private function setCookie($cookieString) { # The script can handle cookies following the Netscape specification # (or close enough!) and supports "Max-Age" from RFC2109 # Split parts by ; $cookieParts = explode(';', $cookieString); # Process each line foreach ($cookieParts as $part) { # Split attribute/value pairs by = $pair = explode('=', $part, 2); # Ensure we have a second part $pair[1] = isset($pair[1]) ? $pair[1] : ''; # First pair must be name/cookie value if (!isset($cookieName)) { # Name is first pair item, value is second $cookieName = $pair[0]; $cookieValue = $pair[1]; # Skip rest of loop and start processing attributes continue; } # If still here, must be an attribute (case-insensitive so lower it) $pair[0] = strtolower($pair[0]); # And save in array if ($pair[1]) { # We have a attribute/value pair so save as associative $attr[ltrim($pair[0])] = $pair[1]; } else { # Not a pair, just a value $attr[] = $pair[0]; } } # All cookies need to be sent to this script (and then we choose # the correct cookies to forward to the client) so the extra attributes # (path, domain, etc.) must be stored in the cookie itself # Cookies stored as c[domain.com][path][cookie_name] with values of # cookie_value;secure; # If encoded, cookie name becomes c[base64_encode(domain.com path cookie_name)] # Find the EXPIRES date if (isset($attr['expires'])) { # From the "Expires" attribute (original Netscape spec) $expires = strtotime($attr['expires']); } else { if (isset($attr['max-age'])) { # From the "Max-Age" attribute (RFC2109) $expires = $_SERVER['REQUEST_TIME'] + $attr['max-age']; } else { # Default to temp cookies $expires = 0; } } # If temp cookies, override expiry date to end of session unless time # is in the past since that means the cookie should be deleted if ($this->browsingOptions['tempCookies'] && $expires > $_SERVER['REQUEST_TIME']) { $expires = 0; } # Find the PATH. The spec says if none found, default to the current path. # Certain browsers default to the the root path so we'll do the same. if (!isset($attr['path'])) { $attr['path'] = '/'; } # Were we sent a DOMAIN? if (isset($attr['domain'])) { # Ensure it's valid and we can accept this cookie if (stripos($attr['domain'], $this->URL['domain']) === false) { # Our current domain does not match the specified domain # so we reject the cookie return; } # Some cookies will be sent with the domain starting with . as per RFC2109 # The . then has to be stripped off by us when doing the tail match to determine # which cookies to send since ".glype.com" should match "glype.com". It's more # efficient to do any manipulations while forwarding cookies than on every request if ($attr['domain'][0] == '.') { $attr['domain'] = substr($attr['domain'], 1); } } else { # No domain sent so use current domain $attr['domain'] = $this->URL['domain']; } # Check for SECURE cookie $sentSecure = in_array('secure', $attr); # Append "[SEC]" to cookie value if we should only forward to secure connections if ($sentSecure) { $cookieValue .= '!SEC'; } # If we're on HTTPS, we can also send this cookie back as secure $secure = HTTPS && $sentSecure; # If the PHP version is recent enough, we can also forward the httponly flag $httponly = in_array('httponly', $attr) && version_compare(PHP_VERSION, '5.2.0', '>=') ? true : false; # Prepare cookie name/value to save as $name = COOKIE_PREFIX . '[' . $attr['domain'] . '][' . $attr['path'] . '][' . inputEncode($cookieName) . ']'; $value = $cookieValue; # Add encodings if ($this->forwardCookies == 'encode') { $name = COOKIE_PREFIX . '[' . urlencode(base64_encode($attr['domain'] . ' ' . $attr['path'] . ' ' . urlencode($cookieName))) . ']'; $value = base64_encode($value); } # Send cookie ... if ($httponly) { # ... with httponly flag setcookie($name, $value, $expires, '/', '', $secure, true); } else { # ... without httponly flag setcookie($name, $value, $expires, '/', '', $secure); } # And log if in debug mode if (DEBUG_MODE) { $this->cookiesReceived[] = array('name' => $cookieName, 'value' => $cookieValue, 'attributes' => $attr); } }
function html_inputName($input) { return 'name=' . $input[1] . inputEncode($input[2]) . $input[1]; }