Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:16872 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 58866 invoked by uid 1010); 23 Jun 2005 01:29:55 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 58851 invoked from network); 23 Jun 2005 01:29:55 -0000 Received: from unknown (HELO t-online.de) (127.0.0.1) by localhost with SMTP; 23 Jun 2005 01:29:55 -0000 X-Host-Fingerprint: 194.25.134.84 mailout09.sul.t-online.com Linux 2.4/2.6 Received: from ([194.25.134.84:40091] helo=mailout09.sul.t-online.com) by pb1.pair.com (ecelerity 1.2 r(5656M)) with SMTP id B5/9C-22648-3901AB24 for ; Wed, 22 Jun 2005 21:29:55 -0400 Received: from fwd29.aul.t-online.de by mailout09.sul.t-online.com with smtp id 1DlGXO-0002mS-00; Thu, 23 Jun 2005 03:29:50 +0200 Received: from mframe.test-lab (bdqGp+Za8ez2Fb7t4pPSR0cdtOOEKyt04C9l6weBhVDkkO9W2qDr8G@[84.165.77.98]) by fwd29.sul.t-online.de with esmtp id 1DlGXD-1dcfc80; Thu, 23 Jun 2005 03:29:39 +0200 To: Marcus Boerger Cc: internals@lists.php.net In-Reply-To: <1587152561.20050623021540@marcus-boerger.de> References: <1119485004.7376.20.camel@mframe.test-lab> <1587152561.20050623021540@marcus-boerger.de> Content-Type: multipart/mixed; boundary="=-AKcQenmLL1ZYFVMkSPP3" Date: Thu, 23 Jun 2005 03:29:40 +0200 Message-ID: <1119490180.7376.27.camel@mframe.test-lab> Mime-Version: 1.0 X-Mailer: Evolution 2.2.1 X-ID: bdqGp+Za8ez2Fb7t4pPSR0cdtOOEKyt04C9l6weBhVDkkO9W2qDr8G X-TOI-MSGID: 5864ce22-9ba5-418b-a110-79924419c369 Subject: Re: [PHP-DEV] httpOnly Cookies [tiny enhancement] From: hansper@t-online.de (Jochen Hansper) --=-AKcQenmLL1ZYFVMkSPP3 Content-Type: text/plain Content-Transfer-Encoding: 7bit Hello Marcus, patches for official php-4.3.11 release in attachment... (diff -Naur) Jochen [php_session.h.patch; session.c.patch] Am Donnerstag, den 23.06.2005, 02:15 +0200 schrieb Marcus Boerger: > Hello Jochen, > > please resend your patch as unified patch (cvs di -u). > > marcus > > Thursday, June 23, 2005, 2:03:24 AM, you wrote: > --=-AKcQenmLL1ZYFVMkSPP3 Content-Disposition: attachment; filename=php_session.h.patch Content-Type: text/x-patch; name=php_session.h.patch; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit --- /home/hansper/php-4.3.11/ext/session/php_session.h 2005-02-13 18:54:56.000000000 +0100 +++ php_session.h 2005-06-22 18:49:19.000000000 +0200 @@ -103,6 +103,7 @@ char *cookie_path; char *cookie_domain; zend_bool cookie_secure; + zend_bool cookie_httponly; ps_module *mod; void *mod_data; php_session_status session_status; --=-AKcQenmLL1ZYFVMkSPP3 Content-Disposition: attachment; filename=session.c.patch Content-Type: text/x-patch; name=session.c.patch; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit --- /home/hansper/php-4.3.11/ext/session/session.c 2005-02-13 18:51:32.000000000 +0100 +++ session.c 2005-06-23 03:00:38.000000000 +0200 @@ -139,6 +139,7 @@ STD_PHP_INI_ENTRY("session.cookie_path", "/", PHP_INI_ALL, OnUpdateString, cookie_path, php_ps_globals, ps_globals) STD_PHP_INI_ENTRY("session.cookie_domain", "", PHP_INI_ALL, OnUpdateString, cookie_domain, php_ps_globals, ps_globals) STD_PHP_INI_BOOLEAN("session.cookie_secure", "", PHP_INI_ALL, OnUpdateBool, cookie_secure, php_ps_globals, ps_globals) + STD_PHP_INI_BOOLEAN("session.cookie_httponly", "0", PHP_INI_ALL, OnUpdateBool, cookie_httponly, php_ps_globals, ps_globals) STD_PHP_INI_BOOLEAN("session.use_cookies", "1", PHP_INI_ALL, OnUpdateBool, use_cookies, php_ps_globals, ps_globals) STD_PHP_INI_BOOLEAN("session.use_only_cookies", "0", PHP_INI_ALL, OnUpdateBool, use_only_cookies, php_ps_globals, ps_globals) STD_PHP_INI_ENTRY("session.referer_check", "", PHP_INI_ALL, OnUpdateString, extern_referer_chk, php_ps_globals, ps_globals) @@ -853,6 +854,7 @@ #define COOKIE_PATH "; path=" #define COOKIE_DOMAIN "; domain=" #define COOKIE_SECURE "; secure" +#define COOKIE_HTTPONLY "; httponly" static void php_session_send_cookie(TSRMLS_D) { @@ -906,6 +908,10 @@ smart_str_appends(&ncookie, COOKIE_SECURE); } + if (PS(cookie_httponly)) { + smart_str_appends(&ncookie, COOKIE_HTTPONLY); + } + smart_str_0(&ncookie); sapi_add_header_ex(ncookie.c, ncookie.len, 0, 0 TSRMLS_CC); @@ -1131,17 +1137,17 @@ } -/* {{{ proto void session_set_cookie_params(int lifetime [, string path [, string domain [, bool secure]]]) +/* {{{ proto void session_set_cookie_params(int lifetime [, string path [, string domain [, bool secure [, bool httponly]]]]) Set session cookie parameters */ PHP_FUNCTION(session_set_cookie_params) { - zval **lifetime, **path, **domain, **secure; + zval **lifetime, **path, **domain, **secure, **httponly; if (!PS(use_cookies)) return; - if (ZEND_NUM_ARGS() < 1 || ZEND_NUM_ARGS() > 4 || - zend_get_parameters_ex(ZEND_NUM_ARGS(), &lifetime, &path, &domain, &secure) == FAILURE) + if (ZEND_NUM_ARGS() < 1 || ZEND_NUM_ARGS() > 5 || + zend_get_parameters_ex(ZEND_NUM_ARGS(), &lifetime, &path, &domain, &secure, &httponly) == FAILURE) WRONG_PARAM_COUNT; convert_to_string_ex(lifetime); @@ -1158,6 +1164,10 @@ convert_to_long_ex(secure); zend_alter_ini_entry("session.cookie_secure", sizeof("session.cookie_secure"), Z_BVAL_PP(secure)?"1":"0", 1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); } + if (ZEND_NUM_ARGS() > 4) { + convert_to_long_ex(httponly); + zend_alter_ini_entry("session.cookie_httponly", sizeof("session.cookie_httponly"), Z_BVAL_PP(httponly)?"1":"0", 1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); + } } } } @@ -1177,6 +1187,7 @@ add_assoc_string(return_value, "path", PS(cookie_path), 1); add_assoc_string(return_value, "domain", PS(cookie_domain), 1); add_assoc_bool(return_value, "secure", PS(cookie_secure)); + add_assoc_bool(return_value, "httponly", PS(cookie_httponly)); } /* }}} */ --=-AKcQenmLL1ZYFVMkSPP3--