diff options
| -rw-r--r-- | framework/Web/THttpRequest.php | 20 | ||||
| -rw-r--r-- | framework/Web/THttpResponse.php | 33 |
2 files changed, 49 insertions, 4 deletions
diff --git a/framework/Web/THttpRequest.php b/framework/Web/THttpRequest.php index fbceef38..925160c8 100644 --- a/framework/Web/THttpRequest.php +++ b/framework/Web/THttpRequest.php @@ -958,6 +958,10 @@ class THttpCookie extends TComponent * @var boolean whether cookie should be sent via secure connection */ private $_secure=false; + /** + * @var boolean if true the cookie value will be unavailable to JavaScript + */ + private $_httpOnly=false; /** * Constructor. @@ -1003,6 +1007,22 @@ class THttpCookie extends TComponent } /** + * @return boolean if true the cookie value will be unavailable to JavaScript + */ + public function getHttpOnly() + { + return $this->_httpOnly; + } + + /** + * @param boolean $value if true the cookie value will be unavailable to JavaScript + */ + public function setHttpOnly($value) + { + $this->_httpOnly = TPropertyValue::ensureBoolean($value); + } + + /** * @return string the name of the cookie */ public function getName() diff --git a/framework/Web/THttpResponse.php b/framework/Web/THttpResponse.php index 1e5540ab..21816b61 100644 --- a/framework/Web/THttpResponse.php +++ b/framework/Web/THttpResponse.php @@ -544,10 +544,27 @@ class THttpResponse extends TModule implements ITextWriter if($request->getEnableCookieValidation())
{
$value=$this->getApplication()->getSecurityManager()->hashData($cookie->getValue());
- setcookie($cookie->getName(),$value,$cookie->getExpire(),$cookie->getPath(),$cookie->getDomain(),$cookie->getSecure());
+ setcookie(
+ $cookie->getName(),
+ $value,
+ $cookie->getExpire(),
+ $cookie->getPath(),
+ $cookie->getDomain(),
+ $cookie->getSecure(),
+ $cookie->getHttpOnly()
+ );
+ }
+ else {
+ setcookie(
+ $cookie->getName(),
+ $cookie->getValue(),
+ $cookie->getExpire(),
+ $cookie->getPath(),
+ $cookie->getDomain(),
+ $cookie->getSecure(),
+ $cookie->getHttpOnly()
+ );
}
- else
- setcookie($cookie->getName(),$cookie->getValue(),$cookie->getExpire(),$cookie->getPath(),$cookie->getDomain(),$cookie->getSecure());
}
/**
@@ -557,7 +574,15 @@ class THttpResponse extends TModule implements ITextWriter */
public function removeCookie($cookie)
{
- setcookie($cookie->getName(),null,0,$cookie->getPath(),$cookie->getDomain(),$cookie->getSecure());
+ setcookie(
+ $cookie->getName(),
+ null,
+ 0,
+ $cookie->getPath(),
+ $cookie->getDomain(),
+ $cookie->getSecure(),
+ $cookie->getHttpOnly()
+ );
}
/**
|