*/
class WebResponse {
+ /** @var array Used to record set cookies, because PHP's setcookie() will
+ * happily send an identical Set-Cookie to the client.
+ */
+ protected static $setCookies = array();
+
/**
* Output an HTTP header, wrapper for PHP's header()
* @param string $string Header to output
HttpStatus::header( $code );
}
+ /**
+ * Test if headers have been sent
+ * @since 1.27
+ * @return bool
+ */
+ public function headersSent() {
+ return headers_sent();
+ }
+
/**
* Set the browser cookie
* @param string $name The name of the cookie.
$func = $options['raw'] ? 'setrawcookie' : 'setcookie';
if ( Hooks::run( 'WebResponseSetCookie', array( &$name, &$value, &$expire, $options ) ) ) {
- wfDebugLog( 'cookie',
- $func . ': "' . implode( '", "',
- array(
- $options['prefix'] . $name,
- $value,
- $expire,
- $options['path'],
- $options['domain'],
- $options['secure'],
- $options['httpOnly'] ) ) . '"' );
-
- call_user_func( $func,
- $options['prefix'] . $name,
- $value,
- $expire,
- $options['path'],
- $options['domain'],
- $options['secure'],
- $options['httpOnly'] );
+ $cookie = $options['prefix'] . $name;
+ $data = array(
+ 'name' => (string)$cookie,
+ 'value' => (string)$value,
+ 'expire' => (int)$expire,
+ 'path' => (string)$options['path'],
+ 'domain' => (string)$options['domain'],
+ 'secure' => (bool)$options['secure'],
+ 'httpOnly' => (bool)$options['httpOnly'],
+ );
+
+ // Per RFC 6265, key is name + domain + path
+ $key = "{$data['name']}\n{$data['domain']}\n{$data['path']}";
+
+ // If this cookie name was in the request, fake an entry in
+ // self::$setCookies for it so the deleting check works right.
+ if ( isset( $_COOKIE[$cookie] ) && !array_key_exists( $key, self::$setCookies ) ) {
+ self::$setCookies[$key] = array();
+ }
+
+ // PHP deletes if value is the empty string; also, a past expiry is deleting
+ $deleting = ( $data['value'] === '' || $data['expire'] > 0 && $data['expire'] <= time() );
+
+ if ( $deleting && !isset( self::$setCookies[$key] ) ) { // isset( null ) is false
+ wfDebugLog( 'cookie', 'already deleted ' . $func . ': "' . implode( '", "', $data ) . '"' );
+ } elseif ( !$deleting && isset( self::$setCookies[$key] ) &&
+ self::$setCookies[$key] === array( $func, $data )
+ ) {
+ wfDebugLog( 'cookie', 'already set ' . $func . ': "' . implode( '", "', $data ) . '"' );
+ } else {
+ wfDebugLog( 'cookie', $func . ': "' . implode( '", "', $data ) . '"' );
+ if ( call_user_func_array( $func, array_values( $data ) ) ) {
+ self::$setCookies[$key] = $deleting ? null : array( $func, $data );
+ }
+ }
}
}
+
+ /**
+ * Unset a browser cookie.
+ * This sets the cookie with an empty value and an expiry set to a time in the past,
+ * which will cause the browser to remove any cookie with the given name, domain and
+ * path from its cookie store. Options other than these (and prefix) have no effect.
+ * @param string $name Cookie name
+ * @param array $options Cookie options, see {@link setCookie()}
+ * @since 1.27
+ */
+ public function clearCookie( $name, $options = array() ) {
+ $this->setCookie( $name, '', time() - 31536000 /* 1 year */, $options );
+ }
}
/**
*/
class FauxResponse extends WebResponse {
private $headers;
- private $cookies;
+ private $cookies = array();
private $code;
/**
$this->code = intval( $code );
}
+ public function headersSent() {
+ return false;
+ }
+
/**
* @param string $key The name of the header to get (case insensitive).
* @return string|null The header value (if set); null otherwise.