MediaWiki  master
Cookie.php
Go to the documentation of this file.
1 <?php
24 class Cookie {
25  protected $name;
26  protected $value;
27  protected $expires;
28  protected $path;
29  protected $domain;
30  protected $isSessionKey = true;
31  // TO IMPLEMENT protected $secure
32  // TO IMPLEMENT? protected $maxAge (add onto expires)
33  // TO IMPLEMENT? protected $version
34  // TO IMPLEMENT? protected $comment
35 
36  function __construct( $name, $value, $attr ) {
37  $this->name = $name;
38  $this->set( $value, $attr );
39  }
40 
53  public function set( $value, $attr ) {
54  $this->value = $value;
55 
56  if ( isset( $attr['expires'] ) ) {
57  $this->isSessionKey = false;
58  $this->expires = strtotime( $attr['expires'] );
59  }
60 
61  $this->path = $attr['path'] ?? '/';
62 
63  if ( isset( $attr['domain'] ) ) {
64  if ( self::validateCookieDomain( $attr['domain'] ) ) {
65  $this->domain = $attr['domain'];
66  }
67  } else {
68  throw new InvalidArgumentException( '$attr must contain a domain' );
69  }
70  }
71 
88  public static function validateCookieDomain( $domain, $originDomain = null ) {
89  $dc = explode( ".", $domain );
90 
91  // Don't allow a trailing dot or addresses without a or just a leading dot
92  if ( substr( $domain, -1 ) == '.' ||
93  count( $dc ) <= 1 ||
94  count( $dc ) == 2 && $dc[0] === ''
95  ) {
96  return false;
97  }
98 
99  // Only allow full, valid IP addresses
100  if ( preg_match( '/^[0-9.]+$/', $domain ) ) {
101  if ( count( $dc ) != 4 ) {
102  return false;
103  }
104 
105  if ( ip2long( $domain ) === false ) {
106  return false;
107  }
108 
109  if ( $originDomain == null || $originDomain == $domain ) {
110  return true;
111  }
112 
113  }
114 
115  // Don't allow cookies for "co.uk" or "gov.uk", etc, but allow "supermarket.uk"
116  if ( strrpos( $domain, "." ) - strlen( $domain ) == -3 ) {
117  if ( ( count( $dc ) == 2 && strlen( $dc[0] ) <= 2 )
118  || ( count( $dc ) == 3 && strlen( $dc[0] ) == "" && strlen( $dc[1] ) <= 2 ) ) {
119  return false;
120  }
121  if ( ( count( $dc ) == 2 || ( count( $dc ) == 3 && $dc[0] == '' ) )
122  && preg_match( '/(com|net|org|gov|edu)\...$/', $domain ) ) {
123  return false;
124  }
125  }
126 
127  if ( $originDomain != null ) {
128  if ( substr( $domain, 0, 1 ) != '.' && $domain != $originDomain ) {
129  return false;
130  }
131 
132  if ( substr( $domain, 0, 1 ) == '.'
133  && substr_compare(
134  $originDomain,
135  $domain,
136  -strlen( $domain ),
137  strlen( $domain ),
138  true
139  ) != 0
140  ) {
141  return false;
142  }
143  }
144 
145  return true;
146  }
147 
155  public function serializeToHttpRequest( $path, $domain ) {
156  $ret = '';
157 
158  if ( $this->canServeDomain( $domain )
159  && $this->canServePath( $path )
160  && $this->isUnExpired() ) {
161  $ret = $this->name . '=' . $this->value;
162  }
163 
164  return $ret;
165  }
166 
171  protected function canServeDomain( $domain ) {
172  if ( $domain == $this->domain
173  || ( strlen( $domain ) > strlen( $this->domain )
174  && substr( $this->domain, 0, 1 ) == '.'
175  && substr_compare(
176  $domain,
177  $this->domain,
178  -strlen( $this->domain ),
179  strlen( $this->domain ),
180  true
181  ) == 0
182  )
183  ) {
184  return true;
185  }
186 
187  return false;
188  }
189 
194  protected function canServePath( $path ) {
195  return ( $this->path && substr_compare( $this->path, $path, 0, strlen( $this->path ) ) == 0 );
196  }
197 
201  protected function isUnExpired() {
202  return $this->isSessionKey || $this->expires > time();
203  }
204 }
canServePath( $path)
Definition: Cookie.php:194
canServeDomain( $domain)
Definition: Cookie.php:171
null means default in associative array with keys and values unescaped Should be merged with default with a value of false meaning to suppress the attribute in associative array with keys and values unescaped noclasses & $ret
Definition: hooks.txt:1982
__construct( $name, $value, $attr)
Definition: Cookie.php:36
and how to run hooks for an and one after Each event has a name
Definition: hooks.txt:6
isUnExpired()
Definition: Cookie.php:201
$path
Definition: Cookie.php:28
$expires
Definition: Cookie.php:27
this hook is for auditing only or null if authentication failed before getting that far or null if we can t even determine that When $user is not null
Definition: hooks.txt:780
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition: injection.txt:35
static validateCookieDomain( $domain, $originDomain=null)
Return the true if the cookie is valid is valid.
Definition: Cookie.php:88
$value
Definition: Cookie.php:26
serializeToHttpRequest( $path, $domain)
Serialize the cookie jar into a format useful for HTTP Request headers.
Definition: Cookie.php:155
$name
Definition: Cookie.php:25
$isSessionKey
Definition: Cookie.php:30
$domain
Definition: Cookie.php:29