diff options
| author | Tim Almdal <tnalmdal@shaw.ca> | 2009-12-26 11:24:50 -0800 |
|---|---|---|
| committer | Tim Almdal <tnalmdal@shaw.ca> | 2009-12-26 11:24:50 -0800 |
| commit | 3060a6f662da66008d57a461bf1c9b5b4aa2b002 (patch) | |
| tree | 442fd290505817efc0324f2af6e01805cb7396aa /system/helpers/cookie.php | |
| parent | 1cd6a615bb47a33794e4a4f690c87a348ab752d7 (diff) | |
| parent | 32d25dafd5b033338b6a9bb8c7c53edab462543a (diff) | |
Merge branch 'master' into talmdal_dev
Conflicts:
modules/gallery/controllers/albums.php
modules/gallery/controllers/movies.php
modules/gallery/controllers/photos.php
Diffstat (limited to 'system/helpers/cookie.php')
| -rw-r--r-- | system/helpers/cookie.php | 87 |
1 files changed, 77 insertions, 10 deletions
diff --git a/system/helpers/cookie.php b/system/helpers/cookie.php index 901b6d86..8a2e3659 100644 --- a/system/helpers/cookie.php +++ b/system/helpers/cookie.php @@ -2,12 +2,12 @@ /** * Cookie helper class. * - * $Id: cookie.php 3769 2008-12-15 00:48:56Z zombor $ + * $Id: cookie.php 4679 2009-11-10 01:45:52Z isaiah $ * * @package Core * @author Kohana Team - * @copyright (c) 2007-2008 Kohana Team - * @license http://kohanaphp.com/license.html + * @copyright (c) 2007-2009 Kohana Team + * @license http://kohanaphp.com/license */ class cookie_Core { @@ -42,8 +42,13 @@ class cookie_Core { } } - // Expiration timestamp - $expire = ($expire == 0) ? 0 : time() + (int) $expire; + if ($expire !== 0) + { + // The expiration is expected to be a UNIX timestamp + $expire += time(); + } + + $value = cookie::salt($name, $value).'~'.$value; return setcookie($name, $value, $expire, $path, $domain, $secure, $httponly); } @@ -56,9 +61,51 @@ class cookie_Core { * @param boolean use XSS cleaning on the value * @return string */ - public static function get($name, $default = NULL, $xss_clean = FALSE) + public static function get($name = NULL, $default = NULL, $xss_clean = FALSE) { - return Input::instance()->cookie($name, $default, $xss_clean); + // Return an array of all the cookies if we don't have a name + if ($name === NULL) + { + $cookies = array(); + + foreach($_COOKIE AS $key => $value) + { + $cookies[$key] = cookie::get($key, $default, $xss_clean); + } + return $cookies; + } + + if ( ! isset($_COOKIE[$name])) + { + return $default; + } + + // Get the cookie value + $cookie = $_COOKIE[$name]; + + // Find the position of the split between salt and contents + $split = strlen(cookie::salt($name, NULL)); + + if (isset($cookie[$split]) AND $cookie[$split] === '~') + { + // Separate the salt and the value + list ($hash, $value) = explode('~', $cookie, 2); + + if (cookie::salt($name, $value) === $hash) + { + if ($xss_clean === TRUE AND Kohana::config('core.global_xss_filtering') === FALSE) + { + return Input::instance()->xss_clean($value); + } + // Cookie signature is valid + return $value; + } + + // The cookie signature is invalid, delete it + cookie::delete($name); + } + + return $default; } /** @@ -71,9 +118,6 @@ class cookie_Core { */ public static function delete($name, $path = NULL, $domain = NULL) { - if ( ! isset($_COOKIE[$name])) - return FALSE; - // Delete the cookie from globals unset($_COOKIE[$name]); @@ -81,4 +125,27 @@ class cookie_Core { return cookie::set($name, '', -86400, $path, $domain, FALSE, FALSE); } + /** + * Generates a salt string for a cookie based on the name and value. + * + * @param string $name name of cookie + * @param string $value value of cookie + * @return string sha1 hash + */ + public static function salt($name, $value) + { + // Determine the user agent + $agent = isset($_SERVER['HTTP_USER_AGENT']) ? strtolower($_SERVER['HTTP_USER_AGENT']) : 'unknown'; + + // Cookie salt. + $salt = Kohana::config('cookie.salt'); + + return sha1($agent.$name.$value.$salt); + } + + final private function __construct() + { + // Static class. + } + } // End cookie
\ No newline at end of file |