MediaWiki r12253 - Code Review

Jump to: navigation, search
Repository:MediaWiki
Revision:r12252‎ | r12253 (on ViewVC)‎ | r12254 >
Date:10:29, 26 December 2005
Author:vibber
Status:old
Tags:
Comment:
* Remove unused OutputPage::addCookie()
* Set cookies to secure mode based on use of HTTPS or $wgCookieSecure
Note; this currently doesn't override the session cookie params. Set separately
Modified paths:

Diff [purge]

Index: trunk/phase3/includes/User.php
===================================================================
--- trunk/phase3/includes/User.php	(revision 12252)
+++ trunk/phase3/includes/User.php	(revision 12253)
@@ -1302,20 +1302,20 @@
 	}
 
 	function setCookies() {
-		global $wgCookieExpiration, $wgCookiePath, $wgCookieDomain, $wgDBname;
+		global $wgCookieExpiration, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgDBname;
 		if ( 0 == $this->mId ) return;
 		$this->loadFromDatabase();
 		$exp = time() + $wgCookieExpiration;
 
 		$_SESSION['wsUserID'] = $this->mId;
-		setcookie( $wgDBname.'UserID', $this->mId, $exp, $wgCookiePath, $wgCookieDomain );
+		setcookie( $wgDBname.'UserID', $this->mId, $exp, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
 
 		$_SESSION['wsUserName'] = $this->getName();
-		setcookie( $wgDBname.'UserName', $this->getName(), $exp, $wgCookiePath, $wgCookieDomain );
+		setcookie( $wgDBname.'UserName', $this->getName(), $exp, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
 
 		$_SESSION['wsToken'] = $this->mToken;
 		if ( 1 == $this->getOption( 'rememberpassword' ) ) {
-			setcookie( $wgDBname.'Token', $this->mToken, $exp, $wgCookiePath, $wgCookieDomain );
+			setcookie( $wgDBname.'Token', $this->mToken, $exp, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
 		} else {
 			setcookie( $wgDBname.'Token', '', time() - 3600 );
 		}
@@ -1326,17 +1326,17 @@
 	 * It will clean the session cookie
 	 */
 	function logout() {
-		global $wgCookiePath, $wgCookieDomain, $wgDBname;
+		global $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgDBname;
 		$this->loadDefaults();
 		$this->setLoaded( true );
 
 		$_SESSION['wsUserID'] = 0;
 
-		setcookie( $wgDBname.'UserID', '', time() - 3600, $wgCookiePath, $wgCookieDomain );
-		setcookie( $wgDBname.'Token', '', time() - 3600, $wgCookiePath, $wgCookieDomain );
+		setcookie( $wgDBname.'UserID', '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
+		setcookie( $wgDBname.'Token', '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
 
 		# Remember when user logged out, to prevent seeing cached pages
-		setcookie( $wgDBname.'LoggedOut', wfTimestampNow(), time() + 86400, $wgCookiePath, $wgCookieDomain );
+		setcookie( $wgDBname.'LoggedOut', wfTimestampNow(), time() + 86400, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
 	}
 
 	/**
Index: trunk/phase3/includes/SpecialUserlogin.php
===================================================================
--- trunk/phase3/includes/SpecialUserlogin.php	(revision 12252)
+++ trunk/phase3/includes/SpecialUserlogin.php	(revision 12253)
@@ -381,7 +381,7 @@
 	 * @access private
 	 */
 	function mailPasswordInternal( $u ) {
-		global $wgDBname, $wgCookiePath, $wgCookieDomain;
+		global $wgDBname, $wgCookiePath, $wgCookieDomain, $wgCookieSecure;
 
 		if ( '' == $u->getEmail() ) {
 			return wfMsg( 'noemail', $u->getName() );
@@ -390,7 +390,7 @@
 		$np = $u->randomPassword();
 		$u->setNewpassword( $np );
 
-		setcookie( "{$wgDBname}Token", '', time() - 3600, $wgCookiePath, $wgCookieDomain );
+		setcookie( "{$wgDBname}Token", '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
 
 		$u->saveSettings();
 
Index: trunk/phase3/includes/OutputPage.php
===================================================================
--- trunk/phase3/includes/OutputPage.php	(revision 12252)
+++ trunk/phase3/includes/OutputPage.php	(revision 12253)
@@ -17,7 +17,7 @@
  * @package MediaWiki
  */
 class OutputPage {
-	var $mHeaders, $mCookies, $mMetatags, $mKeywords;
+	var $mHeaders, $mMetatags, $mKeywords;
 	var $mLinktags, $mPagetitle, $mBodytext, $mDebugtext;
 	var $mHTMLtitle, $mRobotpolicy, $mIsarticle, $mPrintable;
 	var $mSubtitle, $mRedirect, $mStatusCode;
@@ -39,7 +39,7 @@
 	 * Initialise private variables
 	 */
 	function OutputPage() {
-		$this->mHeaders = $this->mCookies = $this->mMetatags =
+		$this->mHeaders = $this->mMetatags =
 		$this->mKeywords = $this->mLinktags = array();
 		$this->mHTMLtitle = $this->mPagetitle = $this->mBodytext =
 		$this->mRedirect = $this->mLastModified =
@@ -59,7 +59,6 @@
 	}
 
 	function addHeader( $name, $val ) { array_push( $this->mHeaders, $name.': '.$val ) ; }
-	function addCookie( $name, $val ) { array_push( $this->mCookies, array( $name, $val ) ); }
 	function redirect( $url, $responsecode = '302' ) { $this->mRedirect = $url; $this->mRedirectCode = $responsecode; }
 	function setStatusCode( $statusCode ) { $this->mStatusCode = $statusCode; }
 	
@@ -422,7 +421,7 @@
 	 * the object, let's actually output it:
 	 */
 	function output() {
-		global $wgUser, $wgCookieExpiration, $wgOutputEncoding;
+		global $wgUser, $wgOutputEncoding;
 		global $wgContLanguageCode, $wgDebugRedirects, $wgMimeType, $wgProfiler;
 
 		if( $this->mDoNothing ){
@@ -523,11 +522,6 @@
 		header( "Content-type: $wgMimeType; charset={$wgOutputEncoding}" );
 		header( 'Content-language: '.$wgContLanguageCode );
 
-		$exp = time() + $wgCookieExpiration;
-		foreach( $this->mCookies as $name => $val ) {
-			setcookie( $name, $val, $exp, '/' );
-		}
-
 		if ($this->mArticleBodyOnly) {
 			$this->out($this->mBodytext);
 		} else {
Index: trunk/phase3/includes/DefaultSettings.php
===================================================================
--- trunk/phase3/includes/DefaultSettings.php	(revision 12252)
+++ trunk/phase3/includes/DefaultSettings.php	(revision 12253)
@@ -66,7 +66,6 @@
 
 	$wgServer .= ":" . $_SERVER['SERVER_PORT'];
 }
-unset($wgProto);
 
 
 /**
@@ -1005,6 +1004,7 @@
  */
 $wgCookieDomain = '';
 $wgCookiePath = '/';
+$wgCookieSecure = ($wgProto == 'https');
 $wgDisableCookieCheck = false;
 
 /**  Whether to allow inline image pointing to other websites */
Index: trunk/phase3/includes/SpecialUserlogout.php
===================================================================
--- trunk/phase3/includes/SpecialUserlogout.php	(revision 12252)
+++ trunk/phase3/includes/SpecialUserlogout.php	(revision 12253)
@@ -17,7 +17,6 @@
 
 		wfRunHooks('UserLogoutComplete', array(&$wgUser));
 		
-		$wgOut->mCookies = array();
 		$wgOut->setRobotpolicy( 'noindex,nofollow' );
 		$wgOut->addHTML( wfMsg( 'logouttext' ) );
 		$wgOut->returnToMain();
Index: trunk/phase3/RELEASE-NOTES
===================================================================
--- trunk/phase3/RELEASE-NOTES	(revision 12252)
+++ trunk/phase3/RELEASE-NOTES	(revision 12253)
@@ -360,6 +360,8 @@
   1.6 dev behavior.
 * Add 'GetInternalURL' hook to match the GetFullURL and GetLocalURL ones
 * (bug 4389) Fix math options on zh-hk and zh-tw (but not localized)
+* Remove unused OutputPage::addCookie()
+* Set cookies to secure mode based on use of HTTPS or $wgCookieSecure
 
 
 === Caveats ===

Status & tagging log

  • 01:58, 13 October 2010 ^demon (Talk | contribs) changed the status of r12253 [removed: new added: old]
Retrieved from "http://www.mediawiki.org/wiki/Special:Code/MediaWiki/12253"
Personal tools
Namespaces
Variants
Views
Actions
Site
Support
Download
Development
Communication
Toolbox