search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[ZF-6295] Generic:
[zend.git] / library / Zend / Http / Cookie.php
bloba500fc5d26ed2dd48e647b66ae568fb8fcab09cf
1 <?php
2
3 /**
4 * Zend Framework
5 *
6 * LICENSE
7 *
8 * This source file is subject to the new BSD license that is bundled
9 * with this package in the file LICENSE.txt.
10 * It is also available through the world-wide-web at this URL:
11 * http://framework.zend.com/license/new-bsd
12 * If you did not receive a copy of the license and are unable to
13 * obtain it through the world-wide-web, please send an email
14 * to license@zend.com so we can send you a copy immediately.
15 *
16 * @category Zend
17 * @package Zend_Http
18 * @subpackage Cookie
19 * @copyright Copyright (c) 2005-2009 Zend Technologies USA Inc. (http://www.zend.com/)
20 * @version $Id$
21 * @license http://framework.zend.com/license/new-bsd New BSD License
22 */
23
24 require_once 'Zend/Uri/Http.php';
25
26
27 /**
28 * Zend_Http_Cookie is a class describing an HTTP cookie and all it's parameters.
29 *
30 * Zend_Http_Cookie is a class describing an HTTP cookie and all it's parameters. The
31 * class also enables validating whether the cookie should be sent to the server in
32 * a specified scenario according to the request URI, the expiry time and whether
33 * session cookies should be used or not. Generally speaking cookies should be
34 * contained in a Cookiejar object, or instantiated manually and added to an HTTP
35 * request.
36 *
37 * See http://wp.netscape.com/newsref/std/cookie_spec.html for some specs.
38 *
39 * @category Zend
40 * @package Zend_Http
41 * @copyright Copyright (c) 2005-2009 Zend Technologies USA Inc. (http://www.zend.com/)
42 * @license http://framework.zend.com/license/new-bsd New BSD License
43 */
44 class Zend_Http_Cookie
45 {
46 /**
47 * Cookie name
48 *
49 * @var string
50 */
51 protected $name;
52
53 /**
54 * Cookie value
55 *
56 * @var string
57 */
58 protected $value;
59
60 /**
61 * Cookie expiry date
62 *
63 * @var int
64 */
65 protected $expires;
66
67 /**
68 * Cookie domain
69 *
70 * @var string
71 */
72 protected $domain;
73
74 /**
75 * Cookie path
76 *
77 * @var string
78 */
79 protected $path;
80
81 /**
82 * Whether the cookie is secure or not
83 *
84 * @var boolean
85 */
86 protected $secure;
87
88 /**
89 * Cookie object constructor
90 *
91 * @todo Add validation of each one of the parameters (legal domain, etc.)
92 *
93 * @param string $name
94 * @param string $value
95 * @param string $domain
96 * @param int $expires
97 * @param string $path
98 * @param bool $secure
99 */
100 public function __construct($name, $value, $domain, $expires = null, $path = null, $secure = false)
101 {
102 if (preg_match("/[=,; \t\r\n\013\014]/", $name)) {
103 require_once 'Zend/Http/Exception.php';
104 throw new Zend_Http_Exception("Cookie name cannot contain these characters: =,; \\t\\r\\n\\013\\014 ({$name})");
105 }
106
107 if (! $this->name = (string) $name) {
108 require_once 'Zend/Http/Exception.php';
109 throw new Zend_Http_Exception('Cookies must have a name');
110 }
111
112 if (! $this->domain = (string) $domain) {
113 require_once 'Zend/Http/Exception.php';
114 throw new Zend_Http_Exception('Cookies must have a domain');
115 }
116
117 $this->value = (string) $value;
118 $this->expires = ($expires === null ? null : (int) $expires);
119 $this->path = ($path ? $path : '/');
120 $this->secure = $secure;
121 }
122
123 /**
124 * Get Cookie name
125 *
126 * @return string
127 */
128 public function getName()
129 {
130 return $this->name;
131 }
132
133 /**
134 * Get cookie value
135 *
136 * @return string
137 */
138 public function getValue()
139 {
140 return $this->value;
141 }
142
143 /**
144 * Get cookie domain
145 *
146 * @return string
147 */
148 public function getDomain()
149 {
150 return $this->domain;
151 }
152
153 /**
154 * Get the cookie path
155 *
156 * @return string
157 */
158 public function getPath()
159 {
160 return $this->path;
161 }
162
163 /**
164 * Get the expiry time of the cookie, or null if no expiry time is set
165 *
166 * @return int|null
167 */
168 public function getExpiryTime()
169 {
170 return $this->expires;
171 }
172
173 /**
174 * Check whether the cookie should only be sent over secure connections
175 *
176 * @return boolean
177 */
178 public function isSecure()
179 {
180 return $this->secure;
181 }
182
183 /**
184 * Check whether the cookie has expired
185 *
186 * Always returns false if the cookie is a session cookie (has no expiry time)
187 *
188 * @param int $now Timestamp to consider as "now"
189 * @return boolean
190 */
191 public function isExpired($now = null)
192 {
193 if ($now === null) $now = time();
194 if (is_int($this->expires) && $this->expires < $now) {
195 return true;
196 } else {
197 return false;
198 }
199 }
200
201 /**
202 * Check whether the cookie is a session cookie (has no expiry time set)
203 *
204 * @return boolean
205 */
206 public function isSessionCookie()
207 {
208 return ($this->expires === null);
209 }
210
211 /**
212 * Checks whether the cookie should be sent or not in a specific scenario
213 *
214 * @param string|Zend_Uri_Http $uri URI to check against (secure, domain, path)
215 * @param boolean $matchSessionCookies Whether to send session cookies
216 * @param int $now Override the current time when checking for expiry time
217 * @return boolean
218 */
219 public function match($uri, $matchSessionCookies = true, $now = null)
220 {
221 if (is_string ($uri)) {
222 $uri = Zend_Uri_Http::factory($uri);
223 }
224
225 // Make sure we have a valid Zend_Uri_Http object
226 if (! ($uri->valid() && ($uri->getScheme() == 'http' || $uri->getScheme() =='https'))) {
227 require_once 'Zend/Http/Exception.php';
228 throw new Zend_Http_Exception('Passed URI is not a valid HTTP or HTTPS URI');
229 }
230
231 // Check that the cookie is secure (if required) and not expired
232 if ($this->secure && $uri->getScheme() != 'https') return false;
233 if ($this->isExpired($now)) return false;
234 if ($this->isSessionCookie() && ! $matchSessionCookies) return false;
235
236 // Validate domain and path
237 // Domain is validated using tail match, while path is validated using head match
238 $domain_preg = preg_quote($this->getDomain(), "/");
239 if (! preg_match("/{$domain_preg}$/", $uri->getHost())) return false;
240 $path_preg = preg_quote($this->getPath(), "/");
241 if (! preg_match("/^{$path_preg}/", $uri->getPath())) return false;
242
243 // If we didn't die until now, return true.
244 return true;
245 }
246
247 /**
248 * Get the cookie as a string, suitable for sending as a "Cookie" header in an
249 * HTTP request
250 *
251 * @return string
252 */
253 public function __toString()
254 {
255 return $this->name . '=' . urlencode($this->value) . ';';
256 }
257
258 /**
259 * Generate a new Cookie object from a cookie string
260 * (for example the value of the Set-Cookie HTTP header)
261 *
262 * @param string $cookieStr
263 * @param Zend_Uri_Http|string $ref_uri Reference URI for default values (domain, path)
264 * @return Zend_Http_Cookie A new Zend_Http_Cookie object or false on failure.
265 */
266 public static function fromString($cookieStr, $ref_uri = null)
267 {
268 // Set default values
269 if (is_string($ref_uri)) {
270 $ref_uri = Zend_Uri_Http::factory($ref_uri);
271 }
272
273 $name = '';
274 $value = '';
275 $domain = '';
276 $path = '';
277 $expires = null;
278 $secure = false;
279 $parts = explode(';', $cookieStr);
280
281 // If first part does not include '=', fail
282 if (strpos($parts[0], '=') === false) return false;
283
284 // Get the name and value of the cookie
285 list($name, $value) = explode('=', trim(array_shift($parts)), 2);
286 $name = trim($name);
287 $value = urldecode(trim($value));
288
289 // Set default domain and path
290 if ($ref_uri instanceof Zend_Uri_Http) {
291 $domain = $ref_uri->getHost();
292 $path = $ref_uri->getPath();
293 $path = substr($path, 0, strrpos($path, '/'));
294 }
295
296 // Set other cookie parameters
297 foreach ($parts as $part) {
298 $part = trim($part);
299 if (strtolower($part) == 'secure') {
300 $secure = true;
301 continue;
302 }
303
304 $keyValue = explode('=', $part, 2);
305 if (count($keyValue) == 2) {
306 list($k, $v) = $keyValue;
307 switch (strtolower($k)) {
308 case 'expires':
309 if(($expires = strtotime($v)) === false) {
310 /**
311 * The expiration is past Tue, 19 Jan 2038 03:14:07 UTC
312 * the maximum for 32-bit signed integer. Zend_Date
313 * can get around that limit.
314 *
315 * @see Zend_Date
316 */
317 require_once 'Zend/Date.php';
318
319 $expireDate = new Zend_Date($v);
320 $expires = $expireDate->getTimestamp();
321 }
322 break;
323
324 case 'path':
325 $path = $v;
326 break;
327
328 case 'domain':
329 $domain = $v;
330 break;
331
332 default:
333 break;
334 }
335 }
336 }
337
338 if ($name !== '') {
339 return new self($name, $value, $domain, $expires, $path, $secure);
340 } else {
341 return false;
342 }
343 }
344 }