Remove $wgHttpOnlyBlacklist
This hack was added in r34083 / 6b16f44108 to support IE for Mac.
That browser is no longer supported, and no additional user-agent
strings have been added in WMF configuration.
Change-Id: Iffba121a9964e2ad387fad8827ddfd8dabcbd12e
This commit is contained in:
Kevin Israel
parent
96024533a6
commit
00b7f76aaf
4 changed files with 4 additions and 37 deletions
|
|
@ -50,6 +50,7 @@ production.
|
|||
prepended to the start of this array.
|
||||
* $wgQueryPages has been removed. Query Pages should be added to by using the
|
||||
wgQueryPages hook.
|
||||
* $wgHttpOnlyBlacklist has been removed.
|
||||
|
||||
=== New features in 1.23 ===
|
||||
* ResourceLoader can utilize the Web Storage API to cache modules client-side.
|
||||
|
|
|
|||
|
|
@ -4870,17 +4870,6 @@ $wgCookiePrefix = false;
|
|||
*/
|
||||
$wgCookieHttpOnly = true;
|
||||
|
||||
/**
|
||||
* If the requesting browser matches a regex in this blacklist, we won't
|
||||
* send it cookies with HttpOnly mode, even if $wgCookieHttpOnly is on.
|
||||
*/
|
||||
$wgHttpOnlyBlacklist = array(
|
||||
// Internet Explorer for Mac; sometimes the cookies work, sometimes
|
||||
// they don't. It's difficult to predict, as combinations of path
|
||||
// and expiration options affect its parsing.
|
||||
'/^Mozilla\/4\.0 \(compatible; MSIE \d+\.\d+; Mac_PowerPC\)/',
|
||||
);
|
||||
|
||||
/**
|
||||
* A list of cookies that vary the cache (for use by extensions)
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -3443,23 +3443,6 @@ function wfBaseConvert( $input, $sourceBase, $destBase, $pad = 1,
|
|||
return str_pad( $result, $pad, '0', STR_PAD_LEFT );
|
||||
}
|
||||
|
||||
/**
|
||||
* @return bool
|
||||
*/
|
||||
function wfHttpOnlySafe() {
|
||||
global $wgHttpOnlyBlacklist;
|
||||
|
||||
if ( isset( $_SERVER['HTTP_USER_AGENT'] ) ) {
|
||||
foreach ( $wgHttpOnlyBlacklist as $regex ) {
|
||||
if ( preg_match( $regex, $_SERVER['HTTP_USER_AGENT'] ) ) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if there is sufficient entropy in php's built-in session generation
|
||||
* @return bool true = there is sufficient entropy
|
||||
|
|
@ -3532,7 +3515,6 @@ function wfSetupSession( $sessionId = false ) {
|
|||
# hasn't already been set to the desired value (that causes errors)
|
||||
ini_set( 'session.save_handler', $wgSessionHandler );
|
||||
}
|
||||
$httpOnlySafe = wfHttpOnlySafe() && $wgCookieHttpOnly;
|
||||
wfDebugLog( 'cookie',
|
||||
'session_set_cookie_params: "' . implode( '", "',
|
||||
array(
|
||||
|
|
@ -3540,8 +3522,9 @@ function wfSetupSession( $sessionId = false ) {
|
|||
$wgCookiePath,
|
||||
$wgCookieDomain,
|
||||
$wgCookieSecure,
|
||||
$httpOnlySafe ) ) . '"' );
|
||||
session_set_cookie_params( 0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $httpOnlySafe );
|
||||
$wgCookieHttpOnly ) ) . '"' );
|
||||
session_set_cookie_params(
|
||||
0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgCookieHttpOnly );
|
||||
session_cache_limiter( 'private, must-revalidate' );
|
||||
if ( $sessionId ) {
|
||||
session_id( $sessionId );
|
||||
|
|
|
|||
|
|
@ -88,12 +88,6 @@ class WebResponse {
|
|||
$expire = time() + $wgCookieExpiration;
|
||||
}
|
||||
|
||||
// Don't mark the cookie as httpOnly if the requesting user-agent is
|
||||
// known to have trouble with httpOnly cookies.
|
||||
if ( !wfHttpOnlySafe() ) {
|
||||
$options['httpOnly'] = false;
|
||||
}
|
||||
|
||||
$func = $options['raw'] ? 'setrawcookie' : 'setcookie';
|
||||
|
||||
if ( wfRunHooks( 'WebResponseSetCookie', array( &$name, &$value, &$expire, $options ) ) ) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue