Permalink
Browse files

Fixes #4560: Adds `init:cookie,name` event before calls to setcookie

  • Loading branch information...
1 parent 687dbb0 commit 9f3bd04e1330c657411c65677909b6ab72083a01 @ewinslow committed Jun 3, 2012
Showing with 68 additions and 4 deletions.
  1. +37 −0 engine/classes/ElggCookie.php
  2. +3 −1 engine/lib/deprecated-1.8.php
  3. +28 −3 engine/lib/sessions.php
@@ -0,0 +1,37 @@
+<?php
+/**
+ * A simple object model for an HTTP cookie
+ */
+class ElggCookie {
+ /** @var string */
+ private $name;
+
+ /** @var string */
+ public $value = "";
+
+ /** @var int */
+ public $expires = 0;
+
+ /** @var string */
+ public $domain = "";
+
+ /** @var bool */
+ public $secure = false;
+
+ /** @var bool */
+ public $httponly = false;
+
+ /**
+ * @param string $name The name of the cookie.
+ */
+ function __construct($name) {
+ $this->name = $name;
+ }
+
+ function __get($name) {
+ // Make the name field readonly
+ if ($name === 'name') {
+ return $this->name;
+ }
+ }
+}
@@ -4581,7 +4581,9 @@ function reorder_widgets_from_panel($panelstring1, $panelstring2, $panelstring3,
$return = false;
} else {
// Remove state cookie
- setcookie('widget' + $dbguid, null);
+ $cookie = new ElggCookie("widget$dbguid");
+ $cookie->value = NULL;
+ elgg_set_cookie($cookie);
}
}
}
@@ -304,7 +304,13 @@ function login(ElggUser $user, $persistent = false) {
$code = (md5($user->name . $user->username . time() . rand()));
$_SESSION['code'] = $code;
$user->code = md5($code);
- setcookie("elggperm", $code, (time() + (86400 * 30)), "/");
+
+ $cookie = new ElggCookie("elggperm");
+ $cookie->value = $code;
+ $cookie->expire = time() + (86400 * 30); // 30 days from now
@cash
cash Jun 21, 2012

How about a convenience method on ElggCookie where I can pass the number of days and it figures out the expire time for me?

@ewinslow
ewinslow Jun 21, 2012 Owner

Doesn't seem necessary. Wanted to keep this as bare bones as possible.

@cash
cash Jun 21, 2012
public function setExpires(int $days) {
    $cookie->expires = time() + (86400 * $days)
}

Seems better to have that code in one place than sprinkled wherever a cookie is created and I don't think adding it would make this class bloated ;)

@ewinslow
ewinslow via email Jun 21, 2012 Owner
+ $cookie->domain = "/";
+
+ elgg_set_cookie($cookie);
}
if (!$user->save() || !elgg_trigger_event('login', 'user', $user)) {
@@ -314,7 +320,13 @@ function login(ElggUser $user, $persistent = false) {
unset($_SESSION['guid']);
unset($_SESSION['id']);
unset($_SESSION['user']);
- setcookie("elggperm", "", (time() - (86400 * 30)), "/");
+
+ $cookie = new ElggCookie("elggperm");
+ $cookie->expires = time() - (86400 * 30); // 30 days ago
+ $cookie->domain = "/";
+
+ elgg_set_cookie($cookie);
+
throw new LoginException(elgg_echo('LoginException:Unknown'));
}
@@ -329,6 +341,15 @@ function login(ElggUser $user, $persistent = false) {
}
/**
+ * Initialize a cookie, but allow plugins to customize it first.
+ * @param ElggCookie $cookie
+ */
+function elgg_set_cookie(ElggCookie $cookie) {
+ elgg_trigger_event('init:cookie', $cookie->name, $cookie);
+ setcookie($cookie->name, $cookie->value, $cookie->expire, $cookie->domain, $cookie->secure, $cookie->httponly);
+}
+
+/**
* Log the current user out
*
* @return bool
@@ -351,7 +372,11 @@ function logout() {
unset($_SESSION['id']);
unset($_SESSION['user']);
- setcookie("elggperm", "", (time() - (86400 * 30)), "/");
+ $cookie = new ElggCookie("elggperm");
+ $cookie->expires = time() - (86400 * 30);
+ $cookie->domain = "/";
+
+ elgg_set_cookie($cookie);
// pass along any messages
$old_msg = $_SESSION['msg'];

0 comments on commit 9f3bd04

Please sign in to comment.