Merged CodeIgniter Core changes and integrated rob1's secure cookie change into my secure cookie change.
diff --git a/application/config/config.php b/application/config/config.php
index dc029a9..1ec6543 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -262,11 +262,13 @@
| 'cookie_prefix' = Set a prefix if you need to avoid collisions
| 'cookie_domain' = Set to .your-domain.com for site-wide cookies
| 'cookie_path' = Typically will be a forward slash
+| 'cookie_secure' = Cookies will only be set if a secure HTTPS connection exists.
|
*/
-$config['cookie_prefix'] = '';
-$config['cookie_domain'] = '';
-$config['cookie_path'] = '/';
+$config['cookie_prefix'] = "";
+$config['cookie_domain'] = "";
+$config['cookie_path'] = "/";
+$config['cookie_secure'] = FALSE;
/*
|--------------------------------------------------------------------------
@@ -357,4 +359,4 @@
/* End of file config.php */
-/* Location: ./application/config/config.php */
\ No newline at end of file
+/* Location: ./application/config/config.php */
diff --git a/system/core/Input.php b/system/core/Input.php
index 3957aa6..25fe102 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -211,7 +211,7 @@
* @param bool true makes the cookie secure
* @return void
*/
- function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE)
+ function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = NULL)
{
if (is_array($name))
{
@@ -246,6 +246,12 @@
$expire = ($expire > 0) ? time() + $expire : 0;
}
+ // If TRUE/FALSE is not provided, use the config
+ if ( ! is_bool($secure))
+ {
+ $secure = (bool) (config_item('cookie_secure') === TRUE);
+ }
+
setcookie($prefix.$name, $value, $expire, $path, $domain, $secure);
}
@@ -676,4 +682,4 @@
// END Input class
/* End of file Input.php */
-/* Location: ./system/core/Input.php */
\ No newline at end of file
+/* Location: ./system/core/Input.php */
diff --git a/system/helpers/array_helper.php b/system/helpers/array_helper.php
index 6b2415d..075a31f 100644
--- a/system/helpers/array_helper.php
+++ b/system/helpers/array_helper.php
@@ -69,6 +69,7 @@
{
return $array;
}
+
return $array[array_rand($array)];
}
}
diff --git a/system/libraries/Security.php b/system/libraries/Security.php
index 9189686..58db4e7 100644
--- a/system/libraries/Security.php
+++ b/system/libraries/Security.php
@@ -117,8 +117,9 @@
public function csrf_set_cookie()
{
$expire = time() + $this->csrf_expire;
+ $secure_cookie = (config_item('cookie_secure') === TRUE) ? 1 : 0;
- setcookie($this->csrf_cookie_name, $this->csrf_hash, $expire, config_item('cookie_path'), config_item('cookie_domain'), 0);
+ setcookie($this->csrf_cookie_name, $this->csrf_hash, $expire, config_item('cookie_path'), config_item('cookie_domain'), $secure_cookie);
log_message('debug', "CRSF cookie Set");
}
diff --git a/system/libraries/Session.php b/system/libraries/Session.php
index 53ff4f5..0b94340 100644
--- a/system/libraries/Session.php
+++ b/system/libraries/Session.php
@@ -658,6 +658,8 @@
}
$expire = ($this->sess_expire_on_close === TRUE) ? 0 : $this->sess_expiration + time();
+
+ $secure_cookie = (config_item('cookie_secure') === TRUE) ? 1 : 0;
// Set the cookie
setcookie(
@@ -666,7 +668,7 @@
$expire,
$this->cookie_path,
$this->cookie_domain,
- 0
+ $secure_cookie
);
}
diff --git a/system/libraries/Table.php b/system/libraries/Table.php
index 2a1a95b..def6967 100644
--- a/system/libraries/Table.php
+++ b/system/libraries/Table.php
@@ -367,6 +367,9 @@
$out .= $this->template['table_close'];
+ // Clear table class properties before generating the table
+ $this->clear();
+
return $out;
}
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index c8c42d8..e15ea1b 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -142,7 +142,8 @@
*/
public function do_upload($field = 'userfile')
{
- // Is $_FILES[$field] set? If not, no reason to continue.
+
+ // Is $_FILES[$field] set? If not, no reason to continue.
if ( ! isset($_FILES[$field]))
{
$this->set_error('upload_no_file_selected');
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index ab825c8..d759686 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -64,6 +64,11 @@
Hg Tag: n/a</p>
<ul>
+ <li>General changes
+ <ul>
+ <li>Added <kbd>$config['cookie_secure']</kbd> to the config file to allow requiring a secure (HTTPS) in order to set cookies.</li>
+ </ul>
+ </li>
<li>Libraries
<ul>
<li class="reactor">Added <kbd>decimal</kbd>, <kbd>less_than</kbd> and <kbd>greater_than</kbd> rules to the <a href="libraries/form_validation.html">Form validation Class</a>.</li>
diff --git a/user_guide/libraries/javascript.html b/user_guide/libraries/javascript.html
index 18b7181..4cd751f 100644
--- a/user_guide/libraries/javascript.html
+++ b/user_guide/libraries/javascript.html
@@ -2,7 +2,7 @@
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
-<title>JavaScript Driver : CodeIgniter User Guide</title>
+<title>CodeIgniter User Guide : JavaScript Class</title>
<style type='text/css' media='all'>@import url('../userguide.css');</style>
<link rel='stylesheet' type='text/css' media='all' href='../userguide.css' />
@@ -58,7 +58,7 @@
<p class="important"><strong>Note:</strong> This driver is experimental. Its feature set and implementation may change in future releases.</p><br>
-<h1>Javascript Driver</h1>
+<h1>Javascript Class</h1>
<p>CodeIgniter provides a library to help you with certain common functions that you may want to use with Javascript. Please note that CodeIgniter does not require the jQuery library to run, and that any scripting library will work equally well. The jQuery library is simply presented as a convenience if you choose to use it.</p>
<h2>Initializing the Class</h2>
<p>To initialize the Javascript class manually in your controller constructor, use the <dfn>$this->load->library</dfn> function. Currently, the only available library is jQuery, which will automatically be loaded like this:</p>
@@ -244,4 +244,4 @@
</div>
</body>
-</html>
\ No newline at end of file
+</html>