diff options
| author | freewil <sean@eternalrise.com> | 2012-03-14 03:37:42 +0100 |
|---|---|---|
| committer | freewil <sean@eternalrise.com> | 2012-03-18 19:32:17 +0100 |
| commit | 4ad0fd86e8dc6dba74305dbb0c88c593b46a19a2 (patch) | |
| tree | ce86c3c8958b2df033c873386f6f8261bc40b0eb /system/core | |
| parent | e464b39b8594ef317cf5b47b4e130ee9f63e7bd5 (diff) | |
add support for httponly cookies
Diffstat (limited to 'system/core')
| -rwxr-xr-x | system/core/Input.php | 13 | ||||
| -rwxr-xr-x | system/core/Security.php | 10 |
2 files changed, 18 insertions, 5 deletions
diff --git a/system/core/Input.php b/system/core/Input.php index 901b4147e..6e6885992 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -228,7 +228,7 @@ class CI_Input { /** * Set cookie * - * Accepts six parameter, or you can submit an associative + * Accepts seven parameters, or you can submit an associative * array in the first parameter containing all the values. * * @param mixed @@ -238,14 +238,15 @@ class CI_Input { * @param string the cookie path * @param string the cookie prefix * @param bool true makes the cookie secure + * @param bool true makes the cookie accessible via http(s) only (no javascript) * @return void */ - public function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE) + public function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE, $httponly = FALSE) { if (is_array($name)) { // always leave 'name' in last place, as the loop will break otherwise, due to $$item - foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'name') as $item) + foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'httponly', 'name') as $item) { if (isset($name[$item])) { @@ -270,6 +271,10 @@ class CI_Input { { $secure = config_item('cookie_secure'); } + if ($httponly == FALSE && config_item('cookie_httponly') != FALSE) + { + $httponly = config_item('cookie_httponly'); + } if ( ! is_numeric($expire)) { @@ -280,7 +285,7 @@ class CI_Input { $expire = ($expire > 0) ? time() + $expire : 0; } - setcookie($prefix.$name, $value, $expire, $path, $domain, $secure); + setcookie($prefix.$name, $value, $expire, $path, $domain, $secure, $httponly); } // -------------------------------------------------------------------- diff --git a/system/core/Security.php b/system/core/Security.php index cd8a61028..ac39ce97b 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -196,7 +196,15 @@ class CI_Security { return FALSE; } - setcookie($this->_csrf_cookie_name, $this->_csrf_hash, $expire, config_item('cookie_path'), config_item('cookie_domain'), $secure_cookie); + setcookie( + $this->_csrf_cookie_name, + $this->_csrf_hash, + $expire, + config_item('cookie_path'), + config_item('cookie_domain'), + $secure_cookie, + config_item('cookie_httponly') + ); log_message('debug', 'CRSF cookie Set'); return $this; |