From 53eda19fa2efed997405075ad003aa7a94d31563 Mon Sep 17 00:00:00 2001
From: rojaro <>
Date: Fri, 21 Jan 2011 12:39:42 +0000
Subject: fixed #304

---
 framework/Web/THttpRequest.php  | 20 ++++++++++++++++++++
 framework/Web/THttpResponse.php | 33 +++++++++++++++++++++++++++++----
 2 files changed, 49 insertions(+), 4 deletions(-)

(limited to 'framework')

diff --git a/framework/Web/THttpRequest.php b/framework/Web/THttpRequest.php
index fbceef38..925160c8 100644
--- a/framework/Web/THttpRequest.php
+++ b/framework/Web/THttpRequest.php
@@ -958,6 +958,10 @@ class THttpCookie extends TComponent
 	 * @var boolean whether cookie should be sent via secure connection
 	 */
 	private $_secure=false;
+	/**
+	 * @var boolean if true the cookie value will be unavailable to JavaScript
+	 */
+	private $_httpOnly=false;
 
 	/**
 	 * Constructor.
@@ -1002,6 +1006,22 @@ class THttpCookie extends TComponent
 		$this->_expire=TPropertyValue::ensureInteger($value);
 	}
 
+	/**
+	 * @return boolean if true the cookie value will be unavailable to JavaScript
+	 */
+	public function getHttpOnly()
+	{
+		return $this->_httpOnly;
+	}
+
+	/**
+	 * @param boolean $value if true the cookie value will be unavailable to JavaScript
+	 */
+	public function setHttpOnly($value)
+	{
+		$this->_httpOnly = TPropertyValue::ensureBoolean($value);
+	}
+
 	/**
 	 * @return string the name of the cookie
 	 */
diff --git a/framework/Web/THttpResponse.php b/framework/Web/THttpResponse.php
index 1e5540ab..21816b61 100644
--- a/framework/Web/THttpResponse.php
+++ b/framework/Web/THttpResponse.php
@@ -544,10 +544,27 @@ class THttpResponse extends TModule implements ITextWriter
 		if($request->getEnableCookieValidation())
 		{
 			$value=$this->getApplication()->getSecurityManager()->hashData($cookie->getValue());
-			setcookie($cookie->getName(),$value,$cookie->getExpire(),$cookie->getPath(),$cookie->getDomain(),$cookie->getSecure());
+			setcookie(
+				$cookie->getName(),
+				$value,
+				$cookie->getExpire(),
+				$cookie->getPath(),
+				$cookie->getDomain(),
+				$cookie->getSecure(),
+				$cookie->getHttpOnly()
+			);
+		}
+		else {
+			setcookie(
+				$cookie->getName(),
+				$cookie->getValue(),
+				$cookie->getExpire(),
+				$cookie->getPath(),
+				$cookie->getDomain(),
+				$cookie->getSecure(),
+				$cookie->getHttpOnly()
+			);
 		}
-		else
-			setcookie($cookie->getName(),$cookie->getValue(),$cookie->getExpire(),$cookie->getPath(),$cookie->getDomain(),$cookie->getSecure());
 	}
 
 	/**
@@ -557,7 +574,15 @@ class THttpResponse extends TModule implements ITextWriter
 	 */
 	public function removeCookie($cookie)
 	{
-		setcookie($cookie->getName(),null,0,$cookie->getPath(),$cookie->getDomain(),$cookie->getSecure());
+		setcookie(
+			$cookie->getName(),
+			null,
+			0,
+			$cookie->getPath(),
+			$cookie->getDomain(),
+			$cookie->getSecure(),
+			$cookie->getHttpOnly()
+		);
 	}
 
 	/**
-- 
cgit v1.2.3