summaryrefslogtreecommitdiffstats
path: root/system/core
diff options
context:
space:
mode:
authorfreewil <sean@eternalrise.com>2012-03-14 03:37:42 +0100
committerfreewil <sean@eternalrise.com>2012-03-18 19:32:17 +0100
commit4ad0fd86e8dc6dba74305dbb0c88c593b46a19a2 (patch)
treece86c3c8958b2df033c873386f6f8261bc40b0eb /system/core
parente464b39b8594ef317cf5b47b4e130ee9f63e7bd5 (diff)
add support for httponly cookies
Diffstat (limited to 'system/core')
-rwxr-xr-xsystem/core/Input.php13
-rwxr-xr-xsystem/core/Security.php10
2 files changed, 18 insertions, 5 deletions
diff --git a/system/core/Input.php b/system/core/Input.php
index 901b4147e..6e6885992 100755
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -228,7 +228,7 @@ class CI_Input {
/**
* Set cookie
*
- * Accepts six parameter, or you can submit an associative
+ * Accepts seven parameters, or you can submit an associative
* array in the first parameter containing all the values.
*
* @param mixed
@@ -238,14 +238,15 @@ class CI_Input {
* @param string the cookie path
* @param string the cookie prefix
* @param bool true makes the cookie secure
+ * @param bool true makes the cookie accessible via http(s) only (no javascript)
* @return void
*/
- public function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE)
+ public function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE, $httponly = FALSE)
{
if (is_array($name))
{
// always leave 'name' in last place, as the loop will break otherwise, due to $$item
- foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'name') as $item)
+ foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'httponly', 'name') as $item)
{
if (isset($name[$item]))
{
@@ -270,6 +271,10 @@ class CI_Input {
{
$secure = config_item('cookie_secure');
}
+ if ($httponly == FALSE && config_item('cookie_httponly') != FALSE)
+ {
+ $httponly = config_item('cookie_httponly');
+ }
if ( ! is_numeric($expire))
{
@@ -280,7 +285,7 @@ class CI_Input {
$expire = ($expire > 0) ? time() + $expire : 0;
}
- setcookie($prefix.$name, $value, $expire, $path, $domain, $secure);
+ setcookie($prefix.$name, $value, $expire, $path, $domain, $secure, $httponly);
}
// --------------------------------------------------------------------
diff --git a/system/core/Security.php b/system/core/Security.php
index cd8a61028..ac39ce97b 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -196,7 +196,15 @@ class CI_Security {
return FALSE;
}
- setcookie($this->_csrf_cookie_name, $this->_csrf_hash, $expire, config_item('cookie_path'), config_item('cookie_domain'), $secure_cookie);
+ setcookie(
+ $this->_csrf_cookie_name,
+ $this->_csrf_hash,
+ $expire,
+ config_item('cookie_path'),
+ config_item('cookie_domain'),
+ $secure_cookie,
+ config_item('cookie_httponly')
+ );
log_message('debug', 'CRSF cookie Set');
return $this;