[5.4] Fix deprecated cookie set method calls (joomla#45728)

Fix deprecated parameters in cookie set method calls

Author: heelc29

libraries/src/Session/Storage/JoomlaStorage.php

@@ -306,7 +306,7 @@ public function start(): void
 
             if ($session_clean) {
                 $this->setId($session_clean);
-                $cookie->set($session_name, '', time() - 3600);
+                $cookie->set($session_name, '', ['expires' => time() - 3600 ]);
             }
         }
 

plugins/authentication/cookie/src/Extension/Cookie.php

@@ -112,7 +112,15 @@ public function onUserAuthenticate(AuthenticationEvent $event): void
         // Check for valid cookie value
         if (\count($cookieArray) !== 2) {
             // Destroy the cookie in the browser.
-            $app->getInput()->cookie->set($cookieName, '', 1, $app->get('cookie_path', '/'), $app->get('cookie_domain', ''));
+            $app->getInput()->cookie->set(
+                $cookieName,
+                '',
+                [
+                    'expires' => 1,
+                    'path'    => $app->get('cookie_path', '/'),
+                    'domain'  => $app->get('cookie_domain', ''),
+                ]
+            );
             Log::add('Invalid cookie detected.', Log::WARNING, 'error');
 
             return;
@@ -159,7 +167,15 @@ public function onUserAuthenticate(AuthenticationEvent $event): void
 
         if (\count($results) !== 1) {
             // Destroy the cookie in the browser.
-            $app->getInput()->cookie->set($cookieName, '', 1, $app->get('cookie_path', '/'), $app->get('cookie_domain', ''));
+            $app->getInput()->cookie->set(
+                $cookieName,
+                '',
+                [
+                    'expires' => 1,
+                    'path'    => $app->get('cookie_path', '/'),
+                    'domain'  => $app->get('cookie_domain', ''),
+                ]
+            );
             $response->status = Authentication::STATUS_FAILURE;
 
             return;
@@ -189,7 +205,15 @@ public function onUserAuthenticate(AuthenticationEvent $event): void
             }
 
             // Destroy the cookie in the browser.
-            $app->getInput()->cookie->set($cookieName, '', 1, $app->get('cookie_path', '/'), $app->get('cookie_domain', ''));
+            $app->getInput()->cookie->set(
+                $cookieName,
+                '',
+                [
+                    'expires' => 1,
+                    'path'    => $app->get('cookie_path', '/'),
+                    'domain'  => $app->get('cookie_domain', ''),
+                ]
+            );
 
             // Issue warning by email to user and/or admin?
             Log::add(Text::sprintf('PLG_AUTHENTICATION_COOKIE_ERROR_LOG_LOGIN_FAILED', $results[0]->user_id), Log::WARNING, 'security');
@@ -273,7 +297,15 @@ public function onUserAfterLogin(AfterLoginEvent $event): void
                 $cookieValue   = $app->getInput()->cookie->get($oldCookieName);
 
                 // Destroy the old cookie in the browser
-                $app->getInput()->cookie->set($oldCookieName, '', 1, $app->get('cookie_path', '/'), $app->get('cookie_domain', ''));
+                $app->getInput()->cookie->set(
+                    $oldCookieName,
+                    '',
+                    [
+                        'expires' => 1,
+                        'path'    => $app->get('cookie_path', '/'),
+                        'domain'  => $app->get('cookie_domain', ''),
+                    ]
+                );
             }
 
             $cookieArray = explode('.', $cookieValue);
@@ -328,11 +360,13 @@ public function onUserAfterLogin(AfterLoginEvent $event): void
         $app->getInput()->cookie->set(
             $cookieName,
             $cookieValue,
-            time() + $lifetime,
-            $app->get('cookie_path', '/'),
-            $app->get('cookie_domain', ''),
-            $app->isHttpsForced(),
-            true
+            [
+                'expires'  => time() + $lifetime,
+                'path'     => $app->get('cookie_path', '/'),
+                'domain'   => $app->get('cookie_domain', ''),
+                'secure'   => $app->isHttpsForced(),
+                'httponly' => true,
+            ]
         );
 
         $query = $db->getQuery(true);
@@ -421,6 +455,14 @@ public function onUserAfterLogout(AfterLogoutEvent $event): void
         }
 
         // Destroy the cookie
-        $app->getInput()->cookie->set($cookieName, '', 1, $app->get('cookie_path', '/'), $app->get('cookie_domain', ''));
+        $app->getInput()->cookie->set(
+            $cookieName,
+            '',
+            [
+                'expires' => 1,
+                'path'    => $app->get('cookie_path', '/'),
+                'domain'  => $app->get('cookie_domain', ''),
+            ]
+        );
     }
 }

plugins/system/logout/src/Extension/Logout.php

@@ -53,9 +53,11 @@ public function __construct(DispatcherInterface $dispatcher, array $config, CMSA
             $this->getApplication()->getInput()->cookie->set(
                 $hash,
                 '',
-                1,
-                $this->getApplication()->get('cookie_path', '/'),
-                $this->getApplication()->get('cookie_domain', '')
+                [
+                    'expires' => 1,
+                    'path'    => $this->getApplication()->get('cookie_path', '/'),
+                    'domain'  => $this->getApplication()->get('cookie_domain', ''),
+                ]
             );
         }
     }
@@ -90,11 +92,13 @@ public function onUserLogout(LogoutEvent $event): void
             $this->getApplication()->getInput()->cookie->set(
                 ApplicationHelper::getHash('PlgSystemLogout'),
                 true,
-                time() + 86400,
-                $this->getApplication()->get('cookie_path', '/'),
-                $this->getApplication()->get('cookie_domain', ''),
-                $this->getApplication()->isHttpsForced(),
-                true
+                [
+                    'expires'  => time() + 86400,
+                    'path'     => $this->getApplication()->get('cookie_path', '/'),
+                    'domain'   => $this->getApplication()->get('cookie_domain', ''),
+                    'secure'   => $this->getApplication()->isHttpsForced(),
+                    'httponly' => true,
+                ]
             );
         }
     }

plugins/user/joomla/src/Extension/Joomla.php

@@ -361,11 +361,13 @@ public function onUserLogin(LoginEvent $event)
             $this->getApplication()->getInput()->cookie->set(
                 'joomla_user_state',
                 'logged_in',
-                0,
-                $this->getApplication()->get('cookie_path', '/'),
-                $this->getApplication()->get('cookie_domain', ''),
-                $this->getApplication()->isHttpsForced(),
-                true
+                [
+                    'expires'  => 0,
+                    'path'     => $this->getApplication()->get('cookie_path', '/'),
+                    'domain'   => $this->getApplication()->get('cookie_domain', ''),
+                    'secure'   => $this->getApplication()->isHttpsForced(),
+                    'httponly' => true,
+                ]
             );
         }
     }
@@ -415,7 +417,15 @@ public function onUserLogout(LogoutEvent $event)
 
         // Delete "user state" cookie used for reverse caching proxies like Varnish, Nginx etc.
         if ($this->getApplication()->isClient('site')) {
-            $this->getApplication()->getInput()->cookie->set('joomla_user_state', '', 1, $this->getApplication()->get('cookie_path', '/'), $this->getApplication()->get('cookie_domain', ''));
+            $this->getApplication()->getInput()->cookie->set(
+                'joomla_user_state',
+                '',
+                [
+                    'expires' => 1,
+                    'path'    => $this->getApplication()->get('cookie_path', '/'),
+                    'domain'  => $this->getApplication()->get('cookie_domain', ''),
+                ]
+            );
         }
     }