From 42126e88ba1e3508e2c5a36e49c23bfaf4a4262c Mon Sep 17 00:00:00 2001
From: xue <>
Date: Sun, 12 Feb 2006 01:44:52 +0000
Subject: Implemented cookie HMAC check.

---
 framework/Web/THttpResponse.php | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'framework/Web/THttpResponse.php')

diff --git a/framework/Web/THttpResponse.php b/framework/Web/THttpResponse.php
index a8c3777a..5fed2167 100644
--- a/framework/Web/THttpResponse.php
+++ b/framework/Web/THttpResponse.php
@@ -66,7 +66,6 @@ class THttpResponse extends TModule implements ITextWriter
 	 * @var string content type
 	 */
 	private $_contentType='text/html';
-
 	/**
 	 * @var string character set, e.g. UTF-8
 	 */
@@ -350,7 +349,16 @@ class THttpResponse extends TModule implements ITextWriter
 	 */
 	public function addCookie($cookie)
 	{
-		setcookie($cookie->getName(),$cookie->getValue(),$cookie->getExpire(),$cookie->getPath(),$cookie->getDomain(),$cookie->getSecure());
+		$request=$this->getRequest();
+		if($request->getEnableCookieValidation())
+		{
+			$sig=$request->getUserHostAddress().$request->getUserAgent();
+			$data=serialize(array($sig,$cookie->getValue()));
+			$value=$this->getApplication()->getSecurityManager()->hashData($data);
+			setcookie($cookie->getName(),$value,$cookie->getExpire(),$cookie->getPath(),$cookie->getDomain(),$cookie->getSecure());
+		}
+		else
+			setcookie($cookie->getName(),$cookie->getValue(),$cookie->getExpire(),$cookie->getPath(),$cookie->getDomain(),$cookie->getSecure());
 	}
 
 	/**
-- 
cgit v1.2.3