59 * @var string |
59 * @var string |
60 */ |
60 */ |
61 public $domain; |
61 public $domain; |
62 |
62 |
63 /** |
63 /** |
|
64 * host-only flag. |
|
65 * |
|
66 * @since 5.2.0 |
|
67 * @var bool |
|
68 */ |
|
69 public $host_only; |
|
70 |
|
71 /** |
64 * Sets up this cookie object. |
72 * Sets up this cookie object. |
65 * |
73 * |
66 * The parameter $data should be either an associative array containing the indices names below |
74 * The parameter $data should be either an associative array containing the indices names below |
67 * or a header string detailing it. |
75 * or a header string detailing it. |
68 * |
76 * |
69 * @since 2.8.0 |
77 * @since 2.8.0 |
|
78 * @since 5.2.0 Added `host_only` to the `$data` parameter. |
70 * |
79 * |
71 * @param string|array $data { |
80 * @param string|array $data { |
72 * Raw cookie data as header string or data array. |
81 * Raw cookie data as header string or data array. |
73 * |
82 * |
74 * @type string $name Cookie name. |
83 * @type string $name Cookie name. |
75 * @type mixed $value Value. Should NOT already be urlencoded. |
84 * @type mixed $value Value. Should NOT already be urlencoded. |
76 * @type string|int $expires Optional. Unix timestamp or formatted date. Default null. |
85 * @type string|int $expires Optional. Unix timestamp or formatted date. Default null. |
77 * @type string $path Optional. Path. Default '/'. |
86 * @type string $path Optional. Path. Default '/'. |
78 * @type string $domain Optional. Domain. Default host of parsed $requested_url. |
87 * @type string $domain Optional. Domain. Default host of parsed $requested_url. |
79 * @type int $port Optional. Port. Default null. |
88 * @type int $port Optional. Port. Default null. |
|
89 * @type bool $host_only Optional. host-only storage flag. Default true. |
80 * } |
90 * } |
81 * @param string $requested_url The URL which the cookie was set on, used for default $domain |
91 * @param string $requested_url The URL which the cookie was set on, used for default $domain |
82 * and $port values. |
92 * and $port values. |
83 */ |
93 */ |
84 public function __construct( $data, $requested_url = '' ) { |
94 public function __construct( $data, $requested_url = '' ) { |
85 if ( $requested_url ) |
95 if ( $requested_url ) { |
86 $arrURL = @parse_url( $requested_url ); |
96 $arrURL = @parse_url( $requested_url ); |
87 if ( isset( $arrURL['host'] ) ) |
97 } |
|
98 if ( isset( $arrURL['host'] ) ) { |
88 $this->domain = $arrURL['host']; |
99 $this->domain = $arrURL['host']; |
|
100 } |
89 $this->path = isset( $arrURL['path'] ) ? $arrURL['path'] : '/'; |
101 $this->path = isset( $arrURL['path'] ) ? $arrURL['path'] : '/'; |
90 if ( '/' != substr( $this->path, -1 ) ) |
102 if ( '/' != substr( $this->path, -1 ) ) { |
91 $this->path = dirname( $this->path ) . '/'; |
103 $this->path = dirname( $this->path ) . '/'; |
|
104 } |
92 |
105 |
93 if ( is_string( $data ) ) { |
106 if ( is_string( $data ) ) { |
94 // Assume it's a header string direct from a previous request. |
107 // Assume it's a header string direct from a previous request. |
95 $pairs = explode( ';', $data ); |
108 $pairs = explode( ';', $data ); |
96 |
109 |
97 // Special handling for first pair; name=value. Also be careful of "=" in value. |
110 // Special handling for first pair; name=value. Also be careful of "=" in value. |
98 $name = trim( substr( $pairs[0], 0, strpos( $pairs[0], '=' ) ) ); |
111 $name = trim( substr( $pairs[0], 0, strpos( $pairs[0], '=' ) ) ); |
99 $value = substr( $pairs[0], strpos( $pairs[0], '=' ) + 1 ); |
112 $value = substr( $pairs[0], strpos( $pairs[0], '=' ) + 1 ); |
100 $this->name = $name; |
113 $this->name = $name; |
101 $this->value = urldecode( $value ); |
114 $this->value = urldecode( $value ); |
102 |
115 |
103 // Removes name=value from items. |
116 // Removes name=value from items. |
104 array_shift( $pairs ); |
117 array_shift( $pairs ); |
105 |
118 |
106 // Set everything else as a property. |
119 // Set everything else as a property. |
107 foreach ( $pairs as $pair ) { |
120 foreach ( $pairs as $pair ) { |
108 $pair = rtrim($pair); |
121 $pair = rtrim( $pair ); |
109 |
122 |
110 // Handle the cookie ending in ; which results in a empty final pair. |
123 // Handle the cookie ending in ; which results in a empty final pair. |
111 if ( empty($pair) ) |
124 if ( empty( $pair ) ) { |
112 continue; |
125 continue; |
|
126 } |
113 |
127 |
114 list( $key, $val ) = strpos( $pair, '=' ) ? explode( '=', $pair ) : array( $pair, '' ); |
128 list( $key, $val ) = strpos( $pair, '=' ) ? explode( '=', $pair ) : array( $pair, '' ); |
115 $key = strtolower( trim( $key ) ); |
129 $key = strtolower( trim( $key ) ); |
116 if ( 'expires' == $key ) |
130 if ( 'expires' == $key ) { |
117 $val = strtotime( $val ); |
131 $val = strtotime( $val ); |
|
132 } |
118 $this->$key = $val; |
133 $this->$key = $val; |
119 } |
134 } |
120 } else { |
135 } else { |
121 if ( !isset( $data['name'] ) ) |
136 if ( ! isset( $data['name'] ) ) { |
122 return; |
137 return; |
|
138 } |
123 |
139 |
124 // Set properties based directly on parameters. |
140 // Set properties based directly on parameters. |
125 foreach ( array( 'name', 'value', 'path', 'domain', 'port' ) as $field ) { |
141 foreach ( array( 'name', 'value', 'path', 'domain', 'port', 'host_only' ) as $field ) { |
126 if ( isset( $data[ $field ] ) ) |
142 if ( isset( $data[ $field ] ) ) { |
127 $this->$field = $data[ $field ]; |
143 $this->$field = $data[ $field ]; |
128 } |
144 } |
129 |
145 } |
130 if ( isset( $data['expires'] ) ) |
146 |
|
147 if ( isset( $data['expires'] ) ) { |
131 $this->expires = is_int( $data['expires'] ) ? $data['expires'] : strtotime( $data['expires'] ); |
148 $this->expires = is_int( $data['expires'] ) ? $data['expires'] : strtotime( $data['expires'] ); |
132 else |
149 } else { |
133 $this->expires = null; |
150 $this->expires = null; |
|
151 } |
134 } |
152 } |
135 } |
153 } |
136 |
154 |
137 /** |
155 /** |
138 * Confirms that it's OK to send this cookie to the URL checked against. |
156 * Confirms that it's OK to send this cookie to the URL checked against. |
143 * |
161 * |
144 * @param string $url URL you intend to send this cookie to |
162 * @param string $url URL you intend to send this cookie to |
145 * @return bool true if allowed, false otherwise. |
163 * @return bool true if allowed, false otherwise. |
146 */ |
164 */ |
147 public function test( $url ) { |
165 public function test( $url ) { |
148 if ( is_null( $this->name ) ) |
166 if ( is_null( $this->name ) ) { |
149 return false; |
167 return false; |
|
168 } |
150 |
169 |
151 // Expires - if expired then nothing else matters. |
170 // Expires - if expired then nothing else matters. |
152 if ( isset( $this->expires ) && time() > $this->expires ) |
171 if ( isset( $this->expires ) && time() > $this->expires ) { |
153 return false; |
172 return false; |
|
173 } |
154 |
174 |
155 // Get details on the URL we're thinking about sending to. |
175 // Get details on the URL we're thinking about sending to. |
156 $url = parse_url( $url ); |
176 $url = parse_url( $url ); |
157 $url['port'] = isset( $url['port'] ) ? $url['port'] : ( 'https' == $url['scheme'] ? 443 : 80 ); |
177 $url['port'] = isset( $url['port'] ) ? $url['port'] : ( 'https' == $url['scheme'] ? 443 : 80 ); |
158 $url['path'] = isset( $url['path'] ) ? $url['path'] : '/'; |
178 $url['path'] = isset( $url['path'] ) ? $url['path'] : '/'; |
159 |
179 |
160 // Values to use for comparison against the URL. |
180 // Values to use for comparison against the URL. |
161 $path = isset( $this->path ) ? $this->path : '/'; |
181 $path = isset( $this->path ) ? $this->path : '/'; |
162 $port = isset( $this->port ) ? $this->port : null; |
182 $port = isset( $this->port ) ? $this->port : null; |
163 $domain = isset( $this->domain ) ? strtolower( $this->domain ) : strtolower( $url['host'] ); |
183 $domain = isset( $this->domain ) ? strtolower( $this->domain ) : strtolower( $url['host'] ); |
164 if ( false === stripos( $domain, '.' ) ) |
184 if ( false === stripos( $domain, '.' ) ) { |
165 $domain .= '.local'; |
185 $domain .= '.local'; |
|
186 } |
166 |
187 |
167 // Host - very basic check that the request URL ends with the domain restriction (minus leading dot). |
188 // Host - very basic check that the request URL ends with the domain restriction (minus leading dot). |
168 $domain = substr( $domain, 0, 1 ) == '.' ? substr( $domain, 1 ) : $domain; |
189 $domain = substr( $domain, 0, 1 ) == '.' ? substr( $domain, 1 ) : $domain; |
169 if ( substr( $url['host'], -strlen( $domain ) ) != $domain ) |
190 if ( substr( $url['host'], -strlen( $domain ) ) != $domain ) { |
170 return false; |
191 return false; |
|
192 } |
171 |
193 |
172 // Port - supports "port-lists" in the format: "80,8000,8080". |
194 // Port - supports "port-lists" in the format: "80,8000,8080". |
173 if ( !empty( $port ) && !in_array( $url['port'], explode( ',', $port) ) ) |
195 if ( ! empty( $port ) && ! in_array( $url['port'], explode( ',', $port ) ) ) { |
174 return false; |
196 return false; |
|
197 } |
175 |
198 |
176 // Path - request path must start with path restriction. |
199 // Path - request path must start with path restriction. |
177 if ( substr( $url['path'], 0, strlen( $path ) ) != $path ) |
200 if ( substr( $url['path'], 0, strlen( $path ) ) != $path ) { |
178 return false; |
201 return false; |
|
202 } |
179 |
203 |
180 return true; |
204 return true; |
181 } |
205 } |
182 |
206 |
183 /** |
207 /** |