diff options
| author | Andrey Andreev <narf@devilix.net> | 2017-02-01 13:36:49 +0100 |
|---|---|---|
| committer | Andrey Andreev <narf@devilix.net> | 2017-02-01 13:36:49 +0100 |
| commit | 422b8890e8b41a9ecf6644bff169c8c82fa2c82d (patch) | |
| tree | 6f73400246ff47dfa4b9c8c028421bc9e0e30104 | |
| parent | b1780fc79e1b24ecc51b5448642a84d4022cbadc (diff) | |
Fix a CI_Input::set_cookie() bug
Found on StackOverflow: https://stackoverflow.com/questions/41925028/codeigniter-config-overrides-set-cookie-parameters
| -rw-r--r-- | system/core/Input.php | 16 | ||||
| -rw-r--r-- | system/helpers/cookie_helper.php | 2 | ||||
| -rw-r--r-- | user_guide_src/source/changelog.rst | 1 | ||||
| -rw-r--r-- | user_guide_src/source/helpers/cookie_helper.rst | 2 | ||||
| -rw-r--r-- | user_guide_src/source/libraries/input.rst | 6 |
5 files changed, 13 insertions, 14 deletions
diff --git a/system/core/Input.php b/system/core/Input.php index d7cd29261..af4f87c1f 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -359,7 +359,7 @@ class CI_Input { * @param bool $httponly Whether to only makes the cookie accessible via HTTP (no javascript) * @return void */ - public function set_cookie($name, $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE, $httponly = FALSE) + public function set_cookie($name, $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = NULL, $httponly = NULL) { if (is_array($name)) { @@ -388,15 +388,13 @@ class CI_Input { $path = config_item('cookie_path'); } - if ($secure === FALSE && config_item('cookie_secure') === TRUE) - { - $secure = config_item('cookie_secure'); - } + $secure = ($secure === NULL && config_item('cookie_secure') !== NULL) + ? (bool) config_item('cookie_secure') + : (bool) $secure; - if ($httponly === FALSE && config_item('cookie_httponly') !== FALSE) - { - $httponly = config_item('cookie_httponly'); - } + $httponly = ($httponly === NULL && config_item('cookie_httponly') !== NULL) + ? (bool) config_item('cookie_httponly') + : (bool) $httponly; if ( ! is_numeric($expire)) { diff --git a/system/helpers/cookie_helper.php b/system/helpers/cookie_helper.php index bb90cba1e..b943edbae 100644 --- a/system/helpers/cookie_helper.php +++ b/system/helpers/cookie_helper.php @@ -67,7 +67,7 @@ if ( ! function_exists('set_cookie')) * @param bool true makes the cookie accessible via http(s) only (no javascript) * @return void */ - function set_cookie($name, $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE, $httponly = FALSE) + function set_cookie($name, $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = NULL, $httponly = NULL) { // Set the config file options get_instance()->input->set_cookie($name, $value, $expire, $domain, $path, $prefix, $secure, $httponly); diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index b1dadb14b..28a862126 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -30,6 +30,7 @@ Bug fixes for 3.1.4 - Fixed a bug where :doc:`Session Library <libraries/sessions>` didn't read session data in a byte-safe manner when ``mbstring.func_overload`` is enabled. - Fixed a bug (#4990) - :doc:`Profiler <general/profiling>` didn't close ``<pre>`` tags it generated. - Fixed a bug (#4990) - :doc:`Profiler <general/profiling>` didn't HTML-escape quotes for ``$_SESSION`` variables. +- Fixed a bug where :doc:`Input Library <libraries/input>` method ``set_cookie()`` didn't allow its *httponly* and *secure* parameters to be overriden to ``FALSE``. Version 3.1.3 ============= diff --git a/user_guide_src/source/helpers/cookie_helper.rst b/user_guide_src/source/helpers/cookie_helper.rst index c9d2f419c..2ad51e78c 100644 --- a/user_guide_src/source/helpers/cookie_helper.rst +++ b/user_guide_src/source/helpers/cookie_helper.rst @@ -25,7 +25,7 @@ Available Functions The following functions are available: -.. php:function:: set_cookie($name[, $value = ''[, $expire = ''[, $domain = ''[, $path = '/'[, $prefix = ''[, $secure = FALSE[, $httponly = FALSE]]]]]]]) +.. php:function:: set_cookie($name[, $value = ''[, $expire = ''[, $domain = ''[, $path = '/'[, $prefix = ''[, $secure = NULL[, $httponly = NULL]]]]]]]) :param mixed $name: Cookie name *or* associative array of all of the parameters available to this function :param string $value: Cookie value diff --git a/user_guide_src/source/libraries/input.rst b/user_guide_src/source/libraries/input.rst index 01099a955..e7107fa06 100644 --- a/user_guide_src/source/libraries/input.rst +++ b/user_guide_src/source/libraries/input.rst @@ -285,7 +285,7 @@ Class Reference This method is identical to ``get()``, ``post()`` and ``cookie()``, only it fetches the *php://input* stream data. - .. php:method:: set_cookie($name = ''[, $value = ''[, $expire = ''[, $domain = ''[, $path = '/'[, $prefix = ''[, $secure = FALSE[, $httponly = FALSE]]]]]]]) + .. php:method:: set_cookie($name = ''[, $value = ''[, $expire = ''[, $domain = ''[, $path = '/'[, $prefix = ''[, $secure = NULL[, $httponly = NULL]]]]]]]) :param mixed $name: Cookie name or an array of parameters :param string $value: Cookie value @@ -338,8 +338,8 @@ Class Reference The prefix is only needed if you need to avoid name collisions with other identically named cookies for your server. - The secure boolean is only needed if you want to make it a secure cookie - by setting it to TRUE. + The *httponly* and *secure* flags, when omitted, will default to your + ``$config['cookie_httponly']`` and ``$config['cookie_secure']`` settings. **Discrete Parameters** |