[MediaWiki-commits] [Gerrit] Remove prefix from forceHTTPS cookie - change (mediawiki/core)

Thu, 29 Aug 2013 13:58:02 -0700 

jenkins-bot has submitted this change and it was merged.

Change subject: Remove prefix from forceHTTPS cookie
......................................................................


Remove prefix from forceHTTPS cookie

Match CentralAuth, and set appropriate expiration too.

Bug: 53538
Change-Id: I3c16ff92781e1a72346058ae3838d8fc47019d55
---
M includes/User.php
M includes/Wiki.php
2 files changed, 27 insertions(+), 10 deletions(-)

Approvals:
  Chad: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/includes/User.php b/includes/User.php
index 25b35b3..f70b50e 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -3134,19 +3134,24 @@
         *  true: Force setting the secure attribute when setting the cookie
         *  false: Force NOT setting the secure attribute when setting the 
cookie
         *  null (default): Use the default ($wgCookieSecure) to set the secure 
attribute
+        * @param array $params Array of options sent passed to 
WebResponse::setcookie()
         */
-       protected function setCookie( $name, $value, $exp = 0, $secure = null ) 
{
-               $this->getRequest()->response()->setcookie( $name, $value, 
$exp, array(
-                       'secure' => $secure,
-               ) );
+       protected function setCookie( $name, $value, $exp = 0, $secure = null, 
$params = array() ) {
+               $params['secure'] = $secure;
+               $this->getRequest()->response()->setcookie( $name, $value, 
$exp, $params );
        }
 
        /**
         * Clear a cookie on the user's client
         * @param string $name Name of the cookie to clear
+        * @param bool $secure
+        *  true: Force setting the secure attribute when setting the cookie
+        *  false: Force NOT setting the secure attribute when setting the 
cookie
+        *  null (default): Use the default ($wgCookieSecure) to set the secure 
attribute
+        * @param array $params Array of options sent passed to 
WebResponse::setcookie()
         */
-       protected function clearCookie( $name ) {
-               $this->setCookie( $name, '', time() - 86400 );
+       protected function clearCookie( $name, $secure = null, $params = 
array() ) {
+               $this->setCookie( $name, '', time() - 86400, $secure, $params );
        }
 
        /**
@@ -3204,10 +3209,22 @@
                /**
                 * If wpStickHTTPS was selected, also set an insecure cookie 
that
                 * will cause the site to redirect the user to HTTPS, if they 
access
-                * it over HTTP. Bug 29898.
+                * it over HTTP. Bug 29898. Use an un-prefixed cookie, so it's 
the same
+                * as the one set by centralauth (bug 53538). Also set it to 
session, or
+                * standard time setting, based on if rememberme was set.
                 */
                if ( $request->getCheck( 'wpStickHTTPS' ) || 
$this->requiresHTTPS() ) {
-                       $this->setCookie( 'forceHTTPS', 'true', time() + 
2592000, false ); //30 days
+                       $time = null;
+                       if ( ( 1 == $this->getOption( 'rememberpassword' ) ) ) {
+                               $time = 0; // set to $wgCookieExpiration
+                       }
+                       $this->setCookie(
+                               'forceHTTPS',
+                               'true',
+                               $time,
+                               false,
+                               array( 'prefix' => '' ) // no prefix
+                       );
                }
        }
 
@@ -3231,7 +3248,7 @@
 
                $this->clearCookie( 'UserID' );
                $this->clearCookie( 'Token' );
-               $this->clearCookie( 'forceHTTPS' );
+               $this->clearCookie( 'forceHTTPS', false, array( 'prefix' => '' 
) );
 
                // Remember when user logged out, to prevent seeing cached pages
                $this->setCookie( 'LoggedOut', time(), time() + 86400 );
diff --git a/includes/Wiki.php b/includes/Wiki.php
index 6ac9341..35fa8e6 100644
--- a/includes/Wiki.php
+++ b/includes/Wiki.php
@@ -508,7 +508,7 @@
                // preference set, redirect them to HTTPS.
                if (
                        (
-                               $request->getCookie( 'forceHTTPS' ) ||
+                               $request->getCookie( 'forceHTTPS', '' ) ||
                                // Avoid checking the user and groups unless 
it's enabled.
                                (
                                        $this->context->getUser()->isLoggedIn()

-- 
To view, visit https://gerrit.wikimedia.org/r/81864
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I3c16ff92781e1a72346058ae3838d8fc47019d55
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: CSteipp <cste...@wikimedia.org>
Gerrit-Reviewer: Aaron Schulz <asch...@wikimedia.org>
Gerrit-Reviewer: Chad <ch...@wikimedia.org>
Gerrit-Reviewer: Parent5446 <tylerro...@gmail.com>
Gerrit-Reviewer: jenkins-bot

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to