PageRenderTime 37ms CodeModel.GetById 12ms RepoModel.GetById 0ms app.codeStats 0ms

/src/wp-includes/class-wp-http-cookie.php

https://gitlab.com/morganestes/wordpress-develop
PHP | 251 lines | 98 code | 27 blank | 126 comment | 27 complexity | 56fc7443861696377a6523ef683e01f1 MD5 | raw file
    

  1. <?php
    2. 

  2. /**
    3. 

  3.  * HTTP API: WP_Http_Cookie class
    4. 

  4.  *
    5. 

  5.  * @package WordPress
    6. 

  6.  * @subpackage HTTP
    7. 

  7.  * @since 4.4.0
    8. 

  8.  */
    9. 

  9. 

  10. /**
    11. 

  11.  * Core class used to encapsulate a single cookie object for internal use.
    12. 

  12.  *
    13. 

  13.  * Returned cookies are represented using this class, and when cookies are set, if they are not
    14. 

  14.  * already a WP_Http_Cookie() object, then they are turned into one.
    15. 

  15.  *
    16. 

  16.  * @todo The WordPress convention is to use underscores instead of camelCase for function and method
    17. 

  17.  * names. Need to switch to use underscores instead for the methods.
    18. 

  18.  *
    19. 

  19.  * @since 2.8.0
    20. 

  20.  */
    21. 

  21. class WP_Http_Cookie {
    22. 

  22. 

  23. 	/**
    24. 

  24. 	 * Cookie name.
    25. 

  25. 	 *
    26. 

  26. 	 * @since 2.8.0
    27. 

  27. 	 * @var string
    28. 

  28. 	 */
    29. 

  29. 	public $name;
    30. 

  30. 

  31. 	/**
    32. 

  32. 	 * Cookie value.
    33. 

  33. 	 *
    34. 

  34. 	 * @since 2.8.0
    35. 

  35. 	 * @var string
    36. 

  36. 	 */
    37. 

  37. 	public $value;
    38. 

  38. 

  39. 	/**
    40. 

  40. 	 * When the cookie expires.
    41. 

  41. 	 *
    42. 

  42. 	 * @since 2.8.0
    43. 

  43. 	 * @var string
    44. 

  44. 	 */
    45. 

  45. 	public $expires;
    46. 

  46. 

  47. 	/**
    48. 

  48. 	 * Cookie URL path.
    49. 

  49. 	 *
    50. 

  50. 	 * @since 2.8.0
    51. 

  51. 	 * @var string
    52. 

  52. 	 */
    53. 

  53. 	public $path;
    54. 

  54. 

  55. 	/**
    56. 

  56. 	 * Cookie Domain.
    57. 

  57. 	 *
    58. 

  58. 	 * @since 2.8.0
    59. 

  59. 	 * @var string
    60. 

  60. 	 */
    61. 

  61. 	public $domain;
    62. 

  62. 

  63. 	/**
    64. 

  64. 	 * Sets up this cookie object.
    65. 

  65. 	 *
    66. 

  66. 	 * The parameter $data should be either an associative array containing the indices names below
    67. 

  67. 	 * or a header string detailing it.
    68. 

  68. 	 *
    69. 

  69. 	 * @since 2.8.0
    70. 

  70. 	 *
    71. 

  71. 	 * @param string|array $data {
    72. 

  72. 	 *     Raw cookie data as header string or data array.
    73. 

  73. 	 *
    74. 

  74. 	 *     @type string     $name    Cookie name.
    75. 

  75. 	 *     @type mixed      $value   Value. Should NOT already be urlencoded.
    76. 

  76. 	 *     @type string|int $expires Optional. Unix timestamp or formatted date. Default null.
    77. 

  77. 	 *     @type string     $path    Optional. Path. Default '/'.
    78. 

  78. 	 *     @type string     $domain  Optional. Domain. Default host of parsed $requested_url.
    79. 

  79. 	 *     @type int        $port    Optional. Port. Default null.
    80. 

  80. 	 * }
    81. 

  81. 	 * @param string       $requested_url The URL which the cookie was set on, used for default $domain
    82. 

  82. 	 *                                    and $port values.
    83. 

  83. 	 */
    84. 

  84. 	public function __construct( $data, $requested_url = '' ) {
    85. 

  85. 		if ( $requested_url ) {
    86. 

  86. 			$arrURL = @parse_url( $requested_url );
    87. 

  87. 		}
    88. 

  88. 		if ( isset( $arrURL['host'] ) ) {
    89. 

  89. 			$this->domain = $arrURL['host'];
    90. 

  90. 		}
    91. 

  91. 		$this->path = isset( $arrURL['path'] ) ? $arrURL['path'] : '/';
    92. 

  92. 		if ( '/' != substr( $this->path, -1 ) ) {
    93. 

  93. 			$this->path = dirname( $this->path ) . '/';
    94. 

  94. 		}
    95. 

  95. 

  96. 		if ( is_string( $data ) ) {
    97. 

  97. 			// Assume it's a header string direct from a previous request.
    98. 

  98. 			$pairs = explode( ';', $data );
    99. 

  99. 

  100. 			// Special handling for first pair; name=value. Also be careful of "=" in value.
    101. 

  101. 			$name        = trim( substr( $pairs[0], 0, strpos( $pairs[0], '=' ) ) );
    102. 

  102. 			$value       = substr( $pairs[0], strpos( $pairs[0], '=' ) + 1 );
    103. 

  103. 			$this->name  = $name;
    104. 

  104. 			$this->value = urldecode( $value );
    105. 

  105. 

  106. 			// Removes name=value from items.
    107. 

  107. 			array_shift( $pairs );
    108. 

  108. 

  109. 			// Set everything else as a property.
    110. 

  110. 			foreach ( $pairs as $pair ) {
    111. 

  111. 				$pair = rtrim( $pair );
    112. 

  112. 

  113. 				// Handle the cookie ending in ; which results in a empty final pair.
    114. 

  114. 				if ( empty( $pair ) ) {
    115. 

  115. 					continue;
    116. 

  116. 				}
    117. 

  117. 

  118. 				list( $key, $val ) = strpos( $pair, '=' ) ? explode( '=', $pair ) : array( $pair, '' );
    119. 

  119. 				$key               = strtolower( trim( $key ) );
    120. 

  120. 				if ( 'expires' == $key ) {
    121. 

  121. 					$val = strtotime( $val );
    122. 

  122. 				}
    123. 

  123. 				$this->$key = $val;
    124. 

  124. 			}
    125. 

  125. 		} else {
    126. 

  126. 			if ( ! isset( $data['name'] ) ) {
    127. 

  127. 				return;
    128. 

  128. 			}
    129. 

  129. 

  130. 			// Set properties based directly on parameters.
    131. 

  131. 			foreach ( array( 'name', 'value', 'path', 'domain', 'port' ) as $field ) {
    132. 

  132. 				if ( isset( $data[ $field ] ) ) {
    133. 

  133. 					$this->$field = $data[ $field ];
    134. 

  134. 				}
    135. 

  135. 			}
    136. 

  136. 

  137. 			if ( isset( $data['expires'] ) ) {
    138. 

  138. 				$this->expires = is_int( $data['expires'] ) ? $data['expires'] : strtotime( $data['expires'] );
    139. 

  139. 			} else {
    140. 

  140. 				$this->expires = null;
    141. 

  141. 			}
    142. 

  142. 		}
    143. 

  143. 	}
    144. 

  144. 

  145. 	/**
    146. 

  146. 	 * Confirms that it's OK to send this cookie to the URL checked against.
    147. 

  147. 	 *
    148. 

  148. 	 * Decision is based on RFC 2109/2965, so look there for details on validity.
    149. 

  149. 	 *
    150. 

  150. 	 * @since 2.8.0
    151. 

  151. 	 *
    152. 

  152. 	 * @param string $url URL you intend to send this cookie to
    153. 

  153. 	 * @return bool true if allowed, false otherwise.
    154. 

  154. 	 */
    155. 

  155. 	public function test( $url ) {
    156. 

  156. 		if ( is_null( $this->name ) ) {
    157. 

  157. 			return false;
    158. 

  158. 		}
    159. 

  159. 

  160. 		// Expires - if expired then nothing else matters.
    161. 

  161. 		if ( isset( $this->expires ) && time() > $this->expires ) {
    162. 

  162. 			return false;
    163. 

  163. 		}
    164. 

  164. 

  165. 		// Get details on the URL we're thinking about sending to.
    166. 

  166. 		$url         = parse_url( $url );
    167. 

  167. 		$url['port'] = isset( $url['port'] ) ? $url['port'] : ( 'https' == $url['scheme'] ? 443 : 80 );
    168. 

  168. 		$url['path'] = isset( $url['path'] ) ? $url['path'] : '/';
    169. 

  169. 

  170. 		// Values to use for comparison against the URL.
    171. 

  171. 		$path   = isset( $this->path ) ? $this->path : '/';
    172. 

  172. 		$port   = isset( $this->port ) ? $this->port : null;
    173. 

  173. 		$domain = isset( $this->domain ) ? strtolower( $this->domain ) : strtolower( $url['host'] );
    174. 

  174. 		if ( false === stripos( $domain, '.' ) ) {
    175. 

  175. 			$domain .= '.local';
    176. 

  176. 		}
    177. 

  177. 

  178. 		// Host - very basic check that the request URL ends with the domain restriction (minus leading dot).
    179. 

  179. 		$domain = substr( $domain, 0, 1 ) == '.' ? substr( $domain, 1 ) : $domain;
    180. 

  180. 		if ( substr( $url['host'], -strlen( $domain ) ) != $domain ) {
    181. 

  181. 			return false;
    182. 

  182. 		}
    183. 

  183. 

  184. 		// Port - supports "port-lists" in the format: "80,8000,8080".
    185. 

  185. 		if ( ! empty( $port ) && ! in_array( $url['port'], explode( ',', $port ) ) ) {
    186. 

  186. 			return false;
    187. 

  187. 		}
    188. 

  188. 

  189. 		// Path - request path must start with path restriction.
    190. 

  190. 		if ( substr( $url['path'], 0, strlen( $path ) ) != $path ) {
    191. 

  191. 			return false;
    192. 

  192. 		}
    193. 

  193. 

  194. 		return true;
    195. 

  195. 	}
    196. 

  196. 

  197. 	/**
    198. 

  198. 	 * Convert cookie name and value back to header string.
    199. 

  199. 	 *
    200. 

  200. 	 * @since 2.8.0
    201. 

  201. 	 *
    202. 

  202. 	 * @return string Header encoded cookie name and value.
    203. 

  203. 	 */
    204. 

  204. 	public function getHeaderValue() {
    205. 

  205. 		if ( ! isset( $this->name ) || ! isset( $this->value ) ) {
    206. 

  206. 			return '';
    207. 

  207. 		}
    208. 

  208. 

  209. 		/**
    210. 

  210. 		 * Filters the header-encoded cookie value.
    211. 

  211. 		 *
    212. 

  212. 		 * @since 3.4.0
    213. 

  213. 		 *
    214. 

  214. 		 * @param string $value The cookie value.
    215. 

  215. 		 * @param string $name  The cookie name.
    216. 

  216. 		 */
    217. 

  217. 		return $this->name . '=' . apply_filters( 'wp_http_cookie_value', $this->value, $this->name );
    218. 

  218. 	}
    219. 

  219. 

  220. 	/**
    221. 

  221. 	 * Retrieve cookie header for usage in the rest of the WordPress HTTP API.
    222. 

  222. 	 *
    223. 

  223. 	 * @since 2.8.0
    224. 

  224. 	 *
    225. 

  225. 	 * @return string
    226. 

  226. 	 */
    227. 

  227. 	public function getFullHeader() {
    228. 

  228. 		return 'Cookie: ' . $this->getHeaderValue();
    229. 

  229. 	}
    230. 

  230. 

  231. 	/**
    232. 

  232. 	 * Retrieves cookie attributes.
    233. 

  233. 	 *
    234. 

  234. 	 * @since 4.6.0
    235. 

  235. 	 *
    236. 

  236. 	 * @return array {
    237. 

  237. 	 *    List of attributes.
    238. 

  238. 	 *
    239. 

  239. 	 *    @type string $expires When the cookie expires.
    240. 

  240. 	 *    @type string $path    Cookie URL path.
    241. 

  241. 	 *    @type string $domain  Cookie domain.
    242. 

  242. 	 * }
    243. 

  243. 	 */
    244. 

  244. 	public function get_attributes() {
    245. 

  245. 		return array(
    246. 

  246. 			'expires' => $this->expires,
    247. 

  247. 			'path'    => $this->path,
    248. 

  248. 			'domain'  => $this->domain,
    249. 

  249. 		);
    250. 

  250. 	}
    251. 

  251. }
    252. 

  252.