functions.
# Original patch by Scott MacVicar
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? Aug 2006, PHP 5.2.0RC2
+- Added support for httpOnly flag for session extension and cookie setting
+ functions. (Scott MacVicar, Ilia)
- Added version specific registry keys to allow different configurations for
different php version. (Richard, Dmitry)
- In addition to path to php.ini, PHPRC now may specify full file name. (Dmitry)
char *cookie_path;
char *cookie_domain;
zend_bool cookie_secure;
+ zend_bool cookie_httponly;
ps_module *mod;
void *mod_data;
php_session_status session_status;
STD_PHP_INI_ENTRY("session.cookie_path", "/", PHP_INI_ALL, OnUpdateString, cookie_path, php_ps_globals, ps_globals)
STD_PHP_INI_ENTRY("session.cookie_domain", "", PHP_INI_ALL, OnUpdateString, cookie_domain, php_ps_globals, ps_globals)
STD_PHP_INI_BOOLEAN("session.cookie_secure", "", PHP_INI_ALL, OnUpdateBool, cookie_secure, php_ps_globals, ps_globals)
+ STD_PHP_INI_BOOLEAN("session.cookie_httponly", "", PHP_INI_ALL, OnUpdateBool, cookie_httponly, php_ps_globals, ps_globals)
STD_PHP_INI_BOOLEAN("session.use_cookies", "1", PHP_INI_ALL, OnUpdateBool, use_cookies, php_ps_globals, ps_globals)
STD_PHP_INI_BOOLEAN("session.use_only_cookies", "0", PHP_INI_ALL, OnUpdateBool, use_only_cookies, php_ps_globals, ps_globals)
STD_PHP_INI_ENTRY("session.referer_check", "", PHP_INI_ALL, OnUpdateString, extern_referer_chk, php_ps_globals, ps_globals)
#define COOKIE_PATH "; path="
#define COOKIE_DOMAIN "; domain="
#define COOKIE_SECURE "; secure"
+#define COOKIE_HTTPONLY "; HttpOnly"
static void php_session_send_cookie(TSRMLS_D)
{
smart_str_appends(&ncookie, COOKIE_SECURE);
}
+ if (PS(cookie_httponly)) {
+ smart_str_appends(&ncookie, COOKIE_HTTPONLY);
+ }
+
smart_str_0(&ncookie);
/* 'replace' must be 0 here, else a previous Set-Cookie
Set session cookie parameters */
PHP_FUNCTION(session_set_cookie_params)
{
- zval **lifetime, **path, **domain, **secure;
+ zval **lifetime, **path, **domain, **secure, **httponly;
if (!PS(use_cookies))
return;
- if (ZEND_NUM_ARGS() < 1 || ZEND_NUM_ARGS() > 4 ||
- zend_get_parameters_ex(ZEND_NUM_ARGS(), &lifetime, &path, &domain, &secure) == FAILURE)
+ if (ZEND_NUM_ARGS() < 1 || ZEND_NUM_ARGS() > 5 ||
+ zend_get_parameters_ex(ZEND_NUM_ARGS(), &lifetime, &path, &domain, &secure, &httponly) == FAILURE)
WRONG_PARAM_COUNT;
convert_to_string_ex(lifetime);
convert_to_long_ex(secure);
zend_alter_ini_entry("session.cookie_secure", sizeof("session.cookie_secure"), Z_BVAL_PP(secure)?"1":"0", 1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
}
+ if (ZEND_NUM_ARGS() > 4) {
+ convert_to_long_ex(httponly);
+ zend_alter_ini_entry("session.cookie_httponly", sizeof("session.cookie_httponly"), Z_BVAL_PP(httponly)?"1":"0", 1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
+ }
}
}
}
add_assoc_string(return_value, "path", PS(cookie_path), 1);
add_assoc_string(return_value, "domain", PS(cookie_domain), 1);
add_assoc_bool(return_value, "secure", PS(cookie_secure));
+ add_assoc_bool(return_value, "httponly", PS(cookie_httponly));
}
/* }}} */
}
-PHPAPI int php_setcookie(char *name, int name_len, char *value, int value_len, time_t expires, char *path, int path_len, char *domain, int domain_len, int secure, int url_encode TSRMLS_DC)
+PHPAPI int php_setcookie(char *name, int name_len, char *value, int value_len, time_t expires, char *path, int path_len, char *domain, int domain_len, int secure, int url_encode, int httponly TSRMLS_DC)
{
char *cookie, *encoded_value = NULL;
int len=sizeof("Set-Cookie: ");
if (secure) {
strcat(cookie, "; secure");
}
+ if (httponly) {
+ strcat(cookie, "; httponly");
+ }
ctr.line = cookie;
ctr.line_len = strlen(cookie);
/* php_set_cookie(name, value, expires, path, domain, secure) */
-/* {{{ proto bool setcookie(string name [, string value [, int expires [, string path [, string domain [, bool secure]]]]])
+/* {{{ proto bool setcookie(string name [, string value [, int expires [, string path [, string domain [, bool secure[, bool httponly]]]]]])
Send a cookie */
PHP_FUNCTION(setcookie)
{
char *name, *value = NULL, *path = NULL, *domain = NULL;
long expires = 0;
- zend_bool secure = 0;
+ zend_bool secure = 0, httponly = 0;
int name_len, value_len, path_len, domain_len;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|slssb", &name,
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|slssbb", &name,
&name_len, &value, &value_len, &expires, &path,
- &path_len, &domain, &domain_len, &secure) == FAILURE) {
+ &path_len, &domain, &domain_len, &secure, &httponly) == FAILURE) {
return;
}
- if (php_setcookie(name, name_len, value, value_len, expires, path, path_len, domain, domain_len, secure, 1 TSRMLS_CC) == SUCCESS) {
+ if (php_setcookie(name, name_len, value, value_len, expires, path, path_len, domain, domain_len, secure, 1, httponly TSRMLS_CC) == SUCCESS) {
RETVAL_TRUE;
} else {
RETVAL_FALSE;
}
/* }}} */
-/* {{{ proto bool setrawcookie(string name [, string value [, int expires [, string path [, string domain [, bool secure]]]]])
+/* {{{ proto bool setrawcookie(string name [, string value [, int expires [, string path [, string domain [, bool secure[, bool httponly]]]]]])
Send a cookie with no url encoding of the value */
PHP_FUNCTION(setrawcookie)
{
char *name, *value = NULL, *path = NULL, *domain = NULL;
long expires = 0;
- zend_bool secure = 0;
+ zend_bool secure = 0, httponly = 0;
int name_len, value_len, path_len, domain_len;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|slssb", &name,
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|slssbb", &name,
&name_len, &value, &value_len, &expires, &path,
- &path_len, &domain, &domain_len, &secure) == FAILURE) {
+ &path_len, &domain, &domain_len, &secure, &httponly) == FAILURE) {
return;
}
- if (php_setcookie(name, name_len, value, value_len, expires, path, path_len, domain, domain_len, secure, 0 TSRMLS_CC) == SUCCESS) {
+ if (php_setcookie(name, name_len, value, value_len, expires, path, path_len, domain, domain_len, secure, 0, httponly TSRMLS_CC) == SUCCESS) {
RETVAL_TRUE;
} else {
RETVAL_FALSE;
PHP_FUNCTION(headers_list);
PHPAPI int php_header(TSRMLS_D);
-PHPAPI int php_setcookie(char *name, int name_len, char *value, int value_len, time_t expires, char *path, int path_len, char *domain, int domain_len, int secure, int url_encode TSRMLS_DC);
+PHPAPI int php_setcookie(char *name, int name_len, char *value, int value_len, time_t expires, char *path, int path_len, char *domain, int domain_len, int secure, int url_encode, int httponly TSRMLS_DC);
#endif
; The domain for which the cookie is valid.
session.cookie_domain =
+; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript.
+session.cookie_httponly =
+
; Handler used to serialize data. php is the standard serializer of PHP.
session.serialize_handler = php
; The domain for which the cookie is valid.
session.cookie_domain =
+; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript.
+session.cookie_httponly =
+
; Handler used to serialize data. php is the standard serializer of PHP.
session.serialize_handler = php
projects / php / commitdiff