r39376 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r39375‎ \| r39376 \| r39377 >
Date:	01:54, 15 August 2008
Author:	demon
Status:	old
Tags:
Comment:	* Bug 12976: Use $WebResponse->setCookie() rather than raw setcookie() calls. * Moved all of the debugging/logic to WebResponse so it can be properly used elsewhere. * A bit of cleanup so cookies set by $wgUser->setCookie() use $wgCookiePath as they should. * Bug 14887: $wgEnablePersistentCookies has been added to allow for disabling of persistent cookies.
Modified paths:	/trunk/phase3/RELEASE-NOTES (modified) (history) /trunk/phase3/includes/DefaultSettings.php (modified) (history) /trunk/phase3/includes/User.php (modified) (history) /trunk/phase3/includes/WebResponse.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/User.php
—	—	@@ -2189,46 +2189,12 @@
2190	2190	}
2191	2191
2192	2192	/**
2193		~~- * Set a cookie on the user's client~~
2194		~~- * @param $name \type{\string} Name of the cookie to set~~
2195		~~- * @param $name \type{\string} Value to set~~
2196		~~- * @param $name \type{\int} Expiration time, as a UNIX time value;~~
2197		~~- * if 0 or not specified, use the default $wgCookieExpiration~~
	2193	+ * Set a cookie on the user's client. Wrapper for
	2194	+ * WebResponse::setCookie
2198	2195	*/
2199	2196	protected function setCookie( $name, $value, $exp=0 ) {
2200		~~- global $wgCookiePrefix,$wgCookieDomain,$wgCookieSecure,$wgCookieExpiration, $wgCookieHttpOnly;~~
2201		~~- if( $exp == 0 ) {~~
2202		~~- $exp = time() + $wgCookieExpiration;~~
2203		~~- }~~
2204		~~- $httpOnlySafe = wfHttpOnlySafe();~~
2205		~~- wfDebugLog( 'cookie',~~
2206		~~- 'setcookie: "' . implode( '", "',~~
2207		~~- array(~~
2208		~~- $wgCookiePrefix . $name,~~
2209		~~- $value,~~
2210		~~- $exp,~~
2211		~~- '/',~~
2212		~~- $wgCookieDomain,~~
2213		~~- $wgCookieSecure,~~
2214		~~- $httpOnlySafe && $wgCookieHttpOnly ) ) . '"' );~~
2215		~~- if( $httpOnlySafe && isset( $wgCookieHttpOnly ) ) {~~
2216		~~- setcookie( $wgCookiePrefix . $name,~~
2217		~~- $value,~~
2218		~~- $exp,~~
2219		~~- '/',~~
2220		~~- $wgCookieDomain,~~
2221		~~- $wgCookieSecure,~~
2222		~~- $wgCookieHttpOnly );~~
2223		~~- } else {~~
2224		~~- // setcookie() fails on PHP 5.1 if you give it future-compat paramters.~~
2225		~~- // stab stab!~~
2226		~~- setcookie( $wgCookiePrefix . $name,~~
2227		~~- $value,~~
2228		~~- $exp,~~
2229		~~- '/',~~
2230		~~- $wgCookieDomain,~~
2231		~~- $wgCookieSecure );~~
2232		~~- }~~
	2197	+ global $wgRequest;
	2198	+ $wgRequest->response()->setcookie( $name, $value, $exp );
2233	2199	}
2234	2200
2235	2201	/**
Index: trunk/phase3/includes/DefaultSettings.php
—	—	@@ -1557,6 +1557,11 @@
1558	1558	$wgCookieHttpOnly = version_compare("5.2", PHP_VERSION, "<");
1559	1559
1560	1560	/**
	1561	+ * Allow MediaWiki to set persistent cookies for login, etc.
	1562	+ */
	1563	+$wgEnablePersistentCookies = true;
	1564	+
	1565	+/**
1561	1566	* If the requesting browser matches a regex in this blacklist, we won't
1562	1567	* send it cookies with HttpOnly mode, even if $wgCookieHttpOnly is on.
1563	1568	*/
Index: trunk/phase3/includes/WebResponse.php
—	—	@@ -11,8 +11,44 @@
12	12	}
13	13
14	14	/** Set the browser cookie */
15		~~- function setcookie($name, $value, $expire) {~~
16		~~- global $wgCookiePath, $wgCookieDomain, $wgCookieSecure;~~
17		~~- setcookie($name,$value,$expire, $wgCookiePath, $wgCookieDomain, $wgCookieSecure);~~
	15	+ function setcookie( $name, $value, $expire = 0 ) {
	16	+ global $wgEnablePersistentCookies;
	17	+ if ( !$wgEnablePersistentCookies ) {
	18	+ return false;
	19	+ }
	20	+ global $wgCookiePath, $wgCookiePrefix, $wgCookieDomain;
	21	+ global $wgCookieSecure,$wgCookieExpiration, $wgCookieHttpOnly;
	22	+ if( $expire == 0 ) {
	23	+ $expire = time() + $wgCookieExpiration;
	24	+ }
	25	+ $httpOnlySafe = wfHttpOnlySafe();
	26	+ wfDebugLog( 'cookie',
	27	+ 'setcookie: "' . implode( '", "',
	28	+ array(
	29	+ $wgCookiePrefix . $name,
	30	+ $value,
	31	+ $expire,
	32	+ $wgCookiePath,
	33	+ $wgCookieDomain,
	34	+ $wgCookieSecure,
	35	+ $httpOnlySafe && $wgCookieHttpOnly ) ) . '"' );
	36	+ if( $httpOnlySafe && isset( $wgCookieHttpOnly ) ) {
	37	+ setcookie( $wgCookiePrefix . $name,
	38	+ $value,
	39	+ $expire,
	40	+ $wgCookiePath,
	41	+ $wgCookieDomain,
	42	+ $wgCookieSecure,
	43	+ $wgCookieHttpOnly );
	44	+ } else {
	45	+ // setcookie() fails on PHP 5.1 if you give it future-compat paramters.
	46	+ // stab stab!
	47	+ setcookie( $wgCookiePrefix . $name,
	48	+ $value,
	49	+ $expire,
	50	+ $wgCookiePath,
	51	+ $wgCookieDomain,
	52	+ $wgCookieSecure );
	53	+ }
18	54	}
19	55	}
Index: trunk/phase3/RELEASE-NOTES
—	—	@@ -35,6 +35,8 @@
36	36	$wgAddGroups and $wgRemoveGroups, where the user must belong to a specified
37	37	group in order to add or remove those groups from themselves.
38	38	Backwards compatibility is maintained.
	39	+* $wgEnablePersistentCookies has been added. Setting to false disables the
	40	+ setting of persistent cookies. Defaults to true.
39	41
40	42	=== New features in 1.14 ===
41	43

Follow-up revisions

Revision	Commit summary	Author	Date
r39468	tweak for r39376: do not show the check box "remember my password" if $wgEnab...	ialex	11:25, 16 August 2008

Status & tagging log

15:30, 12 September 2011 Meno25 (talk | contribs) changed the status of r39376 [removed: ok added: old]