Changeset 711 for trunk/lib


Ignore:
Timestamp:
Feb 13, 2020 4:47:07 AM (4 years ago)
Author:
anonymous
Message:

Add SameSite? option to App::setCookie

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/lib/App.inc.php

    r699 r711  
    17421742    * @param    bool    $secure     Indicates that the cookie should only be transmitted over a secure HTTPS connection from the client.
    17431743    * @param    bool    $httponly   When TRUE the cookie will be made accessible only through the HTTP protocol (makes cookies unreadable to javascript).
     1744    * @param    string  $samesite   Value of the SameSite key ('None', 'Lax', or 'Strict'). PHP 7.3+ only.
    17441745    * @return   bool                True on success, false on error.
    17451746    * @author   Quinn Comendant <quinn@strangecode.com>
     
    17471748    * @since    02 May 2014 16:36:34
    17481749    */
    1749     public function setCookie($name, $value, $expire='+10 years', $path='/', $domain=null, $secure=null, $httponly=null)
     1750    public function setCookie($name, $value, $expire='+10 years', $path='/', $domain=null, $secure=null, $httponly=null, $samesite=null)
    17501751    {
    17511752        if (!is_scalar($name)) {
     
    17621763        $secure = $secure ?: getenv('HTTPS') == 'on';
    17631764        $httponly = $httponly ?: true;
     1765        $samesite = $samesite ?: 'Lax';
    17641766
    17651767        // Make sure the expiration date is a valid 32bit integer.
     
    17701772        // Measure total cookie length and warn if larger than max recommended size of 4093.
    17711773        // https://stackoverflow.com/questions/640938/what-is-the-maximum-size-of-a-web-browsers-cookies-key
    1772         // The date the header name include 51 bytes: Set-Cookie: ; expires=Fri, 03-May-2024 00:04:47 GMT
    1773         $cookielen = strlen($name . $value . $path . $domain . ($secure ? '; secure' : '') . ($httponly ? '; httponly' : '')) + 51;
     1774        // The date and header name adds 51 bytes: Set-Cookie: ; expires=Fri, 03-May-2024 00:04:47 GMT
     1775        $cookielen = strlen($name . $value . $path . $domain . ($secure ? '; secure' : '') . ($httponly ? '; httponly' : '') . ($samesite ? '; SameSite=' . $samesite : '')) + 51;
    17741776        if ($cookielen > 4093) {
    17751777            $this->logMsg(sprintf('Cookie "%s" has a size greater than 4093 bytes (is %s bytes)', $key, $cookielen), LOG_NOTICE, __FILE__, __LINE__);
     
    17771779
    17781780        // Ensure PHP version allow use of httponly.
    1779         if (version_compare(PHP_VERSION, '5.2.0', '>=')) {
     1781        if (version_compare(PHP_VERSION, '7.3.0', '>=')) {
     1782            $ret = setcookie($name, $value, [
     1783                'expires' => $expire,
     1784                'path' => $path,
     1785                'domain' => $domain,
     1786                'secure' => $secure,
     1787                'httponly' => $httponly,
     1788                'samesite' => $samesite,
     1789            ]);
     1790        } else if (version_compare(PHP_VERSION, '5.2.0', '>=')) {
    17801791            $ret = setcookie($name, $value, $expire, $path, $domain, $secure, $httponly);
    17811792        } else {
Note: See TracChangeset for help on using the changeset viewer.