diff options
author | xue <> | 2006-02-12 01:44:52 +0000 |
---|---|---|
committer | xue <> | 2006-02-12 01:44:52 +0000 |
commit | 42126e88ba1e3508e2c5a36e49c23bfaf4a4262c (patch) | |
tree | f29b10f0e58a5d09592232363d34a9d5ed51c8d1 /framework/Web/THttpRequest.php | |
parent | 9c559fd4e87a208a460255703d9b050988e12775 (diff) |
Implemented cookie HMAC check.
Diffstat (limited to 'framework/Web/THttpRequest.php')
-rw-r--r-- | framework/Web/THttpRequest.php | 39 |
1 files changed, 36 insertions, 3 deletions
diff --git a/framework/Web/THttpRequest.php b/framework/Web/THttpRequest.php index 12d1ccd6..26e57e5b 100644 --- a/framework/Web/THttpRequest.php +++ b/framework/Web/THttpRequest.php @@ -83,7 +83,7 @@ class THttpRequest extends TMap implements IModule private $_urlFormat='Get';
private $_services;
private $_requestResolved=false;
-
+ private $_enableCookieValidation=true;
/**
* @var string request URL
*/
@@ -357,6 +357,22 @@ class THttpRequest extends TMap implements IModule }
/**
+ * @return boolean whether cookies should be validated. Defaults to true.
+ */
+ public function getEnableCookieValidation()
+ {
+ return $this->_enableCookieValidation;
+ }
+
+ /**
+ * @param boolean whether cookies should be validated.
+ */
+ public function setEnableCookieValidation($value)
+ {
+ $this->_enableCookieValidation=TPropertyValue::ensureBoolean($value);
+ }
+
+ /**
* @return THttpCookieCollection list of cookies to be sent
*/
public function getCookies()
@@ -364,8 +380,25 @@ class THttpRequest extends TMap implements IModule if($this->_cookies===null)
{
$this->_cookies=new THttpCookieCollection;
- foreach($_COOKIE as $key=>$value)
- $this->_cookies->add(new THttpCookie($key,$value));
+ if($this->getEnableCookieValidation())
+ {
+ $sig=$this->getUserHostAddress().$this->getUserAgent();
+ $sm=$this->getApplication()->getSecurityManager();
+ foreach($_COOKIE as $key=>$value)
+ {
+ if(($value=$sm->validateData($value))!==false)
+ {
+ $v=unserialize($value);
+ if(isset($v[0]) && isset($v[1]) && $v[0]===$sig)
+ $this->_cookies->add(new THttpCookie($key,$v[1]));
+ }
+ }
+ }
+ else
+ {
+ foreach($_COOKIE as $key=>$value)
+ $this->_cookies->add(new THttpCookie($key,$value));
+ }
}
return $this->_cookies;
}
|