diff --git src/wp-includes/Requests/Cookie.php b/Cookie.php
index 00fbbc7..c01eb59 100755
|
old
|
new
|
class Requests_Cookie { |
| 64 | 64 | * @param string $value |
| 65 | 65 | * @param array|Requests_Utility_CaseInsensitiveDictionary $attributes Associative array of attribute data |
| 66 | 66 | */ |
| 67 | | public function __construct($name, $value, $attributes = array(), $flags = array(), $reference_time = null) { |
| 68 | | $this->name |
| 69 | | $this->value |
| | 67 | public function __construct( $name, $value, $attributes = array(), $flags = array(), $reference_time = null ) { |
| | 68 | $this->name = $name; |
| | 69 | $this->value = $value; |
| 70 | 70 | $this->attributes = $attributes; |
| 71 | | $default_flags |
| 72 | | 'creation' |
| | 71 | $default_flags = array( |
| | 72 | 'creation' => time(), |
| 73 | 73 | 'last-access' => time(), |
| 74 | | 'persistent' |
| 75 | | 'host-only' |
| | 74 | 'persistent' => false, |
| | 75 | 'host-only' => true, |
| 76 | 76 | ); |
| 77 | | $this->flags = array_merge($default_flags, $flags); |
| | 77 | $this->flags = array_merge( $default_flags, $flags ); |
| 78 | 78 | |
| 79 | 79 | $this->reference_time = time(); |
| 80 | | if ($reference_time !== null) { |
| | 80 | if ( null !== $reference_time ) { |
| 81 | 81 | $this->reference_time = $reference_time; |
| 82 | 82 | } |
| 83 | 83 | |
| … |
… |
class Requests_Cookie { |
| 97 | 97 | // If a cookie has both the Max-Age and the Expires attribute, the Max- |
| 98 | 98 | // Age attribute has precedence and controls the expiration date of the |
| 99 | 99 | // cookie. |
| 100 | | if (isset($this->attributes['max-age'])) { |
| | 100 | if ( isset( $this->attributes['max-age'] ) ) { |
| 101 | 101 | $max_age = $this->attributes['max-age']; |
| 102 | 102 | return $max_age < $this->reference_time; |
| 103 | 103 | } |
| 104 | 104 | |
| 105 | | if (isset($this->attributes['expires'])) { |
| | 105 | if ( isset( $this->attributes['expires'] ) ) { |
| 106 | 106 | $expires = $this->attributes['expires']; |
| 107 | 107 | return $expires < $this->reference_time; |
| 108 | 108 | } |
| … |
… |
class Requests_Cookie { |
| 116 | 116 | * @param Requests_IRI $uri URI to check |
| 117 | 117 | * @return boolean Whether the cookie is valid for the given URI |
| 118 | 118 | */ |
| 119 | | public function uri_matches(Requests_IRI $uri) { |
| 120 | | if (!$this->domain_matches($uri->host)) { |
| | 119 | public function uri_matches( Requests_IRI $uri ) { |
| | 120 | if ( ! $this->domain_matches( $uri->host ) ) { |
| 121 | 121 | return false; |
| 122 | 122 | } |
| 123 | 123 | |
| 124 | | if (!$this->path_matches($uri->path)) { |
| | 124 | if ( ! $this->path_matches( $uri->path ) ) { |
| 125 | 125 | return false; |
| 126 | 126 | } |
| 127 | 127 | |
| 128 | | return empty($this->attributes['secure']) || $uri->scheme === 'https'; |
| | 128 | return empty( $this->attributes['secure'] ) || 'https' === $uri->scheme; |
| 129 | 129 | } |
| 130 | 130 | |
| 131 | 131 | /** |
| … |
… |
class Requests_Cookie { |
| 134 | 134 | * @param string $string Domain to check |
| 135 | 135 | * @return boolean Whether the cookie is valid for the given domain |
| 136 | 136 | */ |
| 137 | | public function domain_matches($string) { |
| 138 | | if (!isset($this->attributes['domain'])) { |
| | 137 | public function domain_matches( $string ) { |
| | 138 | if ( ! isset( $this->attributes['domain'] ) ) { |
| 139 | 139 | // Cookies created manually; cookies created by Requests will set |
| 140 | 140 | // the domain to the requested domain |
| 141 | 141 | return true; |
| 142 | 142 | } |
| 143 | 143 | |
| 144 | 144 | $domain_string = $this->attributes['domain']; |
| 145 | | if ($domain_string === $string) { |
| | 145 | if ( $domain_string === $string ) { |
| 146 | 146 | // The domain string and the string are identical. |
| 147 | 147 | return true; |
| 148 | 148 | } |
| 149 | 149 | |
| 150 | 150 | // If the cookie is marked as host-only and we don't have an exact |
| 151 | 151 | // match, reject the cookie |
| 152 | | if ($this->flags['host-only'] === true) { |
| | 152 | if ( true === $this->flags['host-only'] ) { |
| 153 | 153 | return false; |
| 154 | 154 | } |
| 155 | 155 | |
| 156 | | if (strlen($string) <= strlen($domain_string)) { |
| | 156 | if ( strlen( $string ) <= strlen( $domain_string ) ) { |
| 157 | 157 | // For obvious reasons, the string cannot be a suffix if the domain |
| 158 | 158 | // is shorter than the domain string |
| 159 | 159 | return false; |
| 160 | 160 | } |
| 161 | 161 | |
| 162 | | if (substr($string, -1 * strlen($domain_string)) !== $domain_string) { |
| | 162 | if ( substr( $string, -1 * strlen( $domain_string ) ) !== $domain_string ) { |
| 163 | 163 | // The domain string should be a suffix of the string. |
| 164 | 164 | return false; |
| 165 | 165 | } |
| 166 | 166 | |
| 167 | | $prefix = substr($string, 0, strlen($string) - strlen($domain_string)); |
| 168 | | if (substr($prefix, -1) !== '.') { |
| | 167 | $prefix = substr( $string, 0, strlen( $string ) - strlen( $domain_string ) ); |
| | 168 | if ( substr( $prefix, -1 ) !== '.' ) { |
| 169 | 169 | // The last character of the string that is not included in the |
| 170 | 170 | // domain string should be a %x2E (".") character. |
| 171 | 171 | return false; |
| 172 | 172 | } |
| 173 | 173 | |
| 174 | 174 | // The string should be a host name (i.e., not an IP address). |
| 175 | | return !preg_match('#^(.+\.)\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$#', $string); |
| | 175 | return ! preg_match( '#^(.+\.)\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$#', $string ); |
| 176 | 176 | } |
| 177 | 177 | |
| 178 | 178 | /** |
| … |
… |
class Requests_Cookie { |
| 183 | 183 | * @param string $request_path Path to check |
| 184 | 184 | * @return boolean Whether the cookie is valid for the given path |
| 185 | 185 | */ |
| 186 | | public function path_matches($request_path) { |
| 187 | | if (empty($request_path)) { |
| | 186 | public function path_matches( $request_path ) { |
| | 187 | if ( empty( $request_path ) ) { |
| 188 | 188 | // Normalize empty path to root |
| 189 | 189 | $request_path = '/'; |
| 190 | 190 | } |
| 191 | 191 | |
| 192 | | if (!isset($this->attributes['path'])) { |
| | 192 | if ( ! isset( $this->attributes['path'] ) ) { |
| 193 | 193 | // Cookies created manually; cookies created by Requests will set |
| 194 | 194 | // the path to the requested path |
| 195 | 195 | return true; |
| … |
… |
class Requests_Cookie { |
| 197 | 197 | |
| 198 | 198 | $cookie_path = $this->attributes['path']; |
| 199 | 199 | |
| 200 | | if ($cookie_path === $request_path) { |
| | 200 | if ( $cookie_path === $request_path ) { |
| 201 | 201 | // The cookie-path and the request-path are identical. |
| 202 | 202 | return true; |
| 203 | 203 | } |
| 204 | 204 | |
| 205 | | if (strlen($request_path) > strlen($cookie_path) && substr($request_path, 0, strlen($cookie_path)) === $cookie_path) { |
| 206 | | if (substr($cookie_path, -1) === '/') { |
| | 205 | if ( strlen( $request_path ) > strlen( $cookie_path ) && substr( $request_path, 0, strlen( $cookie_path ) ) === $cookie_path ) { |
| | 206 | if ( substr( $cookie_path, -1 ) === '/' ) { |
| 207 | 207 | // The cookie-path is a prefix of the request-path, and the last |
| 208 | 208 | // character of the cookie-path is %x2F ("/"). |
| 209 | 209 | return true; |
| 210 | 210 | } |
| 211 | 211 | |
| 212 | | if (substr($request_path, strlen($cookie_path), 1) === '/') { |
| | 212 | if ( substr( $request_path, strlen( $cookie_path ), 1 ) === '/' ) { |
| 213 | 213 | // The cookie-path is a prefix of the request-path, and the |
| 214 | 214 | // first character of the request-path that is not included in |
| 215 | 215 | // the cookie-path is a %x2F ("/") character. |
| … |
… |
class Requests_Cookie { |
| 226 | 226 | * @return boolean Whether the cookie was successfully normalized |
| 227 | 227 | */ |
| 228 | 228 | public function normalize() { |
| 229 | | foreach ($this->attributes as $key => $value) { |
| | 229 | foreach ( $this->attributes as $key => $value ) { |
| 230 | 230 | $orig_value = $value; |
| 231 | | $value = $this->normalize_attribute($key, $value); |
| 232 | | if ($value === null) { |
| 233 | | unset($this->attributes[$key]); |
| | 231 | $value = $this->normalize_attribute( $key, $value ); |
| | 232 | if ( null === $value ) { |
| | 233 | unset( $this->attributes[ $key ] ); |
| 234 | 234 | continue; |
| 235 | 235 | } |
| 236 | 236 | |
| 237 | | if ($value !== $orig_value) { |
| 238 | | $this->attributes[$key] = $value; |
| | 237 | if ( $value !== $orig_value ) { |
| | 238 | $this->attributes[ $key ] = $value; |
| 239 | 239 | } |
| 240 | 240 | } |
| 241 | 241 | |
| … |
… |
class Requests_Cookie { |
| 251 | 251 | * @param string|boolean $value Attribute value (string value, or true if empty/flag) |
| 252 | 252 | * @return mixed Value if available, or null if the attribute value is invalid (and should be skipped) |
| 253 | 253 | */ |
| 254 | | protected function normalize_attribute($name, $value) { |
| 255 | | switch (strtolower($name)) { |
| | 254 | protected function normalize_attribute( $name, $value ) { |
| | 255 | switch ( strtolower( $name ) ) { |
| 256 | 256 | case 'expires': |
| 257 | 257 | // Expiration parsing, as per RFC 6265 section 5.2.1 |
| 258 | | if (is_int($value)) { |
| | 258 | if ( is_int( $value ) ) { |
| 259 | 259 | return $value; |
| 260 | 260 | } |
| 261 | 261 | |
| 262 | | $expiry_time = strtotime($value); |
| 263 | | if ($expiry_time === false) { |
| | 262 | $expiry_time = strtotime( $value ); |
| | 263 | if ( false === $expiry_time ) { |
| 264 | 264 | return null; |
| 265 | 265 | } |
| 266 | 266 | |
| … |
… |
class Requests_Cookie { |
| 268 | 268 | |
| 269 | 269 | case 'max-age': |
| 270 | 270 | // Expiration parsing, as per RFC 6265 section 5.2.2 |
| 271 | | if (is_int($value)) { |
| | 271 | if ( is_int( $value ) ) { |
| 272 | 272 | return $value; |
| 273 | 273 | } |
| 274 | 274 | |
| 275 | 275 | // Check that we have a valid age |
| 276 | | if (!preg_match('/^-?\d+$/', $value)) { |
| | 276 | if ( ! preg_match( '/^-?\d+$/', $value ) ) { |
| 277 | 277 | return null; |
| 278 | 278 | } |
| 279 | 279 | |
| 280 | 280 | $delta_seconds = (int) $value; |
| 281 | | if ($delta_seconds <= 0) { |
| | 281 | if ( $delta_seconds <= 0 ) { |
| 282 | 282 | $expiry_time = 0; |
| 283 | | } |
| 284 | | else { |
| | 283 | } else { |
| 285 | 284 | $expiry_time = $this->reference_time + $delta_seconds; |
| 286 | 285 | } |
| 287 | 286 | |
| … |
… |
class Requests_Cookie { |
| 289 | 288 | |
| 290 | 289 | case 'domain': |
| 291 | 290 | // Domain normalization, as per RFC 6265 section 5.2.3 |
| 292 | | if ($value[0] === '.') { |
| 293 | | $value = substr($value, 1); |
| | 291 | if ( '.' === $value[0] ) { |
| | 292 | $value = substr( $value, 1 ); |
| 294 | 293 | } |
| 295 | 294 | |
| 296 | 295 | return $value; |
| … |
… |
class Requests_Cookie { |
| 308 | 307 | * @return string Cookie formatted for Cookie header |
| 309 | 308 | */ |
| 310 | 309 | public function format_for_header() { |
| 311 | | return sprintf('%s=%s', $this->name, $this->value); |
| | 310 | /* translators: %s: Formatted cookie. */ |
| | 311 | return sprintf( '%s=%s', $this->name, $this->value ); |
| 312 | 312 | } |
| 313 | 313 | |
| 314 | 314 | /** |
| … |
… |
class Requests_Cookie { |
| 332 | 332 | */ |
| 333 | 333 | public function format_for_set_cookie() { |
| 334 | 334 | $header_value = $this->format_for_header(); |
| 335 | | if (!empty($this->attributes)) { |
| | 335 | if ( ! empty( $this->attributes ) ) { |
| 336 | 336 | $parts = array(); |
| 337 | | foreach ($this->attributes as $key => $value) { |
| | 337 | foreach ( $this->attributes as $key => $value ) { |
| 338 | 338 | // Ignore non-associative attributes |
| 339 | | if (is_numeric($key)) { |
| | 339 | if ( is_numeric( $key ) ) { |
| 340 | 340 | $parts[] = $value; |
| 341 | | } |
| 342 | | else { |
| 343 | | $parts[] = sprintf('%s=%s', $key, $value); |
| | 341 | } else { |
| | 342 | /* translators: %s: Formatted cookie. */ |
| | 343 | $parts[] = sprintf( '%s=%s', $key, $value ); |
| 344 | 344 | } |
| 345 | 345 | } |
| 346 | 346 | |
| 347 | | $header_value .= '; ' . implode('; ', $parts); |
| | 347 | $header_value .= '; ' . implode( '; ', $parts ); |
| 348 | 348 | } |
| 349 | 349 | return $header_value; |
| 350 | 350 | } |
| … |
… |
class Requests_Cookie { |
| 379 | 379 | * @param string Cookie header value (from a Set-Cookie header) |
| 380 | 380 | * @return Requests_Cookie Parsed cookie object |
| 381 | 381 | */ |
| 382 | | public static function parse($string, $name = '', $reference_time = null) { |
| 383 | | $parts = explode(';', $string); |
| 384 | | $kvparts = array_shift($parts); |
| | 382 | public static function parse( $string, $name = '', $reference_time = null ) { |
| | 383 | $parts = explode( ';', $string ); |
| | 384 | $kvparts = array_shift( $parts ); |
| 385 | 385 | |
| 386 | | if (!empty($name)) { |
| | 386 | if ( ! empty( $name ) ) { |
| 387 | 387 | $value = $string; |
| 388 | | } |
| 389 | | elseif (strpos($kvparts, '=') === false) { |
| | 388 | } elseif ( false === strpos( $kvparts, '=' ) ) { |
| 390 | 389 | // Some sites might only have a value without the equals separator. |
| 391 | 390 | // Deviate from RFC 6265 and pretend it was actually a blank name |
| 392 | 391 | // (`=foo`) |
| 393 | 392 | // |
| 394 | 393 | // https://bugzilla.mozilla.org/show_bug.cgi?id=169091 |
| 395 | | $name |
| | 394 | $name = ''; |
| 396 | 395 | $value = $kvparts; |
| | 396 | } else { |
| | 397 | list( $name, $value ) = explode( '=', $kvparts, 2 ); |
| 397 | 398 | } |
| 398 | | else { |
| 399 | | list($name, $value) = explode('=', $kvparts, 2); |
| 400 | | } |
| 401 | | $name = trim($name); |
| 402 | | $value = trim($value); |
| | 399 | $name = trim( $name ); |
| | 400 | $value = trim( $value ); |
| 403 | 401 | |
| 404 | 402 | // Attribute key are handled case-insensitively |
| 405 | 403 | $attributes = new Requests_Utility_CaseInsensitiveDictionary(); |
| 406 | 404 | |
| 407 | | if (!empty($parts)) { |
| 408 | | foreach ($parts as $part) { |
| 409 | | if (strpos($part, '=') === false) { |
| 410 | | $part_key |
| | 405 | if ( ! empty( $parts ) ) { |
| | 406 | foreach ( $parts as $part ) { |
| | 407 | if ( false === strpos( $part, '=' ) ) { |
| | 408 | $part_key = $part; |
| 411 | 409 | $part_value = true; |
| 412 | | } |
| 413 | | else { |
| 414 | | list($part_key, $part_value) = explode('=', $part, 2); |
| 415 | | $part_value = trim($part_value); |
| | 410 | } else { |
| | 411 | list ( $part_key, $part_value ) = explode( '=', $part, 2 ); |
| | 412 | $part_value = trim( $part_value ); |
| 416 | 413 | } |
| 417 | 414 | |
| 418 | | $part_key = trim($part_key); |
| 419 | | $attributes[$part_key] = $part_value; |
| | 415 | $part_key = trim( $part_key ); |
| | 416 | $attributes[ $part_key ] = $part_value; |
| 420 | 417 | } |
| 421 | 418 | } |
| 422 | 419 | |
| 423 | | return new Requests_Cookie($name, $value, $attributes, array(), $reference_time); |
| | 420 | return new Requests_Cookie( $name, $value, $attributes, array(), $reference_time ); |
| 424 | 421 | } |
| 425 | 422 | |
| 426 | 423 | /** |
| … |
… |
class Requests_Cookie { |
| 431 | 428 | * @param int|null $time Reference time for expiration calculation |
| 432 | 429 | * @return array |
| 433 | 430 | */ |
| 434 | | public static function parse_from_headers(Requests_Response_Headers $headers, Requests_IRI $origin = null, $time = null) { |
| 435 | | $cookie_headers = $headers->getValues('Set-Cookie'); |
| 436 | | if (empty($cookie_headers)) { |
| | 431 | public static function parse_from_headers( Requests_Response_Headers $headers, Requests_IRI $origin = null, $time = null ) { |
| | 432 | $cookie_headers = $headers->getValues( 'Set-Cookie' ); |
| | 433 | if ( empty( $cookie_headers ) ) { |
| 437 | 434 | return array(); |
| 438 | 435 | } |
| 439 | 436 | |
| 440 | 437 | $cookies = array(); |
| 441 | | foreach ($cookie_headers as $header) { |
| 442 | | $parsed = self::parse($header, '', $time); |
| | 438 | foreach ( $cookie_headers as $header ) { |
| | 439 | $parsed = self::parse( $header, '', $time ); |
| 443 | 440 | |
| 444 | 441 | // Default domain/path attributes |
| 445 | | if (empty($parsed->attributes['domain']) && !empty($origin)) { |
| | 442 | if ( empty( $parsed->attributes['domain'] ) && ! empty( $origin ) ) { |
| 446 | 443 | $parsed->attributes['domain'] = $origin->host; |
| 447 | | $parsed->flags['host-only'] = true; |
| 448 | | } |
| 449 | | else { |
| | 444 | $parsed->flags['host-only'] = true; |
| | 445 | } else { |
| 450 | 446 | $parsed->flags['host-only'] = false; |
| 451 | 447 | } |
| 452 | 448 | |
| 453 | | $path_is_valid = (!empty($parsed->attributes['path']) && $parsed->attributes['path'][0] === '/'); |
| 454 | | if (!$path_is_valid && !empty($origin)) { |
| | 449 | $path_is_valid = ( ! empty( $parsed->attributes['path'] ) && $parsed->attributes['path'][0] === '/' ); |
| | 450 | if ( ! $path_is_valid && ! empty( $origin ) ) { |
| 455 | 451 | $path = $origin->path; |
| 456 | 452 | |
| 457 | 453 | // Default path normalization as per RFC 6265 section 5.1.4 |
| 458 | | if (substr($path, 0, 1) !== '/') { |
| | 454 | if ( '/' !== substr( $path, 0, 1 ) ) { |
| 459 | 455 | // If the uri-path is empty or if the first character of |
| 460 | 456 | // the uri-path is not a %x2F ("/") character, output |
| 461 | 457 | // %x2F ("/") and skip the remaining steps. |
| 462 | 458 | $path = '/'; |
| 463 | | } |
| 464 | | elseif (substr_count($path, '/') === 1) { |
| | 459 | } elseif ( 1 === substr_count( $path, '/' ) ) { |
| 465 | 460 | // If the uri-path contains no more than one %x2F ("/") |
| 466 | 461 | // character, output %x2F ("/") and skip the remaining |
| 467 | 462 | // step. |
| 468 | 463 | $path = '/'; |
| 469 | | } |
| 470 | | else { |
| | 464 | } else { |
| 471 | 465 | // Output the characters of the uri-path from the first |
| 472 | 466 | // character up to, but not including, the right-most |
| 473 | 467 | // %x2F ("/"). |
| 474 | | $path = substr($path, 0, strrpos($path, '/')); |
| | 468 | $path = substr( $path, 0, strrpos( $path, '/' ) ); |
| 475 | 469 | } |
| 476 | 470 | $parsed->attributes['path'] = $path; |
| 477 | 471 | } |
| 478 | 472 | |
| 479 | 473 | // Reject invalid cookie domains |
| 480 | | if (!empty($origin) && !$parsed->domain_matches($origin->host)) { |
| | 474 | if ( ! empty( $origin ) && ! $parsed->domain_matches( $origin->host ) ) { |
| 481 | 475 | continue; |
| 482 | 476 | } |
| 483 | 477 | |
| 484 | | $cookies[$parsed->name] = $parsed; |
| | 478 | $cookies[ $parsed->name ] = $parsed; |
| 485 | 479 | } |
| 486 | 480 | |
| 487 | 481 | return $cookies; |
| … |
… |
class Requests_Cookie { |
| 494 | 488 | * @deprecated Use {@see Requests_Cookie::parse_from_headers} |
| 495 | 489 | * @return string |
| 496 | 490 | */ |
| 497 | | public static function parseFromHeaders(Requests_Response_Headers $headers) { |
| 498 | | return self::parse_from_headers($headers); |
| | 491 | public static function parseFromHeaders( Requests_Response_Headers $headers ) { |
| | 492 | return self::parse_from_headers( $headers ); |
| 499 | 493 | } |
| 500 | 494 | } |