X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FWebResponse.php;h=7746edd1475aa259fc0e79ac32465f259a80d80b;hb=61c7852049de45664593437f8b8335809fdbccae;hp=bb7682d3e8324e291bdf827c9f5550e1b2f6d785;hpb=f76da80b040ff654ef315f8713d4a5eadd09a68d;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/WebResponse.php b/includes/WebResponse.php index bb7682d3e8..7746edd147 100644 --- a/includes/WebResponse.php +++ b/includes/WebResponse.php @@ -27,6 +27,11 @@ */ class WebResponse { + /** @var array Used to record set cookies, because PHP's setcookie() will + * happily send an identical Set-Cookie to the client. + */ + protected static $setCookies = array(); + /** * Output an HTTP header, wrapper for PHP's header() * @param string $string Header to output @@ -62,6 +67,15 @@ class WebResponse { HttpStatus::header( $code ); } + /** + * Test if headers have been sent + * @since 1.27 + * @return bool + */ + public function headersSent() { + return headers_sent(); + } + /** * Set the browser cookie * @param string $name The name of the cookie. @@ -115,27 +129,56 @@ class WebResponse { $func = $options['raw'] ? 'setrawcookie' : 'setcookie'; if ( Hooks::run( 'WebResponseSetCookie', array( &$name, &$value, &$expire, $options ) ) ) { - wfDebugLog( 'cookie', - $func . ': "' . implode( '", "', - array( - $options['prefix'] . $name, - $value, - $expire, - $options['path'], - $options['domain'], - $options['secure'], - $options['httpOnly'] ) ) . '"' ); - - call_user_func( $func, - $options['prefix'] . $name, - $value, - $expire, - $options['path'], - $options['domain'], - $options['secure'], - $options['httpOnly'] ); + $cookie = $options['prefix'] . $name; + $data = array( + 'name' => (string)$cookie, + 'value' => (string)$value, + 'expire' => (int)$expire, + 'path' => (string)$options['path'], + 'domain' => (string)$options['domain'], + 'secure' => (bool)$options['secure'], + 'httpOnly' => (bool)$options['httpOnly'], + ); + + // Per RFC 6265, key is name + domain + path + $key = "{$data['name']}\n{$data['domain']}\n{$date['path']}"; + + // If this cookie name was in the request, fake an entry in + // self::$setCookies for it so the deleting check works right. + if ( isset( $_COOKIE[$cookie] ) && !array_key_exists( $key, self::$setCookies ) ) { + self::$setCookies[$key] = array(); + } + + // PHP deletes if value is the empty string; also, a past expiry is deleting + $deleting = ( $data['value'] === '' || $data['expire'] > 0 && $data['expire'] <= time() ); + + if ( $deleting && !isset( self::$setCookies[$key] ) ) { // isset( null ) is false + wfDebugLog( 'cookie', 'already deleted ' . $func . ': "' . implode( '", "', $data ) . '"' ); + } elseif ( !$deleting && isset( self::$setCookies[$key] ) && + self::$setCookies[$key] === array( $func, $data ) + ) { + wfDebugLog( 'cookie', 'already set ' . $func . ': "' . implode( '", "', $data ) . '"' ); + } else { + wfDebugLog( 'cookie', $func . ': "' . implode( '", "', $data ) . '"' ); + if ( call_user_func_array( $func, array_values( $data ) ) ) { + self::$setCookies[$key] = $deleting ? null : array( $func, $data ); + } + } } } + + /** + * Unset a browser cookie. + * This sets the cookie with an empty value and an expiry set to a time in the past, + * which will cause the browser to remove any cookie with the given name, domain and + * path from its cookie store. Options other than these (and prefix) have no effect. + * @param string $name Cookie name + * @param array $options Cookie options, see {@link setCookie()} + * @since 1.27 + */ + public function clearCookie( $name, $options = array() ) { + $this->setCookie( $name, '', time() - 31536000 /* 1 year */, $options ); + } } /** @@ -143,7 +186,7 @@ class WebResponse { */ class FauxResponse extends WebResponse { private $headers; - private $cookies; + private $cookies = array(); private $code; /** @@ -179,6 +222,10 @@ class FauxResponse extends WebResponse { $this->code = intval( $code ); } + public function headersSent() { + return false; + } + /** * @param string $key The name of the header to get (case insensitive). * @return string|null The header value (if set); null otherwise.