diff options
Diffstat (limited to 'framework/Web')
-rw-r--r-- | framework/Web/THttpRequest.php | 11 | ||||
-rw-r--r-- | framework/Web/THttpResponse.php | 4 |
2 files changed, 4 insertions, 11 deletions
diff --git a/framework/Web/THttpRequest.php b/framework/Web/THttpRequest.php index 26e57e5b..a0fa50e4 100644 --- a/framework/Web/THttpRequest.php +++ b/framework/Web/THttpRequest.php @@ -83,7 +83,7 @@ class THttpRequest extends TMap implements IModule private $_urlFormat='Get';
private $_services;
private $_requestResolved=false;
- private $_enableCookieValidation=true;
+ private $_enableCookieValidation=false;
/**
* @var string request URL
*/
@@ -357,7 +357,7 @@ class THttpRequest extends TMap implements IModule }
/**
- * @return boolean whether cookies should be validated. Defaults to true.
+ * @return boolean whether cookies should be validated. Defaults to false.
*/
public function getEnableCookieValidation()
{
@@ -382,16 +382,11 @@ class THttpRequest extends TMap implements IModule $this->_cookies=new THttpCookieCollection;
if($this->getEnableCookieValidation())
{
- $sig=$this->getUserHostAddress().$this->getUserAgent();
$sm=$this->getApplication()->getSecurityManager();
foreach($_COOKIE as $key=>$value)
{
if(($value=$sm->validateData($value))!==false)
- {
- $v=unserialize($value);
- if(isset($v[0]) && isset($v[1]) && $v[0]===$sig)
- $this->_cookies->add(new THttpCookie($key,$v[1]));
- }
+ $this->_cookies->add(new THttpCookie($key,$value));
}
}
else
diff --git a/framework/Web/THttpResponse.php b/framework/Web/THttpResponse.php index 5fed2167..1607b9d5 100644 --- a/framework/Web/THttpResponse.php +++ b/framework/Web/THttpResponse.php @@ -352,9 +352,7 @@ class THttpResponse extends TModule implements ITextWriter $request=$this->getRequest();
if($request->getEnableCookieValidation())
{
- $sig=$request->getUserHostAddress().$request->getUserAgent();
- $data=serialize(array($sig,$cookie->getValue()));
- $value=$this->getApplication()->getSecurityManager()->hashData($data);
+ $value=$this->getApplication()->getSecurityManager()->hashData($cookie->getValue());
setcookie($cookie->getName(),$value,$cookie->getExpire(),$cookie->getPath(),$cookie->getDomain(),$cookie->getSecure());
}
else
|