diff --git a/lib/SimpleSAML/SessionHandler.php b/lib/SimpleSAML/SessionHandler.php index 8ad3a135f82e09edbed67364370e5ac43599b008..9586d56e97a1d35f78d887a44b4dda1996e63cdb 100644 --- a/lib/SimpleSAML/SessionHandler.php +++ b/lib/SimpleSAML/SessionHandler.php @@ -155,7 +155,7 @@ abstract class SimpleSAML_SessionHandler { $params = $this->getCookieParams(); } - SimpleSAML_Utilities::setCookie($name, $value, $params); + \SimpleSAML\Utils\HTTP::setCookie($name, $value, $params); } } diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php index 410730202132e137e3541332817753acae6b8d74..b8717e82f4f555506a458c8a621c4c7f1e1f9911 100644 --- a/lib/SimpleSAML/Utilities.php +++ b/lib/SimpleSAML/Utilities.php @@ -1060,62 +1060,10 @@ class SimpleSAML_Utilities { /** - * Set a cookie. - * - * @param string $name The name of the session cookie. - * @param string|NULL $value The value of the cookie. Set to NULL to delete the cookie. - * @param array|NULL $params Cookie parameters. - * @param bool $throw Whether to throw exception if setcookie fails. + * @deprecated This method will be removed in SSP 2.0. Please use SimpleSAML\Utils\HTTP::setCookie() instead. */ public static function setCookie($name, $value, array $params = NULL, $throw = TRUE) { - assert('is_string($name)'); - assert('is_string($value) || is_null($value)'); - - $default_params = array( - 'lifetime' => 0, - 'expire' => NULL, - 'path' => '/', - 'domain' => NULL, - 'secure' => FALSE, - 'httponly' => TRUE, - 'raw' => FALSE, - ); - - if ($params !== NULL) { - $params = array_merge($default_params, $params); - } else { - $params = $default_params; - } - - // Do not set secure cookie if not on HTTPS - if ($params['secure'] && !self::isHTTPS()) { - SimpleSAML_Logger::warning('Setting secure cookie on http not allowed.'); - return; - } - - if ($value === NULL) { - $expire = time() - 365*24*60*60; - } elseif (isset($params['expire'])) { - $expire = $params['expire']; - } elseif ($params['lifetime'] === 0) { - $expire = 0; - } else { - $expire = time() + $params['lifetime']; - } - - if ($params['raw']) { - $success = setrawcookie($name, $value, $expire, $params['path'], $params['domain'], $params['secure'], $params['httponly']); - } else { - $success = setcookie($name, $value, $expire, $params['path'], $params['domain'], $params['secure'], $params['httponly']); - } - - if (!$success) { - if ($throw) { - throw new SimpleSAML_Error_Exception('Error setting cookie - headers already sent.'); - } else { - SimpleSAML_Logger::warning('Error setting cookie - headers already sent.'); - } - } + return \SimpleSAML\Utils\HTTP::setCookie($name, $value, $params, $throw); } } diff --git a/lib/SimpleSAML/Utils/HTTP.php b/lib/SimpleSAML/Utils/HTTP.php index 59be933008ca450259b3b428d084e45129a4370d..bffe910a0d4aa7343c09a6cb5dc1cdf50e13595b 100644 --- a/lib/SimpleSAML/Utils/HTTP.php +++ b/lib/SimpleSAML/Utils/HTTP.php @@ -194,8 +194,8 @@ class HTTP * Save the given HTTP POST data and the destination where it should be posted to a given session. * * @param \SimpleSAML_Session $session The session where to temporarily store the data. - * @param string $destination The destination URL where the form should be posted. - * @param array $data An associative array with the data to be posted to $destination. + * @param string $destination The destination URL where the form should be posted. + * @param array $data An associative array with the data to be posted to $destination. * * @return string A random identifier that can be used to retrieve the data from the current session. * @@ -822,6 +822,80 @@ class HTTP } + /** + * Set a cookie. + * + * @param string $name The name of the cookie. + * @param string|NULL $value The value of the cookie. Set to NULL to delete the cookie. + * @param array|NULL $params Cookie parameters. + * @param bool $throw Whether to throw exception if setcookie() fails. + * + * @throws \SimpleSAML_Error_Exception If any parameter has an incorrect type or the if the headers were already + * sent and the cookie cannot be set. + * + * @author Andjelko Horvat + * @author Jaime Perez, UNINETT AS <jaime.perez@uninett.no> + */ + public static function setCookie($name, $value, $params = null, $throw = true) + { + if (!(is_string($name) && // $name must be a string + (is_string($value) || is_null($value)) && // $value can be a string or null + (is_array($params) || is_null($params)) && // $params can be an array or null + is_bool($throw)) // $throw must be boolean + ) { + throw new \SimpleSAML_Error_Exception('Invalid input parameters.'); + } + + $default_params = array( + 'lifetime' => 0, + 'expire' => null, + 'path' => '/', + 'domain' => null, + 'secure' => false, + 'httponly' => true, + 'raw' => false, + ); + + if ($params !== null) { + $params = array_merge($default_params, $params); + } else { + $params = $default_params; + } + + // Do not set secure cookie if not on HTTPS + if ($params['secure'] && !self::isHTTPS()) { + \SimpleSAML_Logger::warning('Setting secure cookie on plain HTTP is not allowed.'); + return; + } + + if ($value === null) { + $expire = time() - 365 * 24 * 60 * 60; + } elseif (isset($params['expire'])) { + $expire = $params['expire']; + } elseif ($params['lifetime'] === 0) { + $expire = 0; + } else { + $expire = time() + $params['lifetime']; + } + + if ($params['raw']) { + $success = setrawcookie($name, $value, $expire, $params['path'], $params['domain'], $params['secure'], + $params['httponly']); + } else { + $success = setcookie($name, $value, $expire, $params['path'], $params['domain'], $params['secure'], + $params['httponly']); + } + + if (!$success) { + if ($throw) { + throw new \SimpleSAML_Error_Exception('Error setting cookie: headers already sent.'); + } else { + \SimpleSAML_Logger::warning('Error setting cookie: headers already sent.'); + } + } + } + + /** * Submit a POST form to a specific destination. * diff --git a/lib/SimpleSAML/XHTML/IdPDisco.php b/lib/SimpleSAML/XHTML/IdPDisco.php index f423ca7100fdc10cbdffa62985ab22245c3dce1b..f64dac92b431e7ac4c51da2dacf7eb4e2886f27b 100644 --- a/lib/SimpleSAML/XHTML/IdPDisco.php +++ b/lib/SimpleSAML/XHTML/IdPDisco.php @@ -197,7 +197,7 @@ class SimpleSAML_XHTML_IdPDisco { 'httponly' => FALSE, ); - SimpleSAML_Utilities::setCookie($prefixedName, $value, $params, FALSE); + \SimpleSAML\Utils\HTTP::setCookie($prefixedName, $value, $params, FALSE); } diff --git a/lib/SimpleSAML/XHTML/Template.php b/lib/SimpleSAML/XHTML/Template.php index b47cc772c6da9369732c8e6b1803d38f8c202ca7..68275de8b5d52d5446d58f9d3741eadf24463ff1 100644 --- a/lib/SimpleSAML/XHTML/Template.php +++ b/lib/SimpleSAML/XHTML/Template.php @@ -711,7 +711,7 @@ class SimpleSAML_XHTML_Template { 'httponly' => FALSE, ); - SimpleSAML_Utilities::setCookie($name, $language, $params, FALSE); + \SimpleSAML\Utils\HTTP::setCookie($name, $language, $params, FALSE); } } diff --git a/modules/cdc/lib/Server.php b/modules/cdc/lib/Server.php index 41cffb927ebc51d274c1801bdacd989d6b2932ce..890e4376ed95ca244135fde74135b6cc894383ee 100644 --- a/modules/cdc/lib/Server.php +++ b/modules/cdc/lib/Server.php @@ -211,7 +211,7 @@ class sspmod_cdc_Server { 'httponly' => FALSE, ); - SimpleSAML_Utilities::setCookie('_saml_idp', NULL, $params, FALSE); + \SimpleSAML\Utils\HTTP::setCookie('_saml_idp', NULL, $params, FALSE); return 'ok'; } @@ -407,7 +407,7 @@ class sspmod_cdc_Server { 'httponly' => FALSE, ); - SimpleSAML_Utilities::setCookie('_saml_idp', $cookie, $params, FALSE); + \SimpleSAML\Utils\HTTP::setCookie('_saml_idp', $cookie, $params, FALSE); } } diff --git a/modules/consent/lib/Consent/Store/Cookie.php b/modules/consent/lib/Consent/Store/Cookie.php index 5790fa684d26746beca3814bb3065f654f2dc8b7..7eb153e8e4ee097fccef0334fa279ebbb1bb85e1 100644 --- a/modules/consent/lib/Consent/Store/Cookie.php +++ b/modules/consent/lib/Consent/Store/Cookie.php @@ -279,7 +279,7 @@ class sspmod_consent_Consent_Store_Cookie extends sspmod_consent_Store $params['secure'] = false; } - SimpleSAML_Utilities::setCookie($name, $value, $params, FALSE); + \SimpleSAML\Utils\HTTP::setCookie($name, $value, $params, FALSE); } } diff --git a/modules/core/www/cleardiscochoices.php b/modules/core/www/cleardiscochoices.php index afd72997fea12bd52d4ea6987401adf59cc6694d..6a1b0729147d4952d5950284ea3b469f5e719098 100644 --- a/modules/core/www/cleardiscochoices.php +++ b/modules/core/www/cleardiscochoices.php @@ -20,7 +20,7 @@ foreach($_COOKIE as $cookieName => $value) { /* Delete the cookie. We delete it once without the secure flag and once with the secure flag. This * ensures that the cookie will be deleted in any case. */ - SimpleSAML_Utilities::setCookie($cookieName, NULL, array('path' => $cookiePath, 'httponly' => FALSE), FALSE); + \SimpleSAML\Utils\HTTP::setCookie($cookieName, NULL, array('path' => $cookiePath, 'httponly' => FALSE), FALSE); } diff --git a/modules/core/www/loginuserpass.php b/modules/core/www/loginuserpass.php index 4ce0f93e66dca80463268a4d82b83c8bbb584778..f253ac53232e1b86fc95014e79dcdc8a06243de5 100644 --- a/modules/core/www/loginuserpass.php +++ b/modules/core/www/loginuserpass.php @@ -53,7 +53,7 @@ if (!empty($_REQUEST['username']) || !empty($password)) { $params = $sessionHandler->getCookieParams(); $params['expire'] = time(); $params['expire'] += (isset($_REQUEST['remember_username']) && $_REQUEST['remember_username'] == 'Yes' ? 31536000 : -300); - SimpleSAML_Utilities::setCookie($source->getAuthId() . '-username', $username, $params, FALSE); + \SimpleSAML\Utils\HTTP::setCookie($source->getAuthId() . '-username', $username, $params, FALSE); } if ($source->isRememberMeEnabled()) { diff --git a/modules/core/www/loginuserpassorg.php b/modules/core/www/loginuserpassorg.php index ad4ba44b04b2bf7c2ace3de4cf47e10c57e05d95..441f046aa320c4b42fc31a1d66de9ea5e3d0c303 100644 --- a/modules/core/www/loginuserpassorg.php +++ b/modules/core/www/loginuserpassorg.php @@ -57,7 +57,7 @@ if ($organizations === NULL || !empty($organization)) { $params = $sessionHandler->getCookieParams(); $params['expire'] = time(); $params['expire'] += (isset($_REQUEST['remember_username']) && $_REQUEST['remember_username'] == 'Yes' ? 31536000 : -300); - SimpleSAML_Utilities::setCookie($source->getAuthId() . '-username', $username, $params, FALSE); + \SimpleSAML\Utils\HTTP::setCookie($source->getAuthId() . '-username', $username, $params, FALSE); } try { diff --git a/modules/discopower/lib/PowerIdPDisco.php b/modules/discopower/lib/PowerIdPDisco.php index aaed123b69c9eabcb45e2231f66fd6f847d1f909..cf673c4c9f1b0053224fcfffe7361a36190e19f0 100644 --- a/modules/discopower/lib/PowerIdPDisco.php +++ b/modules/discopower/lib/PowerIdPDisco.php @@ -306,7 +306,7 @@ class sspmod_discopower_PowerIdPDisco extends SimpleSAML_XHTML_IdPDisco { 'secure' => TRUE, 'httponly' => FALSE, ); - SimpleSAML_Utilities::setCookie('_saml_idp', $newCookie, $params, FALSE); + \SimpleSAML\Utils\HTTP::setCookie('_saml_idp', $newCookie, $params, FALSE); } diff --git a/modules/multiauth/lib/Auth/Source/MultiAuth.php b/modules/multiauth/lib/Auth/Source/MultiAuth.php index de7fcd4b006f5201a810715c0f4c41dc3c550e39..3e5b853a78eecceec1bb80ae10c5680369c72cc9 100644 --- a/modules/multiauth/lib/Auth/Source/MultiAuth.php +++ b/modules/multiauth/lib/Auth/Source/MultiAuth.php @@ -208,7 +208,7 @@ class sspmod_multiauth_Auth_Source_MultiAuth extends SimpleSAML_Auth_Source { 'httponly' => FALSE, ); - SimpleSAML_Utilities::setCookie($cookieName, $source, $params, FALSE); + \SimpleSAML\Utils\HTTP::setCookie($cookieName, $source, $params, FALSE); } /** diff --git a/modules/negotiate/www/disable.php b/modules/negotiate/www/disable.php index 1cda47ee96d1ee2cad03d399e37dbdb1939868ed..52620042d162bcf9d41d3a3d07869dd9a2aa670f 100644 --- a/modules/negotiate/www/disable.php +++ b/modules/negotiate/www/disable.php @@ -13,7 +13,7 @@ $params = array( 'secure' => FALSE, 'httponly' => TRUE, ); -SimpleSAML_Utilities::setCookie('NEGOTIATE_AUTOLOGIN_DISABLE_PERMANENT', 'True', $params, FALSE); +\SimpleSAML\Utils\HTTP::setCookie('NEGOTIATE_AUTOLOGIN_DISABLE_PERMANENT', 'True', $params, FALSE); $globalConfig = SimpleSAML_Configuration::getInstance(); $session = SimpleSAML_Session::getSessionFromRequest(); diff --git a/modules/negotiate/www/enable.php b/modules/negotiate/www/enable.php index 0eda57367bc22ef9b356a2c1f52feec1ec64a823..56d66a865e83a6fa6113629f8a2a9ff062a1f41f 100644 --- a/modules/negotiate/www/enable.php +++ b/modules/negotiate/www/enable.php @@ -12,7 +12,7 @@ $params = array( 'secure' => FALSE, 'httponly' => TRUE, ); -SimpleSAML_Utilities::setCookie('NEGOTIATE_AUTOLOGIN_DISABLE_PERMANENT', NULL, $params, FALSE); +\SimpleSAML\Utils\HTTP::setCookie('NEGOTIATE_AUTOLOGIN_DISABLE_PERMANENT', NULL, $params, FALSE); $globalConfig = SimpleSAML_Configuration::getInstance(); $session = SimpleSAML_Session::getSessionFromRequest();