diff options
Diffstat (limited to 'system')
| -rwxr-xr-x | system/core/Input.php | 13 | ||||
| -rwxr-xr-x | system/core/Security.php | 10 | ||||
| -rw-r--r-- | system/helpers/cookie_helper.php | 8 | ||||
| -rw-r--r-- | system/libraries/Session.php | 18 |
4 files changed, 33 insertions, 16 deletions
diff --git a/system/core/Input.php b/system/core/Input.php index 901b4147e..6e6885992 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -228,7 +228,7 @@ class CI_Input { /** * Set cookie * - * Accepts six parameter, or you can submit an associative + * Accepts seven parameters, or you can submit an associative * array in the first parameter containing all the values. * * @param mixed @@ -238,14 +238,15 @@ class CI_Input { * @param string the cookie path * @param string the cookie prefix * @param bool true makes the cookie secure + * @param bool true makes the cookie accessible via http(s) only (no javascript) * @return void */ - public function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE) + public function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE, $httponly = FALSE) { if (is_array($name)) { // always leave 'name' in last place, as the loop will break otherwise, due to $$item - foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'name') as $item) + foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'httponly', 'name') as $item) { if (isset($name[$item])) { @@ -270,6 +271,10 @@ class CI_Input { { $secure = config_item('cookie_secure'); } + if ($httponly == FALSE && config_item('cookie_httponly') != FALSE) + { + $httponly = config_item('cookie_httponly'); + } if ( ! is_numeric($expire)) { @@ -280,7 +285,7 @@ class CI_Input { $expire = ($expire > 0) ? time() + $expire : 0; } - setcookie($prefix.$name, $value, $expire, $path, $domain, $secure); + setcookie($prefix.$name, $value, $expire, $path, $domain, $secure, $httponly); } // -------------------------------------------------------------------- diff --git a/system/core/Security.php b/system/core/Security.php index cd8a61028..ac39ce97b 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -196,7 +196,15 @@ class CI_Security { return FALSE; } - setcookie($this->_csrf_cookie_name, $this->_csrf_hash, $expire, config_item('cookie_path'), config_item('cookie_domain'), $secure_cookie); + setcookie( + $this->_csrf_cookie_name, + $this->_csrf_hash, + $expire, + config_item('cookie_path'), + config_item('cookie_domain'), + $secure_cookie, + config_item('cookie_httponly') + ); log_message('debug', 'CRSF cookie Set'); return $this; diff --git a/system/helpers/cookie_helper.php b/system/helpers/cookie_helper.php index 38a2f78fc..ec8aa3250 100644 --- a/system/helpers/cookie_helper.php +++ b/system/helpers/cookie_helper.php @@ -40,7 +40,7 @@ /** * Set cookie * - * Accepts six parameter, or you can submit an associative + * Accepts seven parameters, or you can submit an associative * array in the first parameter containing all the values. * * @param mixed @@ -49,15 +49,17 @@ * @param string the cookie domain. Usually: .yourdomain.com * @param string the cookie path * @param string the cookie prefix + * @param bool true makes the cookie secure + * @param bool true makes the cookie accessible via http(s) only (no javascript) * @return void */ if ( ! function_exists('set_cookie')) { - function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE) + function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE, $httponly = FALSE) { // Set the config file options $CI =& get_instance(); - $CI->input->set_cookie($name, $value, $expire, $domain, $path, $prefix, $secure); + $CI->input->set_cookie($name, $value, $expire, $domain, $path, $prefix, $secure, $httponly); } } diff --git a/system/libraries/Session.php b/system/libraries/Session.php index 0b9d45b2a..0c8d46591 100644 --- a/system/libraries/Session.php +++ b/system/libraries/Session.php @@ -48,6 +48,7 @@ class CI_Session { public $cookie_path = ''; public $cookie_domain = ''; public $cookie_secure = FALSE; + public $cookie_httponly = FALSE; public $sess_time_to_update = 300; public $encryption_key = ''; public $flashdata_key = 'flash'; @@ -72,7 +73,7 @@ class CI_Session { // Set all the session preferences, which can either be set // manually via the $params array above or via the config file - foreach (array('sess_encrypt_cookie', 'sess_use_database', 'sess_table_name', 'sess_expiration', 'sess_expire_on_close', 'sess_match_ip', 'sess_match_useragent', 'sess_cookie_name', 'cookie_path', 'cookie_domain', 'cookie_secure', 'sess_time_to_update', 'time_reference', 'cookie_prefix', 'encryption_key') as $key) + foreach (array('sess_encrypt_cookie', 'sess_use_database', 'sess_table_name', 'sess_expiration', 'sess_expire_on_close', 'sess_match_ip', 'sess_match_useragent', 'sess_cookie_name', 'cookie_path', 'cookie_domain', 'cookie_secure', 'cookie_httponly', 'sess_time_to_update', 'time_reference', 'cookie_prefix', 'encryption_key') as $key) { $this->$key = (isset($params[$key])) ? $params[$key] : $this->CI->config->item($key); } @@ -666,13 +667,14 @@ class CI_Session { // Set the cookie setcookie( - $this->sess_cookie_name, - $cookie_data, - $expire, - $this->cookie_path, - $this->cookie_domain, - $this->cookie_secure - ); + $this->sess_cookie_name, + $cookie_data, + $expire, + $this->cookie_path, + $this->cookie_domain, + $this->cookie_secure, + $this->cookie_httponly + ); } // -------------------------------------------------------------------- |