Exception
4 years ago
File
4 years ago
Session
4 years ago
Tests
4 years ago
AcceptHeader.php
4 years ago
AcceptHeaderItem.php
4 years ago
ApacheRequest.php
4 years ago
BinaryFileResponse.php
4 years ago
Cookie.php
4 years ago
ExpressionRequestMatcher.php
4 years ago
FileBag.php
4 years ago
HeaderBag.php
4 years ago
IpUtils.php
4 years ago
JsonResponse.php
4 years ago
LICENSE
4 years ago
ParameterBag.php
4 years ago
RedirectResponse.php
4 years ago
Request.php
4 years ago
RequestMatcher.php
4 years ago
RequestMatcherInterface.php
4 years ago
RequestStack.php
4 years ago
Response.php
4 years ago
ResponseHeaderBag.php
4 years ago
ServerBag.php
4 years ago
StreamedResponse.php
4 years ago
Cookie.php
304 lines
| 1 | <?php |
| 2 | |
| 3 | /* |
| 4 | * This file is part of the Symfony package. |
| 5 | * |
| 6 | * (c) Fabien Potencier <fabien@symfony.com> |
| 7 | * |
| 8 | * For the full copyright and license information, please view the LICENSE |
| 9 | * file that was distributed with this source code. |
| 10 | */ |
| 11 | |
| 12 | namespace Symfony\Component\HttpFoundation; |
| 13 | |
| 14 | /** |
| 15 | * Represents a cookie. |
| 16 | * |
| 17 | * @author Johannes M. Schmitt <schmittjoh@gmail.com> |
| 18 | */ |
| 19 | class Cookie |
| 20 | { |
| 21 | const SAMESITE_NONE = 'none'; |
| 22 | const SAMESITE_LAX = 'lax'; |
| 23 | const SAMESITE_STRICT = 'strict'; |
| 24 | |
| 25 | protected $name; |
| 26 | protected $value; |
| 27 | protected $domain; |
| 28 | protected $expire; |
| 29 | protected $path; |
| 30 | protected $secure; |
| 31 | protected $httpOnly; |
| 32 | |
| 33 | private $raw; |
| 34 | private $sameSite; |
| 35 | |
| 36 | private static $reservedCharsList = "=,; \t\r\n\v\f"; |
| 37 | private static $reservedCharsFrom = ['=', ',', ';', ' ', "\t", "\r", "\n", "\v", "\f"]; |
| 38 | private static $reservedCharsTo = ['%3D', '%2C', '%3B', '%20', '%09', '%0D', '%0A', '%0B', '%0C']; |
| 39 | |
| 40 | /** |
| 41 | * Creates cookie from raw header string. |
| 42 | * |
| 43 | * @param string $cookie |
| 44 | * @param bool $decode |
| 45 | * |
| 46 | * @return static |
| 47 | */ |
| 48 | public static function fromString($cookie, $decode = false) |
| 49 | { |
| 50 | $data = [ |
| 51 | 'expires' => 0, |
| 52 | 'path' => '/', |
| 53 | 'domain' => null, |
| 54 | 'secure' => false, |
| 55 | 'httponly' => false, |
| 56 | 'raw' => !$decode, |
| 57 | 'samesite' => null, |
| 58 | ]; |
| 59 | foreach (explode(';', $cookie) as $part) { |
| 60 | if (false === strpos($part, '=')) { |
| 61 | $key = trim($part); |
| 62 | $value = true; |
| 63 | } else { |
| 64 | list($key, $value) = explode('=', trim($part), 2); |
| 65 | $key = trim($key); |
| 66 | $value = trim($value); |
| 67 | } |
| 68 | if (!isset($data['name'])) { |
| 69 | $data['name'] = $decode ? urldecode($key) : $key; |
| 70 | $data['value'] = true === $value ? null : ($decode ? urldecode($value) : $value); |
| 71 | continue; |
| 72 | } |
| 73 | switch ($key = strtolower($key)) { |
| 74 | case 'name': |
| 75 | case 'value': |
| 76 | break; |
| 77 | case 'max-age': |
| 78 | $data['expires'] = time() + (int) $value; |
| 79 | break; |
| 80 | default: |
| 81 | $data[$key] = $value; |
| 82 | break; |
| 83 | } |
| 84 | } |
| 85 | |
| 86 | return new static($data['name'], $data['value'], $data['expires'], $data['path'], $data['domain'], $data['secure'], $data['httponly'], $data['raw'], $data['samesite']); |
| 87 | } |
| 88 | |
| 89 | /** |
| 90 | * @param string $name The name of the cookie |
| 91 | * @param string|null $value The value of the cookie |
| 92 | * @param int|string|\DateTimeInterface $expire The time the cookie expires |
| 93 | * @param string $path The path on the server in which the cookie will be available on |
| 94 | * @param string|null $domain The domain that the cookie is available to |
| 95 | * @param bool $secure Whether the cookie should only be transmitted over a secure HTTPS connection from the client |
| 96 | * @param bool $httpOnly Whether the cookie will be made accessible only through the HTTP protocol |
| 97 | * @param bool $raw Whether the cookie value should be sent with no url encoding |
| 98 | * @param string|null $sameSite Whether the cookie will be available for cross-site requests |
| 99 | * |
| 100 | * @throws \InvalidArgumentException |
| 101 | */ |
| 102 | public function __construct($name, $value = null, $expire = 0, $path = '/', $domain = null, $secure = false, $httpOnly = true, $raw = false, $sameSite = null) |
| 103 | { |
| 104 | // from PHP source code |
| 105 | if ($raw && false !== strpbrk($name, self::$reservedCharsList)) { |
| 106 | throw new \InvalidArgumentException(sprintf('The cookie name "%s" contains invalid characters.', $name)); |
| 107 | } |
| 108 | |
| 109 | if (empty($name)) { |
| 110 | throw new \InvalidArgumentException('The cookie name cannot be empty.'); |
| 111 | } |
| 112 | |
| 113 | // convert expiration time to a Unix timestamp |
| 114 | if ($expire instanceof \DateTimeInterface) { |
| 115 | $expire = $expire->format('U'); |
| 116 | } elseif (!is_numeric($expire)) { |
| 117 | $expire = strtotime($expire); |
| 118 | |
| 119 | if (false === $expire) { |
| 120 | throw new \InvalidArgumentException('The cookie expiration time is not valid.'); |
| 121 | } |
| 122 | } |
| 123 | |
| 124 | $this->name = $name; |
| 125 | $this->value = $value; |
| 126 | $this->domain = $domain; |
| 127 | $this->expire = 0 < $expire ? (int) $expire : 0; |
| 128 | $this->path = empty($path) ? '/' : $path; |
| 129 | $this->secure = (bool) $secure; |
| 130 | $this->httpOnly = (bool) $httpOnly; |
| 131 | $this->raw = (bool) $raw; |
| 132 | |
| 133 | if (null !== $sameSite) { |
| 134 | $sameSite = strtolower($sameSite); |
| 135 | } |
| 136 | |
| 137 | if (!\in_array($sameSite, [self::SAMESITE_LAX, self::SAMESITE_STRICT, self::SAMESITE_NONE, null], true)) { |
| 138 | throw new \InvalidArgumentException('The "sameSite" parameter value is not valid.'); |
| 139 | } |
| 140 | |
| 141 | $this->sameSite = $sameSite; |
| 142 | } |
| 143 | |
| 144 | /** |
| 145 | * Returns the cookie as a string. |
| 146 | * |
| 147 | * @return string The cookie |
| 148 | */ |
| 149 | public function __toString() |
| 150 | { |
| 151 | if ($this->isRaw()) { |
| 152 | $str = $this->getName(); |
| 153 | } else { |
| 154 | $str = str_replace(self::$reservedCharsFrom, self::$reservedCharsTo, $this->getName()); |
| 155 | } |
| 156 | |
| 157 | $str .= '='; |
| 158 | |
| 159 | if ('' === (string) $this->getValue()) { |
| 160 | $str .= 'deleted; expires='.gmdate('D, d-M-Y H:i:s T', time() - 31536001).'; Max-Age=0'; |
| 161 | } else { |
| 162 | $str .= $this->isRaw() ? $this->getValue() : rawurlencode($this->getValue()); |
| 163 | |
| 164 | if (0 !== $this->getExpiresTime()) { |
| 165 | $str .= '; expires='.gmdate('D, d-M-Y H:i:s T', $this->getExpiresTime()).'; Max-Age='.$this->getMaxAge(); |
| 166 | } |
| 167 | } |
| 168 | |
| 169 | if ($this->getPath()) { |
| 170 | $str .= '; path='.$this->getPath(); |
| 171 | } |
| 172 | |
| 173 | if ($this->getDomain()) { |
| 174 | $str .= '; domain='.$this->getDomain(); |
| 175 | } |
| 176 | |
| 177 | if (true === $this->isSecure()) { |
| 178 | $str .= '; secure'; |
| 179 | } |
| 180 | |
| 181 | if (true === $this->isHttpOnly()) { |
| 182 | $str .= '; httponly'; |
| 183 | } |
| 184 | |
| 185 | if (null !== $this->getSameSite()) { |
| 186 | $str .= '; samesite='.$this->getSameSite(); |
| 187 | } |
| 188 | |
| 189 | return $str; |
| 190 | } |
| 191 | |
| 192 | /** |
| 193 | * Gets the name of the cookie. |
| 194 | * |
| 195 | * @return string |
| 196 | */ |
| 197 | public function getName() |
| 198 | { |
| 199 | return $this->name; |
| 200 | } |
| 201 | |
| 202 | /** |
| 203 | * Gets the value of the cookie. |
| 204 | * |
| 205 | * @return string|null |
| 206 | */ |
| 207 | public function getValue() |
| 208 | { |
| 209 | return $this->value; |
| 210 | } |
| 211 | |
| 212 | /** |
| 213 | * Gets the domain that the cookie is available to. |
| 214 | * |
| 215 | * @return string|null |
| 216 | */ |
| 217 | public function getDomain() |
| 218 | { |
| 219 | return $this->domain; |
| 220 | } |
| 221 | |
| 222 | /** |
| 223 | * Gets the time the cookie expires. |
| 224 | * |
| 225 | * @return int |
| 226 | */ |
| 227 | public function getExpiresTime() |
| 228 | { |
| 229 | return $this->expire; |
| 230 | } |
| 231 | |
| 232 | /** |
| 233 | * Gets the max-age attribute. |
| 234 | * |
| 235 | * @return int |
| 236 | */ |
| 237 | public function getMaxAge() |
| 238 | { |
| 239 | $maxAge = $this->expire - time(); |
| 240 | |
| 241 | return 0 >= $maxAge ? 0 : $maxAge; |
| 242 | } |
| 243 | |
| 244 | /** |
| 245 | * Gets the path on the server in which the cookie will be available on. |
| 246 | * |
| 247 | * @return string |
| 248 | */ |
| 249 | public function getPath() |
| 250 | { |
| 251 | return $this->path; |
| 252 | } |
| 253 | |
| 254 | /** |
| 255 | * Checks whether the cookie should only be transmitted over a secure HTTPS connection from the client. |
| 256 | * |
| 257 | * @return bool |
| 258 | */ |
| 259 | public function isSecure() |
| 260 | { |
| 261 | return $this->secure; |
| 262 | } |
| 263 | |
| 264 | /** |
| 265 | * Checks whether the cookie will be made accessible only through the HTTP protocol. |
| 266 | * |
| 267 | * @return bool |
| 268 | */ |
| 269 | public function isHttpOnly() |
| 270 | { |
| 271 | return $this->httpOnly; |
| 272 | } |
| 273 | |
| 274 | /** |
| 275 | * Whether this cookie is about to be cleared. |
| 276 | * |
| 277 | * @return bool |
| 278 | */ |
| 279 | public function isCleared() |
| 280 | { |
| 281 | return 0 !== $this->expire && $this->expire < time(); |
| 282 | } |
| 283 | |
| 284 | /** |
| 285 | * Checks if the cookie value should be sent with no url encoding. |
| 286 | * |
| 287 | * @return bool |
| 288 | */ |
| 289 | public function isRaw() |
| 290 | { |
| 291 | return $this->raw; |
| 292 | } |
| 293 | |
| 294 | /** |
| 295 | * Gets the SameSite attribute. |
| 296 | * |
| 297 | * @return string|null |
| 298 | */ |
| 299 | public function getSameSite() |
| 300 | { |
| 301 | return $this->sameSite; |
| 302 | } |
| 303 | } |
| 304 |