summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorrojaro <>2011-01-21 12:39:42 +0000
committerrojaro <>2011-01-21 12:39:42 +0000
commit53eda19fa2efed997405075ad003aa7a94d31563 (patch)
tree77ec6cdfba5533698686a7871927e386634bc70a
parentb2302622e991406d43b19f78262ce08d3c5db69b (diff)
fixed #304
-rw-r--r--framework/Web/THttpRequest.php20
-rw-r--r--framework/Web/THttpResponse.php33
2 files changed, 49 insertions, 4 deletions
diff --git a/framework/Web/THttpRequest.php b/framework/Web/THttpRequest.php
index fbceef38..925160c8 100644
--- a/framework/Web/THttpRequest.php
+++ b/framework/Web/THttpRequest.php
@@ -958,6 +958,10 @@ class THttpCookie extends TComponent
* @var boolean whether cookie should be sent via secure connection
*/
private $_secure=false;
+ /**
+ * @var boolean if true the cookie value will be unavailable to JavaScript
+ */
+ private $_httpOnly=false;
/**
* Constructor.
@@ -1003,6 +1007,22 @@ class THttpCookie extends TComponent
}
/**
+ * @return boolean if true the cookie value will be unavailable to JavaScript
+ */
+ public function getHttpOnly()
+ {
+ return $this->_httpOnly;
+ }
+
+ /**
+ * @param boolean $value if true the cookie value will be unavailable to JavaScript
+ */
+ public function setHttpOnly($value)
+ {
+ $this->_httpOnly = TPropertyValue::ensureBoolean($value);
+ }
+
+ /**
* @return string the name of the cookie
*/
public function getName()
diff --git a/framework/Web/THttpResponse.php b/framework/Web/THttpResponse.php
index 1e5540ab..21816b61 100644
--- a/framework/Web/THttpResponse.php
+++ b/framework/Web/THttpResponse.php
@@ -544,10 +544,27 @@ class THttpResponse extends TModule implements ITextWriter
if($request->getEnableCookieValidation())
{
$value=$this->getApplication()->getSecurityManager()->hashData($cookie->getValue());
- setcookie($cookie->getName(),$value,$cookie->getExpire(),$cookie->getPath(),$cookie->getDomain(),$cookie->getSecure());
+ setcookie(
+ $cookie->getName(),
+ $value,
+ $cookie->getExpire(),
+ $cookie->getPath(),
+ $cookie->getDomain(),
+ $cookie->getSecure(),
+ $cookie->getHttpOnly()
+ );
+ }
+ else {
+ setcookie(
+ $cookie->getName(),
+ $cookie->getValue(),
+ $cookie->getExpire(),
+ $cookie->getPath(),
+ $cookie->getDomain(),
+ $cookie->getSecure(),
+ $cookie->getHttpOnly()
+ );
}
- else
- setcookie($cookie->getName(),$cookie->getValue(),$cookie->getExpire(),$cookie->getPath(),$cookie->getDomain(),$cookie->getSecure());
}
/**
@@ -557,7 +574,15 @@ class THttpResponse extends TModule implements ITextWriter
*/
public function removeCookie($cookie)
{
- setcookie($cookie->getName(),null,0,$cookie->getPath(),$cookie->getDomain(),$cookie->getSecure());
+ setcookie(
+ $cookie->getName(),
+ null,
+ 0,
+ $cookie->getPath(),
+ $cookie->getDomain(),
+ $cookie->getSecure(),
+ $cookie->getHttpOnly()
+ );
}
/**