MediaWiki  REL1_22
Cookie.php
Go to the documentation of this file.
00001 <?php
00024 class Cookie {
00025     protected $name;
00026     protected $value;
00027     protected $expires;
00028     protected $path;
00029     protected $domain;
00030     protected $isSessionKey = true;
00031     // TO IMPLEMENT  protected $secure
00032     // TO IMPLEMENT? protected $maxAge (add onto expires)
00033     // TO IMPLEMENT? protected $version
00034     // TO IMPLEMENT? protected $comment
00035 
00036     function __construct( $name, $value, $attr ) {
00037         $this->name = $name;
00038         $this->set( $value, $attr );
00039     }
00040 
00053     public function set( $value, $attr ) {
00054         $this->value = $value;
00055 
00056         if ( isset( $attr['expires'] ) ) {
00057             $this->isSessionKey = false;
00058             $this->expires = strtotime( $attr['expires'] );
00059         }
00060 
00061         if ( isset( $attr['path'] ) ) {
00062             $this->path = $attr['path'];
00063         } else {
00064             $this->path = '/';
00065         }
00066 
00067         if ( isset( $attr['domain'] ) ) {
00068             if ( self::validateCookieDomain( $attr['domain'] ) ) {
00069                 $this->domain = $attr['domain'];
00070             }
00071         } else {
00072             throw new MWException( 'You must specify a domain.' );
00073         }
00074     }
00075 
00092     public static function validateCookieDomain( $domain, $originDomain = null ) {
00093         // Don't allow a trailing dot
00094         if ( substr( $domain, -1 ) == '.' ) {
00095             return false;
00096         }
00097 
00098         $dc = explode( ".", $domain );
00099 
00100         // Only allow full, valid IP addresses
00101         if ( preg_match( '/^[0-9.]+$/', $domain ) ) {
00102             if ( count( $dc ) != 4 ) {
00103                 return false;
00104             }
00105 
00106             if ( ip2long( $domain ) === false ) {
00107                 return false;
00108             }
00109 
00110             if ( $originDomain == null || $originDomain == $domain ) {
00111                 return true;
00112             }
00113 
00114         }
00115 
00116         // Don't allow cookies for "co.uk" or "gov.uk", etc, but allow "supermarket.uk"
00117         if ( strrpos( $domain, "." ) - strlen( $domain ) == -3 ) {
00118             if ( ( count( $dc ) == 2 && strlen( $dc[0] ) <= 2 )
00119                 || ( count( $dc ) == 3 && strlen( $dc[0] ) == "" && strlen( $dc[1] ) <= 2 ) ) {
00120                 return false;
00121             }
00122             if ( ( count( $dc ) == 2 || ( count( $dc ) == 3 && $dc[0] == '' ) )
00123                 && preg_match( '/(com|net|org|gov|edu)\...$/', $domain ) ) {
00124                 return false;
00125             }
00126         }
00127 
00128         if ( $originDomain != null ) {
00129             if ( substr( $domain, 0, 1 ) != '.' && $domain != $originDomain ) {
00130                 return false;
00131             }
00132 
00133             if ( substr( $domain, 0, 1 ) == '.'
00134                 && substr_compare( $originDomain, $domain, -strlen( $domain ),
00135                                    strlen( $domain ), true ) != 0 ) {
00136                 return false;
00137             }
00138         }
00139 
00140         return true;
00141     }
00142 
00150     public function serializeToHttpRequest( $path, $domain ) {
00151         $ret = '';
00152 
00153         if ( $this->canServeDomain( $domain )
00154                 && $this->canServePath( $path )
00155                 && $this->isUnExpired() ) {
00156             $ret = $this->name . '=' . $this->value;
00157         }
00158 
00159         return $ret;
00160     }
00161 
00166     protected function canServeDomain( $domain ) {
00167         if ( $domain == $this->domain
00168             || ( strlen( $domain ) > strlen( $this->domain )
00169                 && substr( $this->domain, 0, 1 ) == '.'
00170                 && substr_compare( $domain, $this->domain, -strlen( $this->domain ),
00171                                     strlen( $this->domain ), true ) == 0 ) ) {
00172             return true;
00173         }
00174 
00175         return false;
00176     }
00177 
00182     protected function canServePath( $path ) {
00183         return ( $this->path && substr_compare( $this->path, $path, 0, strlen( $this->path ) ) == 0 );
00184     }
00185 
00189     protected function isUnExpired() {
00190         return $this->isSessionKey || $this->expires > time();
00191     }
00192 }
00193 
00194 class CookieJar {
00195     private $cookie = array();
00196 
00201     public function setCookie( $name, $value, $attr ) {
00202         /* cookies: case insensitive, so this should work.
00203          * We'll still send the cookies back in the same case we got them, though.
00204          */
00205         $index = strtoupper( $name );
00206 
00207         if ( isset( $this->cookie[$index] ) ) {
00208             $this->cookie[$index]->set( $value, $attr );
00209         } else {
00210             $this->cookie[$index] = new Cookie( $name, $value, $attr );
00211         }
00212     }
00213 
00218     public function serializeToHttpRequest( $path, $domain ) {
00219         $cookies = array();
00220 
00221         foreach ( $this->cookie as $c ) {
00222             $serialized = $c->serializeToHttpRequest( $path, $domain );
00223 
00224             if ( $serialized ) {
00225                 $cookies[] = $serialized;
00226             }
00227         }
00228 
00229         return implode( '; ', $cookies );
00230     }
00231 
00239     public function parseCookieResponseHeader( $cookie, $domain ) {
00240         $len = strlen( 'Set-Cookie:' );
00241 
00242         if ( substr_compare( 'Set-Cookie:', $cookie, 0, $len, true ) === 0 ) {
00243             $cookie = substr( $cookie, $len );
00244         }
00245 
00246         $bit = array_map( 'trim', explode( ';', $cookie ) );
00247 
00248         if ( count( $bit ) >= 1 ) {
00249             list( $name, $value ) = explode( '=', array_shift( $bit ), 2 );
00250             $attr = array();
00251 
00252             foreach ( $bit as $piece ) {
00253                 $parts = explode( '=', $piece );
00254                 if ( count( $parts ) > 1 ) {
00255                     $attr[strtolower( $parts[0] )] = $parts[1];
00256                 } else {
00257                     $attr[strtolower( $parts[0] )] = true;
00258                 }
00259             }
00260 
00261             if ( !isset( $attr['domain'] ) ) {
00262                 $attr['domain'] = $domain;
00263             } elseif ( !Cookie::validateCookieDomain( $attr['domain'], $domain ) ) {
00264                 return null;
00265             }
00266 
00267             $this->setCookie( $name, $value, $attr );
00268         }
00269     }
00270 }