joomla · eddieajau · Oct 22, 2013 · Oct 21, 2013 · Oct 22, 2013 · Oct 22, 2013
diff --git a/src/Joomla/Application/AbstractWebApplication.php b/src/Joomla/Application/AbstractWebApplication.php
@@ -758,4 +758,55 @@ protected function loadSystemUris($requestUri = null)
 			$this->set('uri.media.path', $this->get('uri.base.path') . 'media/');
 		}
 	}
+
+	/**
+	 * Checks for a form token in the request.
+	 *
+	 * Use in conjunction with getFormToken.
+	 *
+	 * @param   string  $method  The request method in which to look for the token key.
+	 *
+	 * @return  boolean  True if found and valid, false otherwise.
+	 *
+	 * @since   1.0
+	 */
+	public function checkToken($method = 'post')
+	{
+		$token = $this->getFormToken();
+
+		if (!$this->input->$method->get($token, '', 'alnum'))
+		{
+			if ($this->session->isNew())
+			{
+				// Redirect to login screen.
+				$this->redirect('index.php');
+				$this->close();
+			}
+			else
+			{
+				return false;
+			}
+		}
+		else
+		{
+			return true;
+		}
+	}
+
+	/**
+	 * Method to determine a hash for anti-spoofing variable names
+	 *
+	 * @param   boolean  $forceNew  If true, force a new token to be created
+	 *
+	 * @return  string  Hashed var name
+	 *
+	 * @since   1.0
+	 */
+	public function getFormToken($forceNew = false)
+	{
+		// @todo we need the user id somehow here
+		$userId  = 0;
+
+		return md5($this->get('secret') . $userId . $this->session->getToken($forceNew));
+	}
 }
diff --git a/src/Joomla/Application/Tests/AbstractWebApplicationTest.php b/src/Joomla/Application/Tests/AbstractWebApplicationTest.php
@@ -1269,6 +1269,27 @@ public function testIsSSLConnection()
 		);
 	}
 
+	/**
+	 * Test getFormToken
+	 *
+	 * @covers  Joomla\Application\AbstractWebApplication::getFormToken
+	 *
+	 * @return void
+	 */
+	public function testGetFormToken()
+	{
+		$mockSession = $this->getMock('Joomla\\Session\\Session');
+
+		$this->instance->setSession($mockSession);
+		$this->instance->set('secret', 'abc');
+		$expected = md5('abc' . 0 . $this->instance->getSession()->getToken());
+		$this->assertEquals(
+			$expected,
+			$this->instance->getFormToken(),
+			'Form token should be calculated as above.'
+		);
+	}
+
 	/**
 	 * Setup for testing.
 	 *

diff --git a/src/Joomla/Session/Session.php b/src/Joomla/Session/Session.php
@@ -10,7 +10,6 @@
 
 use Joomla\Event\Dispatcher;
 use Joomla\Input\Input;
-use Joomla\Factory;
 
 /**
  * Class for managing HTTP sessions
@@ -72,6 +71,22 @@ class Session implements \IteratorAggregate
 	 */
 	protected $force_ssl = false;
 
+	/**
+	 * The domain to use when setting cookies.
+	 *
+	 * @var    mixed
+	 * @since  1.0
+	 */
+	protected $cookie_domain;
+
+	/**
+	 * The path to use when setting cookies.
+	 *
+	 * @var    mixed
+	 * @since  1.0
+	 */
+	protected $cookie_path;
+
 	/**
 	 * Session instances container.
 	 *
@@ -259,26 +274,6 @@ public function hasToken($tCheck, $forceExpire = true)
 		return true;
 	}
 
-	/**
-	 * Method to determine a hash for anti-spoofing variable names
-	 *
-	 * @param   boolean  $forceNew  If true, force a new token to be created
-	 *
-	 * @return  string  Hashed var name
-	 *
-	 * @since   1.0
-	 */
-	public static function getFormToken($forceNew = false)
-	{
-		// @todo we need the user id somehow here
-		$userId  = 0;
-		$session = Factory::getSession();
-
-		$hash = md5(Factory::getApplication()->get('secret') . $userId . $session->getToken($forceNew));
-
-		return $hash;
-	}
-
 	/**
 	 * Retrieve an external iterator.
 	 *
@@ -291,43 +286,6 @@ public function getIterator()
 		return new \ArrayIterator($_SESSION);
 	}
 
-	/**
-	 * Checks for a form token in the request.
-	 *
-	 * Use in conjunction with Joomla\Session\Session::getFormToken.
-	 *
-	 * @param   string  $method  The request method in which to look for the token key.
-	 *
-	 * @return  boolean  True if found and valid, false otherwise.
-	 *
-	 * @since   1.0
-	 */
-	public static function checkToken($method = 'post')
-	{
-		$token = self::getFormToken();
-		$app = Factory::getApplication();
-
-		if (!$app->input->$method->get($token, '', 'alnum'))
-		{
-			$session = Factory::getSession();
-
-			if ($session->isNew())
-			{
-				// Redirect to login screen.
-				$app->redirect('index.php');
-				$app->close();
-			}
-			else
-			{
-				return false;
-			}
-		}
-		else
-		{
-			return true;
-		}
-	}
-
 	/**
 	 * Get session name
 	 *
@@ -682,10 +640,7 @@ public function destroy()
 		 */
 		if (isset($_COOKIE[session_name()]))
 		{
-			$config = Factory::getConfig();
-			$cookie_domain = $config->get('cookie_domain', '');
-			$cookie_path = $config->get('cookie_path', '/');
-			setcookie(session_name(), '', time() - 42000, $cookie_path, $cookie_domain);
+			setcookie(session_name(), '', time() - 42000, $this->cookie_path, $this->cookie_domain);
 		}
 
 		session_unset();
@@ -801,16 +756,14 @@ protected function _setCookieParams()
 			$cookie['secure'] = true;
 		}
 
-		$config = Factory::getConfig();
-
-		if ($config->get('cookie_domain', '') != '')
+		if ($this->cookie_domain)
 		{
-			$cookie['domain'] = $config->get('cookie_domain');
+			$cookie['domain'] = $this->cookie_domain;
 		}
 
-		if ($config->get('cookie_path', '') != '')
+		if ($this->cookie_path)
 		{
-			$cookie['path'] = $config->get('cookie_path');
+			$cookie['path'] = $this->cookie_path;
 		}
 
 		session_set_cookie_params($cookie['lifetime'], $cookie['path'], $cookie['domain'], $cookie['secure'], true);
@@ -921,6 +874,16 @@ protected function _setOptions(array $options)
 			$this->force_ssl = (bool) $options['force_ssl'];
 		}
 
+		if (isset($options['cookie_domain']))
+		{
+			$this->cookie_domain = $options['cookie_domain'];
+		}
+
+		if (isset($options['cookie_path']))
+		{
+			$this->cookie_path = $options['cookie_path'];
+		}
+
 		// Sync the session maxlifetime
 		ini_set('session.gc_maxlifetime', $this->expire);
 

diff --git a/src/Joomla/Session/Storage/Apc.php b/src/Joomla/Session/Storage/Apc.php
@@ -9,7 +9,6 @@
 namespace Joomla\Session\Storage;
 
 use Joomla\Session\Storage;
-use RuntimeException;
 
 /**
  * APC session storage handler for PHP
@@ -25,13 +24,13 @@ class Apc extends Storage
 	 * @param   array  $options  Optional parameters
 	 *
 	 * @since   1.0
-	 * @throws  RuntimeException
+	 * @throws  \RuntimeException
 	 */
 	public function __construct($options = array())
 	{
 		if (!self::isSupported())
 		{
-			throw new RuntimeException('APC Extension is not available', 404);
+			throw new \RuntimeException('APC Extension is not available', 404);
 		}
 
 		parent::__construct($options);