summaryrefslogtreecommitdiffstats
path: root/system
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2022-01-05 16:52:40 +0100
committerGitHub <noreply@github.com>2022-01-05 16:52:40 +0100
commitc382445b71682cfa4ee9048a5b775d07102d0ef8 (patch)
tree72f742fa278de276601724ca413dc773eaa67239 /system
parent5e79f1b0dda522efcd1a0cb379d6e7fb1f5cc557 (diff)
parent1415d4ec99c7dbaec2c34742536e00eb9cb7493f (diff)
Merge pull request #6025 from gxgpet/develop
SameSite attribute implementation for CI_Input::set_cookie
Diffstat (limited to 'system')
-rw-r--r--system/core/Input.php42
1 files changed, 39 insertions, 3 deletions
diff --git a/system/core/Input.php b/system/core/Input.php
index 87e6cfed9..71f28221f 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -300,14 +300,15 @@ class CI_Input {
* @param string $prefix Cookie name prefix
* @param bool $secure Whether to only transfer cookies via SSL
* @param bool $httponly Whether to only makes the cookie accessible via HTTP (no javascript)
+ * @param string $samesite SameSite attribute
* @return void
*/
- public function set_cookie($name, $value = '', $expire = 0, $domain = '', $path = '/', $prefix = '', $secure = NULL, $httponly = NULL)
+ public function set_cookie($name, $value = '', $expire = 0, $domain = '', $path = '/', $prefix = '', $secure = NULL, $httponly = NULL, $samesite = NULL)
{
if (is_array($name))
{
// always leave 'name' in last place, as the loop will break otherwise, due to $$item
- foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'httponly', 'name') as $item)
+ foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'httponly', 'name', 'samesite') as $item)
{
if (isset($name[$item]))
{
@@ -348,7 +349,42 @@ class CI_Input {
$expire = ($expire > 0) ? time() + $expire : 0;
}
- setcookie($prefix.$name, $value, $expire, $path, $domain, $secure, $httponly);
+ isset($samesite) OR $samesite = config_item('cookie_samesite');
+ if (isset($samesite))
+ {
+ $samesite = ucfirst(strtolower($samesite));
+ in_array($samesite, array('Lax', 'Strict', 'None'), TRUE) OR $samesite = 'Lax';
+ }
+ else
+ {
+ $samesite = 'Lax';
+ }
+
+ if ($samesite === 'None' && ! $secure)
+ {
+ log_message('error', $name.' cookie sent with SameSite=None, but without Secure attribute.');
+ }
+
+ if (is_php('7.3'))
+ {
+ $setcookie_options = array(
+ 'expires' => $expire,
+ 'path' => $path,
+ 'domain' => $domain,
+ 'secure' => $secure,
+ 'httponly' => $httponly,
+ 'samesite' => $samesite,
+ );
+ setcookie($prefix.$name, $value, $setcookie_options);
+ }
+ else
+ {
+ $cookie_header = 'Set-Cookie: '.$prefix.$name.'='.rawurlencode($value);
+ $cookie_header .= ($expire === 0 ? '' : '; expires='.gmdate('D, d-M-Y H:i:s T', $expire));
+ $cookie_header .= '; path='.$path.($domain !== '' ? '; domain='.$domain : '');
+ $cookie_header .= ($secure ? '; secure' : '').($httponly ? '; HttpOnly' : '').'; SameSite='.$samesite;
+ header($cookie_header);
+ }
}
// --------------------------------------------------------------------