From d448857072993f2a831fd4000612ee037e97360e Mon Sep 17 00:00:00 2001 From: Cole Thorsen <959538+colethorsen@users.noreply.github.com> Date: Tue, 24 May 2022 08:16:04 -0700 Subject: [PATCH 1/6] update cookie # Conflicts: # system/Helpers/cookie_helper.php --- system/Helpers/cookie_helper.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/system/Helpers/cookie_helper.php b/system/Helpers/cookie_helper.php index 51a746c5395b..75bdd1334a57 100755 --- a/system/Helpers/cookie_helper.php +++ b/system/Helpers/cookie_helper.php @@ -61,9 +61,9 @@ function set_cookie( * * @see \CodeIgniter\HTTP\IncomingRequest::getCookie() */ - function get_cookie($index, bool $xssClean = false) + function get_cookie($index, bool $xssClean = false, string $prefix = null) { - $prefix = isset($_COOKIE[$index]) ? '' : config(App::class)->cookiePrefix; + $prefix = $prefix !== null ? $prefix : config(App::class)->cookiePrefix; $request = Services::request(); $filter = $xssClean ? FILTER_SANITIZE_FULL_SPECIAL_CHARS : FILTER_DEFAULT; From e601082b4ae1e596e672a9a894fdef21b779094b Mon Sep 17 00:00:00 2001 From: Cole Thorsen <959538+colethorsen@users.noreply.github.com> Date: Tue, 24 May 2022 08:19:03 -0700 Subject: [PATCH 2/6] Fixes issue with prefixed cookies and session -There was a naming convention issue which could happen sometimes where adding a prefix would create 2 cookies for the session a properly prefixed session cookie and a un-prefixed session cookie --- system/Session/Handlers/BaseHandler.php | 2 +- system/Session/Session.php | 20 ++++++++++++-------- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/system/Session/Handlers/BaseHandler.php b/system/Session/Handlers/BaseHandler.php index 008cae369e80..13f3498b9818 100644 --- a/system/Session/Handlers/BaseHandler.php +++ b/system/Session/Handlers/BaseHandler.php @@ -119,7 +119,7 @@ public function __construct(AppConfig $config, string $ipAddress) protected function destroyCookie(): bool { return setcookie( - $this->cookieName, + config('App')->cookiePrefix . $this->cookieName, '', ['expires' => 1, 'path' => $this->cookiePath, 'domain' => $this->cookieDomain, 'secure' => $this->cookieSecure, 'httponly' => true] ); diff --git a/system/Session/Session.php b/system/Session/Session.php index 0b27b03fa46e..bbec8acfb34e 100644 --- a/system/Session/Session.php +++ b/system/Session/Session.php @@ -227,14 +227,16 @@ public function start() return; } + $cookieName = $this->cookie->getPrefixedName(); + $this->configure(); $this->setSaveHandler(); // Sanitize the cookie, because apparently PHP doesn't do that for userspace handlers - if (isset($_COOKIE[$this->sessionCookieName]) - && (! is_string($_COOKIE[$this->sessionCookieName]) || ! preg_match('#\A' . $this->sidRegexp . '\z#', $_COOKIE[$this->sessionCookieName])) + if (isset($_COOKIE[$cookieName]) + && (! is_string($_COOKIE[$cookieName]) || ! preg_match('#\A' . $this->sidRegexp . '\z#', $_COOKIE[$cookieName])) ) { - unset($_COOKIE[$this->sessionCookieName]); + unset($_COOKIE[$cookieName]); } $this->startSession(); @@ -251,7 +253,7 @@ public function start() } // Another work-around ... PHP doesn't seem to send the session cookie // unless it is being currently created or regenerated - elseif (isset($_COOKIE[$this->sessionCookieName]) && $_COOKIE[$this->sessionCookieName] === session_id()) { + elseif (isset($_COOKIE[$cookieName]) && $_COOKIE[$cookieName] === session_id()) { $this->setCookie(); } @@ -271,7 +273,7 @@ public function start() public function stop() { setcookie( - $this->sessionCookieName, + $this->cookie->getPrefixedName(), session_id(), ['expires' => 1, 'path' => $this->cookie->getPath(), 'domain' => $this->cookie->getDomain(), 'secure' => $this->cookie->isSecure(), 'httponly' => true] ); @@ -286,10 +288,12 @@ public function stop() */ protected function configure() { - if (empty($this->sessionCookieName)) { - $this->sessionCookieName = ini_get('session.name'); + $cookieName = $this->cookie->getPrefixedName(); + + if (empty($cookieName)) { + $cookieName = ini_get('session.name'); } else { - ini_set('session.name', $this->sessionCookieName); + ini_set('session.name', $cookieName); } $sameSite = $this->cookie->getSameSite() ?: ucfirst(Cookie::SAMESITE_LAX); From b6e970f54125ef0a3e4cc503f00ea3bb8bf95a99 Mon Sep 17 00:00:00 2001 From: Cole Thorsen <959538+colethorsen@users.noreply.github.com> Date: Tue, 24 May 2022 08:20:00 -0700 Subject: [PATCH 3/6] update the userguide --- user_guide_src/source/helpers/cookie_helper.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user_guide_src/source/helpers/cookie_helper.rst b/user_guide_src/source/helpers/cookie_helper.rst index 683564ad652a..b911f767fa1a 100755 --- a/user_guide_src/source/helpers/cookie_helper.rst +++ b/user_guide_src/source/helpers/cookie_helper.rst @@ -39,10 +39,11 @@ The following functions are available: a description of its use, as this function is an alias for :php:func:`Response::setCookie() `. -.. php:function:: get_cookie($index[, $xssClean = false]) +.. php:function:: get_cookie($index[, $xssClean = false[, $prefix = null]]) :param string $index: Cookie name :param bool $xssClean: Whether to apply XSS filtering to the returned value + :param string $prefix: A custom prefix to overwrite what is set in the App Config :returns: The cookie value or null if not found :rtype: mixed From 74934201e922a6dec0d939c6661595196bcff21e Mon Sep 17 00:00:00 2001 From: Cole Thorsen <959538+colethorsen@users.noreply.github.com> Date: Tue, 24 May 2022 08:41:27 -0700 Subject: [PATCH 4/6] fix typo --- system/Session/Session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/Session/Session.php b/system/Session/Session.php index bbec8acfb34e..c806a27b8d70 100644 --- a/system/Session/Session.php +++ b/system/Session/Session.php @@ -227,7 +227,7 @@ public function start() return; } - $cookieName = $this->cookie->getPrefixedName(); + $cookieName = $this->cookie->getPrefixedName(); $this->configure(); $this->setSaveHandler(); From f1580a91e386269dfc913b50ab26e71f98de3a1b Mon Sep 17 00:00:00 2001 From: Cole Thorsen <959538+colethorsen@users.noreply.github.com> Date: Tue, 24 May 2022 08:42:35 -0700 Subject: [PATCH 5/6] fix nullable type hint --- system/Helpers/cookie_helper.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/Helpers/cookie_helper.php b/system/Helpers/cookie_helper.php index 75bdd1334a57..0354e8e8e50e 100755 --- a/system/Helpers/cookie_helper.php +++ b/system/Helpers/cookie_helper.php @@ -61,7 +61,7 @@ function set_cookie( * * @see \CodeIgniter\HTTP\IncomingRequest::getCookie() */ - function get_cookie($index, bool $xssClean = false, string $prefix = null) + function get_cookie($index, bool $xssClean = false, ?string $prefix = null) { $prefix = $prefix !== null ? $prefix : config(App::class)->cookiePrefix; $request = Services::request(); From 9d518f04458a56a6019152dd6c244193b7e92412 Mon Sep 17 00:00:00 2001 From: Cole Thorsen <959538+colethorsen@users.noreply.github.com> Date: Tue, 24 May 2022 08:55:09 -0700 Subject: [PATCH 6/6] change terinary to null coalessing --- system/Helpers/cookie_helper.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/Helpers/cookie_helper.php b/system/Helpers/cookie_helper.php index 0354e8e8e50e..9f0face4df27 100755 --- a/system/Helpers/cookie_helper.php +++ b/system/Helpers/cookie_helper.php @@ -63,7 +63,7 @@ function set_cookie( */ function get_cookie($index, bool $xssClean = false, ?string $prefix = null) { - $prefix = $prefix !== null ? $prefix : config(App::class)->cookiePrefix; + $prefix ??= config(App::class)->cookiePrefix; $request = Services::request(); $filter = $xssClean ? FILTER_SANITIZE_FULL_SPECIAL_CHARS : FILTER_DEFAULT;