[MediaWiki-commits] [Gerrit] Remove $wgHttpOnlyBlacklist - change (mediawiki/core)

Thu, 20 Mar 2014 18:28:49 -0700 

PleaseStand has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/119919

Change subject: Remove $wgHttpOnlyBlacklist
......................................................................

Remove $wgHttpOnlyBlacklist

This hack was added in r34083 / 6b16f4410897 to support IE for Mac.
That browser is no longer supported, and no additional user-agent
strings have been added in WMF configuration.

Change-Id: Iffba121a9964e2ad387fad8827ddfd8dabcbd12e
---
M RELEASE-NOTES-1.23
M includes/DefaultSettings.php
M includes/GlobalFunctions.php
M includes/WebResponse.php
4 files changed, 4 insertions(+), 37 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/19/119919/1

diff --git a/RELEASE-NOTES-1.23 b/RELEASE-NOTES-1.23
index 340aa50..9633edd 100644
--- a/RELEASE-NOTES-1.23
+++ b/RELEASE-NOTES-1.23
@@ -50,6 +50,7 @@
   prepended to the start of this array.
 * $wgQueryPages has been removed. Query Pages should be added to by using the
   wgQueryPages hook.
+* $wgHttpOnlyBlacklist has been removed.
 
 === New features in 1.23 ===
 * ResourceLoader can utilize the Web Storage API to cache modules client-side.
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index c6ebb35..3c4ef50 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -4871,17 +4871,6 @@
 $wgCookieHttpOnly = true;
 
 /**
- * If the requesting browser matches a regex in this blacklist, we won't
- * send it cookies with HttpOnly mode, even if $wgCookieHttpOnly is on.
- */
-$wgHttpOnlyBlacklist = array(
-       // Internet Explorer for Mac; sometimes the cookies work, sometimes
-       // they don't. It's difficult to predict, as combinations of path
-       // and expiration options affect its parsing.
-       '/^Mozilla\/4\.0 \(compatible; MSIE \d+\.\d+; Mac_PowerPC\)/',
-);
-
-/**
  * A list of cookies that vary the cache (for use by extensions)
  */
 $wgCacheVaryCookies = array();
diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php
index a6f936f..61d1a70 100644
--- a/includes/GlobalFunctions.php
+++ b/includes/GlobalFunctions.php
@@ -3444,23 +3444,6 @@
 }
 
 /**
- * @return bool
- */
-function wfHttpOnlySafe() {
-       global $wgHttpOnlyBlacklist;
-
-       if ( isset( $_SERVER['HTTP_USER_AGENT'] ) ) {
-               foreach ( $wgHttpOnlyBlacklist as $regex ) {
-                       if ( preg_match( $regex, $_SERVER['HTTP_USER_AGENT'] ) 
) {
-                               return false;
-                       }
-               }
-       }
-
-       return true;
-}
-
-/**
  * Check if there is sufficient entropy in php's built-in session generation
  * @return bool true = there is sufficient entropy
  */
@@ -3532,7 +3515,6 @@
                # hasn't already been set to the desired value (that causes 
errors)
                ini_set( 'session.save_handler', $wgSessionHandler );
        }
-       $httpOnlySafe = wfHttpOnlySafe() && $wgCookieHttpOnly;
        wfDebugLog( 'cookie',
                'session_set_cookie_params: "' . implode( '", "',
                        array(
@@ -3540,8 +3522,9 @@
                                $wgCookiePath,
                                $wgCookieDomain,
                                $wgCookieSecure,
-                               $httpOnlySafe ) ) . '"' );
-       session_set_cookie_params( 0, $wgCookiePath, $wgCookieDomain, 
$wgCookieSecure, $httpOnlySafe );
+                               $wgCookieHttpOnly ) ) . '"' );
+       session_set_cookie_params(
+               0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, 
$wgCookieHttpOnly );
        session_cache_limiter( 'private, must-revalidate' );
        if ( $sessionId ) {
                session_id( $sessionId );
diff --git a/includes/WebResponse.php b/includes/WebResponse.php
index ab7524c..a3dadd0 100644
--- a/includes/WebResponse.php
+++ b/includes/WebResponse.php
@@ -88,12 +88,6 @@
                        $expire = time() + $wgCookieExpiration;
                }
 
-               // Don't mark the cookie as httpOnly if the requesting 
user-agent is
-               // known to have trouble with httpOnly cookies.
-               if ( !wfHttpOnlySafe() ) {
-                       $options['httpOnly'] = false;
-               }
-
                $func = $options['raw'] ? 'setrawcookie' : 'setcookie';
 
                if ( wfRunHooks( 'WebResponseSetCookie', array( &$name, 
&$value, &$expire, $options ) ) ) {

-- 
To view, visit https://gerrit.wikimedia.org/r/119919
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Iffba121a9964e2ad387fad8827ddfd8dabcbd12e
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: PleaseStand <pleasest...@live.com>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to