Remove $wgHttpOnlyBlacklist

This hack was added in r34083 / 6b16f44108 to support IE for Mac.
That browser is no longer supported, and no additional user-agent
strings have been added in WMF configuration.

Change-Id: Iffba121a9964e2ad387fad8827ddfd8dabcbd12e

RELEASE-NOTES-1.23

@@ -50,6 +50,7 @@ production.
   prepended to the start of this array.
 * $wgQueryPages has been removed. Query Pages should be added to by using the
   wgQueryPages hook.
+* $wgHttpOnlyBlacklist has been removed.
 
 === New features in 1.23 ===
 * ResourceLoader can utilize the Web Storage API to cache modules client-side.

includes/DefaultSettings.php

@@ -4870,17 +4870,6 @@ $wgCookiePrefix = false;
  */
 $wgCookieHttpOnly = true;
 
-/**
- * If the requesting browser matches a regex in this blacklist, we won't
- * send it cookies with HttpOnly mode, even if $wgCookieHttpOnly is on.
- */
-$wgHttpOnlyBlacklist = array(
-	// Internet Explorer for Mac; sometimes the cookies work, sometimes
-	// they don't. It's difficult to predict, as combinations of path
-	// and expiration options affect its parsing.
-	'/^Mozilla\/4\.0 \(compatible; MSIE \d+\.\d+; Mac_PowerPC\)/',
-);
-
 /**
  * A list of cookies that vary the cache (for use by extensions)
  */

includes/GlobalFunctions.php

@@ -3443,23 +3443,6 @@ function wfBaseConvert( $input, $sourceBase, $destBase, $pad = 1,
 	return str_pad( $result, $pad, '0', STR_PAD_LEFT );
 }
 
-/**
- * @return bool
- */
-function wfHttpOnlySafe() {
-	global $wgHttpOnlyBlacklist;
-
-	if ( isset( $_SERVER['HTTP_USER_AGENT'] ) ) {
-		foreach ( $wgHttpOnlyBlacklist as $regex ) {
-			if ( preg_match( $regex, $_SERVER['HTTP_USER_AGENT'] ) ) {
-				return false;
-			}
-		}
-	}
-
-	return true;
-}
-
 /**
  * Check if there is sufficient entropy in php's built-in session generation
  * @return bool true = there is sufficient entropy
@@ -3532,7 +3515,6 @@ function wfSetupSession( $sessionId = false ) {
 		# hasn't already been set to the desired value (that causes errors)
 		ini_set( 'session.save_handler', $wgSessionHandler );
 	}
-	$httpOnlySafe = wfHttpOnlySafe() && $wgCookieHttpOnly;
 	wfDebugLog( 'cookie',
 		'session_set_cookie_params: "' . implode( '", "',
 			array(
@@ -3540,8 +3522,9 @@ function wfSetupSession( $sessionId = false ) {
 				$wgCookiePath,
 				$wgCookieDomain,
 				$wgCookieSecure,
-				$httpOnlySafe ) ) . '"' );
+				$wgCookieHttpOnly ) ) . '"' );
-	session_set_cookie_params( 0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $httpOnlySafe );
+	session_set_cookie_params(
+		0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgCookieHttpOnly );
 	session_cache_limiter( 'private, must-revalidate' );
 	if ( $sessionId ) {
 		session_id( $sessionId );

includes/WebResponse.php

@@ -88,12 +88,6 @@ class WebResponse {
 			$expire = time() + $wgCookieExpiration;
 		}
 
-		// Don't mark the cookie as httpOnly if the requesting user-agent is
-		// known to have trouble with httpOnly cookies.
-		if ( !wfHttpOnlySafe() ) {
-			$options['httpOnly'] = false;
-		}
-
 		$func = $options['raw'] ? 'setrawcookie' : 'setcookie';
 
 		if ( wfRunHooks( 'WebResponseSetCookie', array( &$name, &$value, &$expire, $options ) ) ) {