Remove prefix from forceHTTPS cookie
Match CentralAuth, and set appropriate expiration too. Bug: 53538 Change-Id: I3c16ff92781e1a72346058ae3838d8fc47019d55
This commit is contained in:
csteipp
parent
b4788865c2
commit
188823c074
2 changed files with 27 additions and 10 deletions
|
|
@ -3134,19 +3134,24 @@ class User {
|
|||
* true: Force setting the secure attribute when setting the cookie
|
||||
* false: Force NOT setting the secure attribute when setting the cookie
|
||||
* null (default): Use the default ($wgCookieSecure) to set the secure attribute
|
||||
* @param array $params Array of options sent passed to WebResponse::setcookie()
|
||||
*/
|
||||
protected function setCookie( $name, $value, $exp = 0, $secure = null ) {
|
||||
$this->getRequest()->response()->setcookie( $name, $value, $exp, array(
|
||||
'secure' => $secure,
|
||||
) );
|
||||
protected function setCookie( $name, $value, $exp = 0, $secure = null, $params = array() ) {
|
||||
$params['secure'] = $secure;
|
||||
$this->getRequest()->response()->setcookie( $name, $value, $exp, $params );
|
||||
}
|
||||
|
||||
/**
|
||||
* Clear a cookie on the user's client
|
||||
* @param string $name Name of the cookie to clear
|
||||
* @param bool $secure
|
||||
* true: Force setting the secure attribute when setting the cookie
|
||||
* false: Force NOT setting the secure attribute when setting the cookie
|
||||
* null (default): Use the default ($wgCookieSecure) to set the secure attribute
|
||||
* @param array $params Array of options sent passed to WebResponse::setcookie()
|
||||
*/
|
||||
protected function clearCookie( $name ) {
|
||||
$this->setCookie( $name, '', time() - 86400 );
|
||||
protected function clearCookie( $name, $secure = null, $params = array() ) {
|
||||
$this->setCookie( $name, '', time() - 86400, $secure, $params );
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -3204,10 +3209,22 @@ class User {
|
|||
/**
|
||||
* If wpStickHTTPS was selected, also set an insecure cookie that
|
||||
* will cause the site to redirect the user to HTTPS, if they access
|
||||
* it over HTTP. Bug 29898.
|
||||
* it over HTTP. Bug 29898. Use an un-prefixed cookie, so it's the same
|
||||
* as the one set by centralauth (bug 53538). Also set it to session, or
|
||||
* standard time setting, based on if rememberme was set.
|
||||
*/
|
||||
if ( $request->getCheck( 'wpStickHTTPS' ) || $this->requiresHTTPS() ) {
|
||||
$this->setCookie( 'forceHTTPS', 'true', time() + 2592000, false ); //30 days
|
||||
$time = null;
|
||||
if ( ( 1 == $this->getOption( 'rememberpassword' ) ) ) {
|
||||
$time = 0; // set to $wgCookieExpiration
|
||||
}
|
||||
$this->setCookie(
|
||||
'forceHTTPS',
|
||||
'true',
|
||||
$time,
|
||||
false,
|
||||
array( 'prefix' => '' ) // no prefix
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -3231,7 +3248,7 @@ class User {
|
|||
|
||||
$this->clearCookie( 'UserID' );
|
||||
$this->clearCookie( 'Token' );
|
||||
$this->clearCookie( 'forceHTTPS' );
|
||||
$this->clearCookie( 'forceHTTPS', false, array( 'prefix' => '' ) );
|
||||
|
||||
// Remember when user logged out, to prevent seeing cached pages
|
||||
$this->setCookie( 'LoggedOut', time(), time() + 86400 );
|
||||
|
|
|
|||
|
|
@ -508,7 +508,7 @@ class MediaWiki {
|
|||
// preference set, redirect them to HTTPS.
|
||||
if (
|
||||
(
|
||||
$request->getCookie( 'forceHTTPS' ) ||
|
||||
$request->getCookie( 'forceHTTPS', '' ) ||
|
||||
// Avoid checking the user and groups unless it's enabled.
|
||||
(
|
||||
$this->context->getUser()->isLoggedIn()
|
||||
|
|
|
|||
Loading…
Reference in a new issue