strlen( $dc[0] ) <= 2 )
118 || ( count( $dc ) == 3 && strlen( $dc[0] ) == "" && strlen( $dc[1] ) <= 2 ) ) {
119 return false;
120 }
121 if ( ( count( $dc ) == 2 || ( count( $dc ) == 3 && $dc[0] == '' ) )
122 && preg_match( '/(com|net|org|gov|edu)\...$/', $domain ) ) {
123 return false;
124 }
125 }
126
127 if ( $originDomain != null ) {
128 if ( substr( $domain, 0, 1 ) != '.' && $domain != $originDomain ) {
129 return false;
130 }
131
132 if ( substr( $domain, 0, 1 ) == '.'
133 && substr_compare(
134 $originDomain,
135 $domain,
136 -strlen( $domain ),
137 strlen( $domain ),
138 true
139 ) != 0
140 ) {
141 return false;
142 }
143 }
144
145 return true;
146 }
147
156 $ret = '';
157
158 if ( $this->canServeDomain( $domain )
159 && $this->canServePath( $path )
160 && $this->isUnExpired() ) {
161 $ret = $this->name . '=' . $this->value;
162 }
163
164 return $ret;
165 }
166
171 protected function canServeDomain( $domain ) {
172 if ( $domain == $this->domain
173 || ( strlen( $domain ) > strlen( $this->domain )
174 && substr( $this->domain, 0, 1 ) == '.'
175 && substr_compare(
176 $domain,
177 $this->domain,
178 -strlen( $this->domain ),
179 strlen( $this->domain ),
180 true
181 ) == 0
182 )
183 ) {
184 return true;
185 }
186
187 return false;
188 }
189
194 protected function canServePath( $path ) {
195 return ( $this->path && substr_compare( $this->path, $path, 0, strlen( $this->path ) ) == 0 );
196 }
197
201 protected function isUnExpired() {
202 return $this->isSessionKey || $this->expires > time();
203 }
204}
serializeToHttpRequest( $path, $domain)
Serialize the cookie jar into a format useful for HTTP Request headers.
Definition Cookie.php:155
$domain
Definition Cookie.php:29
canServeDomain( $domain)
Definition Cookie.php:171
isUnExpired()
Definition Cookie.php:201
__construct( $name, $value, $attr)
Definition Cookie.php:36
canServePath( $path)
Definition Cookie.php:194
$isSessionKey
Definition Cookie.php:30
$expires
Definition Cookie.php:27
static validateCookieDomain( $domain, $originDomain=null)
Return the true if the cookie is valid is valid.
Definition Cookie.php:88
null means default in associative array with keys and values unescaped Should be merged with default with a value of false meaning to suppress the attribute in associative array with keys and values unescaped noclasses & $ret
Definition hooks.txt:2003
and how to run hooks for an and one after Each event has a name
Definition hooks.txt:12
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition injection.txt:37