Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / 4ad0fd86e8dc6dba74305dbb0c88c593b46a19a2^! / . / system / core
commit4ad0fd86e8dc6dba74305dbb0c88c593b46a19a2[log] [tgz]
authorfreewil <sean@eternalrise.com>Tue Mar 13 22:37:42 2012 -0400
committerfreewil <sean@eternalrise.com>Sun Mar 18 14:32:17 2012 -0400
treece86c3c8958b2df033c873386f6f8261bc40b0eb
parente464b39b8594ef317cf5b47b4e130ee9f63e7bd5 [diff]
add support for httponly cookies

diff --git a/system/core/Input.php b/system/core/Input.php
index 901b414..6e68859 100755
--- a/system/core/Input.php
+++ b/system/core/Input.php

@@ -228,7 +228,7 @@
 	/**
 	* Set cookie
 	*
-	* Accepts six parameter, or you can submit an associative
+	* Accepts seven parameters, or you can submit an associative
 	* array in the first parameter containing all the values.
 	*
 	* @param	mixed
@@ -238,14 +238,15 @@
 	* @param	string	the cookie path
 	* @param	string	the cookie prefix
 	* @param	bool	true makes the cookie secure
+	* @param	bool	true makes the cookie accessible via http(s) only (no javascript)
 	* @return	void
 	*/
-	public function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE)
+	public function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE, $httponly = FALSE)
 	{
 		if (is_array($name))
 		{
 			// always leave 'name' in last place, as the loop will break otherwise, due to $$item
-			foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'name') as $item)
+			foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'httponly', 'name') as $item)
 			{
 				if (isset($name[$item]))
 				{
@@ -270,6 +271,10 @@
 		{
 			$secure = config_item('cookie_secure');
 		}
+		if ($httponly == FALSE && config_item('cookie_httponly') != FALSE)
+		{
+			$httponly = config_item('cookie_httponly');
+		}
 
 		if ( ! is_numeric($expire))
 		{
@@ -280,7 +285,7 @@
 			$expire = ($expire > 0) ? time() + $expire : 0;
 		}
 
-		setcookie($prefix.$name, $value, $expire, $path, $domain, $secure);
+		setcookie($prefix.$name, $value, $expire, $path, $domain, $secure, $httponly);
 	}
 
 	// --------------------------------------------------------------------

diff --git a/system/core/Security.php b/system/core/Security.php
index cd8a610..ac39ce9 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php

@@ -196,7 +196,15 @@
 			return FALSE;
 		}
 
-		setcookie($this->_csrf_cookie_name, $this->_csrf_hash, $expire, config_item('cookie_path'), config_item('cookie_domain'), $secure_cookie);
+		setcookie(
+			$this->_csrf_cookie_name, 
+			$this->_csrf_hash, 
+			$expire, 
+			config_item('cookie_path'), 
+			config_item('cookie_domain'), 
+			$secure_cookie,
+			config_item('cookie_httponly')
+		);
 		log_message('debug', 'CRSF cookie Set');
 
 		return $this;