Skip to content

Commit 1e601c5

Browse files
HackwarHackwar
authored
Backporting changes from framework Input/Cookie class to CMS class (#40414)
1 parent 1fec3c9 commit 1e601c5

File tree

1 file changed

+83
-31
lines changed

1 file changed

+83
-31
lines changed

libraries/src/Input/Cookie.php

Lines changed: 83 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -56,32 +56,13 @@ public function __construct(array $source = null, array $options = [])
5656
*
5757
* @param string $name Name of the value to set.
5858
* @param mixed $value Value to assign to the input.
59-
* @param integer $expire The time the cookie expires. This is a Unix timestamp so is in number
60-
* of seconds since the epoch. In other words, you'll most likely set this
61-
* with the time() function plus the number of seconds before you want it
62-
* to expire. Or you might use mktime(). time()+60*60*24*30 will set the
63-
* cookie to expire in 30 days. If set to 0, or omitted, the cookie will
64-
* expire at the end of the session (when the browser closes).
65-
* @param string $path The path on the server in which the cookie will be available on. If set
66-
* to '/', the cookie will be available within the entire domain. If set to
67-
* '/foo/', the cookie will only be available within the /foo/ directory and
68-
* all sub-directories such as /foo/bar/ of domain. The default value is the
69-
* current directory that the cookie is being set in.
70-
* @param string $domain The domain that the cookie is available to. To make the cookie available
71-
* on all subdomains of example.com (including example.com itself) then you'd
72-
* set it to '.example.com'. Although some browsers will accept cookies without
73-
* the initial ., RFC 2109 requires it to be included. Setting the domain to
74-
* 'www.example.com' or '.www.example.com' will make the cookie only available
75-
* in the www subdomain.
76-
* @param boolean $secure Indicates that the cookie should only be transmitted over a secure HTTPS
77-
* connection from the client. When set to TRUE, the cookie will only be set
78-
* if a secure connection exists. On the server-side, it's on the programmer
79-
* to send this kind of cookie only on secure connection (e.g. with respect
80-
* to $_SERVER["HTTPS"]).
81-
* @param boolean $httpOnly When TRUE the cookie will be made accessible only through the HTTP protocol.
82-
* This means that the cookie won't be accessible by scripting languages, such
83-
* as JavaScript. This setting can effectively help to reduce identity theft
84-
* through XSS attacks (although it is not supported by all browsers).
59+
* @param array $options An associative array which may have any of the keys expires, path, domain,
60+
* secure, httponly and samesite. The values have the same meaning as described
61+
* for the parameters with the same name. The value of the samesite element
62+
* should be either Lax or Strict. If any of the allowed options are not given,
63+
* their default values are the same as the default values of the explicit
64+
* parameters. If the samesite element is omitted, no SameSite cookie attribute
65+
* is set.
8566
*
8667
* @return void
8768
*
@@ -92,14 +73,85 @@ public function __construct(array $source = null, array $options = [])
9273
* @deprecated 4.3 will be removed in 6.0.
9374
* Use Joomla\Input\Cookie instead
9475
*/
95-
public function set($name, $value, $expire = 0, $path = '', $domain = '', $secure = false, $httpOnly = false)
76+
public function set($name, $value, $options = [])
9677
{
97-
if (\is_array($value)) {
98-
foreach ($value as $key => $val) {
99-
setcookie($name . "[$key]", $val, $expire, $path, $domain, $secure, $httpOnly);
78+
// BC layer to convert old method parameters.
79+
if (is_array($options) === false) {
80+
trigger_deprecation(
81+
'joomla/input',
82+
'1.4.0',
83+
'The %s($name, $value, $expire, $path, $domain, $secure, $httpOnly) signature is deprecated and'
84+
. ' will not be supported once support'
85+
. ' for PHP 7.2 and earlier is dropped, use the %s($name, $value, $options) signature instead',
86+
__METHOD__,
87+
__METHOD__
88+
);
89+
90+
$argList = func_get_args();
91+
92+
$options = [
93+
'expires' => $argList[2] ?? 0,
94+
'path' => $argList[3] ?? '',
95+
'domain' => $argList[4] ?? '',
96+
'secure' => $argList[5] ?? false,
97+
'httponly' => $argList[6] ?? false,
98+
];
99+
}
100+
101+
// Set the cookie
102+
if (version_compare(PHP_VERSION, '7.3', '>=')) {
103+
if (\is_array($value)) {
104+
foreach ($value as $key => $val) {
105+
setcookie($name . "[$key]", $val, $options);
106+
}
107+
} else {
108+
setcookie($name, $value, $options);
100109
}
101110
} else {
102-
setcookie($name, $value, $expire, $path, $domain, $secure, $httpOnly);
111+
// Using the setcookie function before php 7.3, make sure we have default values.
112+
if (array_key_exists('expires', $options) === false) {
113+
$options['expires'] = 0;
114+
}
115+
116+
if (array_key_exists('path', $options) === false) {
117+
$options['path'] = '';
118+
}
119+
120+
if (array_key_exists('domain', $options) === false) {
121+
$options['domain'] = '';
122+
}
123+
124+
if (array_key_exists('secure', $options) === false) {
125+
$options['secure'] = false;
126+
}
127+
128+
if (array_key_exists('httponly', $options) === false) {
129+
$options['httponly'] = false;
130+
}
131+
132+
if (\is_array($value)) {
133+
foreach ($value as $key => $val) {
134+
setcookie(
135+
$name . "[$key]",
136+
$val,
137+
$options['expires'],
138+
$options['path'],
139+
$options['domain'],
140+
$options['secure'],
141+
$options['httponly']
142+
);
143+
}
144+
} else {
145+
setcookie(
146+
$name,
147+
$value,
148+
$options['expires'],
149+
$options['path'],
150+
$options['domain'],
151+
$options['secure'],
152+
$options['httponly']
153+
);
154+
}
103155
}
104156

105157
$this->data[$name] = $value;

0 commit comments

Comments
 (0)