summaryrefslogtreecommitdiff
path: root/framework/Web/THttpRequest.php
diff options
context:
space:
mode:
Diffstat (limited to 'framework/Web/THttpRequest.php')
-rw-r--r--framework/Web/THttpRequest.php39
1 files changed, 36 insertions, 3 deletions
diff --git a/framework/Web/THttpRequest.php b/framework/Web/THttpRequest.php
index 12d1ccd6..26e57e5b 100644
--- a/framework/Web/THttpRequest.php
+++ b/framework/Web/THttpRequest.php
@@ -83,7 +83,7 @@ class THttpRequest extends TMap implements IModule
private $_urlFormat='Get';
private $_services;
private $_requestResolved=false;
-
+ private $_enableCookieValidation=true;
/**
* @var string request URL
*/
@@ -357,6 +357,22 @@ class THttpRequest extends TMap implements IModule
}
/**
+ * @return boolean whether cookies should be validated. Defaults to true.
+ */
+ public function getEnableCookieValidation()
+ {
+ return $this->_enableCookieValidation;
+ }
+
+ /**
+ * @param boolean whether cookies should be validated.
+ */
+ public function setEnableCookieValidation($value)
+ {
+ $this->_enableCookieValidation=TPropertyValue::ensureBoolean($value);
+ }
+
+ /**
* @return THttpCookieCollection list of cookies to be sent
*/
public function getCookies()
@@ -364,8 +380,25 @@ class THttpRequest extends TMap implements IModule
if($this->_cookies===null)
{
$this->_cookies=new THttpCookieCollection;
- foreach($_COOKIE as $key=>$value)
- $this->_cookies->add(new THttpCookie($key,$value));
+ if($this->getEnableCookieValidation())
+ {
+ $sig=$this->getUserHostAddress().$this->getUserAgent();
+ $sm=$this->getApplication()->getSecurityManager();
+ foreach($_COOKIE as $key=>$value)
+ {
+ if(($value=$sm->validateData($value))!==false)
+ {
+ $v=unserialize($value);
+ if(isset($v[0]) && isset($v[1]) && $v[0]===$sig)
+ $this->_cookies->add(new THttpCookie($key,$v[1]));
+ }
+ }
+ }
+ else
+ {
+ foreach($_COOKIE as $key=>$value)
+ $this->_cookies->add(new THttpCookie($key,$value));
+ }
}
return $this->_cookies;
}