From 42126e88ba1e3508e2c5a36e49c23bfaf4a4262c Mon Sep 17 00:00:00 2001
From: xue <>
Date: Sun, 12 Feb 2006 01:44:52 +0000
Subject: Implemented cookie HMAC check.

---
 framework/Web/THttpRequest.php | 39 ++++++++++++++++++++++++++++++++++++---
 1 file changed, 36 insertions(+), 3 deletions(-)

(limited to 'framework/Web/THttpRequest.php')

diff --git a/framework/Web/THttpRequest.php b/framework/Web/THttpRequest.php
index 12d1ccd6..26e57e5b 100644
--- a/framework/Web/THttpRequest.php
+++ b/framework/Web/THttpRequest.php
@@ -83,7 +83,7 @@ class THttpRequest extends TMap implements IModule
 	private $_urlFormat='Get';
 	private $_services;
 	private $_requestResolved=false;
-
+	private $_enableCookieValidation=true;
 	/**
 	 * @var string request URL
 	 */
@@ -356,6 +356,22 @@ class THttpRequest extends TMap implements IModule
 		return Prado::getUserLanguages();
 	}
 
+	/**
+	 * @return boolean whether cookies should be validated. Defaults to true.
+	 */
+	public function getEnableCookieValidation()
+	{
+		return $this->_enableCookieValidation;
+	}
+
+	/**
+	 * @param boolean whether cookies should be validated.
+	 */
+	public function setEnableCookieValidation($value)
+	{
+		$this->_enableCookieValidation=TPropertyValue::ensureBoolean($value);
+	}
+
 	/**
 	 * @return THttpCookieCollection list of cookies to be sent
 	 */
@@ -364,8 +380,25 @@ class THttpRequest extends TMap implements IModule
 		if($this->_cookies===null)
 		{
 			$this->_cookies=new THttpCookieCollection;
-			foreach($_COOKIE as $key=>$value)
-				$this->_cookies->add(new THttpCookie($key,$value));
+			if($this->getEnableCookieValidation())
+			{
+				$sig=$this->getUserHostAddress().$this->getUserAgent();
+				$sm=$this->getApplication()->getSecurityManager();
+				foreach($_COOKIE as $key=>$value)
+				{
+					if(($value=$sm->validateData($value))!==false)
+					{
+						$v=unserialize($value);
+						if(isset($v[0]) && isset($v[1]) && $v[0]===$sig)
+							$this->_cookies->add(new THttpCookie($key,$v[1]));
+					}
+				}
+			}
+			else
+			{
+				foreach($_COOKIE as $key=>$value)
+					$this->_cookies->add(new THttpCookie($key,$value));
+			}
 		}
 		return $this->_cookies;
 	}
-- 
cgit v1.2.3