Implemented cookie HMAC check.

author: xue <> 2006-02-12 01:44:52 +0000
committer: xue <> 2006-02-12 01:44:52 +0000
commit: 42126e88ba1e3508e2c5a36e49c23bfaf4a4262c (patch)
tree: f29b10f0e58a5d09592232363d34a9d5ed51c8d1 /framework/Web/THttpResponse.php
parent: 9c559fd4e87a208a460255703d9b050988e12775 (diff)
1 files changed, 10 insertions, 2 deletions
diff --git a/framework/Web/THttpResponse.php b/framework/Web/THttpResponse.php
index a8c3777a..5fed2167 100644
--- a/framework/Web/THttpResponse.php
+++ b/framework/Web/THttpResponse.php
@@ -66,7 +66,6 @@ class THttpResponse extends TModule implements ITextWriter
 	 * @var string content type
 	 */
 	private $_contentType='text/html';
-
 	/**
 	 * @var string character set, e.g. UTF-8
 	 */
@@ -350,7 +349,16 @@ class THttpResponse extends TModule implements ITextWriter
 	 */
 	public function addCookie($cookie)
 	{
-		setcookie($cookie->getName(),$cookie->getValue(),$cookie->getExpire(),$cookie->getPath(),$cookie->getDomain(),$cookie->getSecure());
+		$request=$this->getRequest();
+		if($request->getEnableCookieValidation())
+		{
+			$sig=$request->getUserHostAddress().$request->getUserAgent();
+			$data=serialize(array($sig,$cookie->getValue()));
+			$value=$this->getApplication()->getSecurityManager()->hashData($data);
+			setcookie($cookie->getName(),$value,$cookie->getExpire(),$cookie->getPath(),$cookie->getDomain(),$cookie->getSecure());
+		}
+		else
+			setcookie($cookie->getName(),$cookie->getValue(),$cookie->getExpire(),$cookie->getPath(),$cookie->getDomain(),$cookie->getSecure());
 	}
 
 	/**
author	xue <>	2006-02-12 01:44:52 +0000
committer	xue <>	2006-02-12 01:44:52 +0000
commit	42126e88ba1e3508e2c5a36e49c23bfaf4a4262c (patch)
tree	f29b10f0e58a5d09592232363d34a9d5ed51c8d1 /framework/Web/THttpResponse.php
parent	9c559fd4e87a208a460255703d9b050988e12775 (diff)