Changes for #451

This commit is contained in:
the-djmaze 2022-07-07 00:37:29 +02:00
parent f69a4c3997
commit d8b2253351

View file

@ -99,36 +99,57 @@ class Utils
*/ */
public static function GetCookie(string $sName, $mDefault = null) public static function GetCookie(string $sName, $mDefault = null)
{ {
return isset($_COOKIE[$sName]) ? $_COOKIE[$sName] : $mDefault; if (isset($_COOKIE[$sName])) {
$aParts = [];
foreach (\array_keys($_COOKIE) as $sCookieName) {
if (\strtok($sCookieName, '~') === $sName) {
$aParts[$sCookieName] = $_COOKIE[$sCookieName];
}
}
\ksort($aParts);
return \implode('', $aParts);
}
return $mDefault;
} }
public static function GetSecureCookie(string $sName) public static function GetSecureCookie(string $sName)
{ {
return isset($_COOKIE[$sName]) && 1024 > \strlen($_COOKIE[$sName]) return isset($_COOKIE[$sName])
? \SnappyMail\Crypt::DecryptFromJSON(\MailSo\Base\Utils::UrlSafeBase64Decode($_COOKIE[$sName])) ? \SnappyMail\Crypt::DecryptFromJSON(\MailSo\Base\Utils::UrlSafeBase64Decode(static::GetCookie($sName)))
: null; : null;
} }
public static function SetCookie(string $sName, string $sValue = '', int $iExpire = 0, bool $bHttpOnly = true) public static function SetCookie(string $sName, string $sValue = '', int $iExpire = 0, bool $bHttpOnly = true)
{ {
$sPath = static::$CookieDefaultPath; $sPath = static::$CookieDefaultPath;
$sPath = $sPath && \strlen($sPath) ? $sPath : '/';
$_COOKIE[$sName] = $sValue; $_COOKIE[$sName] = $sValue;
\setcookie($sName, $sValue, array( // https://github.com/the-djmaze/snappymail/issues/451
// The 4K browser limit is for the entire cookie, including name, value, expiry date etc.
$iMaxSize = 4000 - \strlen($sPath . $sName);
if ($iMaxSize < \strlen($sValue)) {
throw new \Exception("Cookie '{$sName}' value too long");
}
foreach (\str_split($sValue, $iMaxSize) as $i => $sPart) {
\setcookie($i ? "{$sName}~{$i}" : $sName, $sPart, array(
'expires' => $iExpire, 'expires' => $iExpire,
'path' => $sPath && \strlen($sPath) ? $sPath : '/', 'path' => $sPath,
// 'domain' => $sDomain, // 'domain' => $sDomain,
'secure' => isset($_SERVER['HTTPS']) || static::$CookieDefaultSecure, 'secure' => isset($_SERVER['HTTPS']) || static::$CookieDefaultSecure,
'httponly' => $bHttpOnly, 'httponly' => $bHttpOnly,
'samesite' => 'Strict' 'samesite' => 'Strict'
)); ));
} }
}
public static function ClearCookie(string $sName) public static function ClearCookie(string $sName)
{ {
if (isset($_COOKIE[$sName])) { if (isset($_COOKIE[$sName])) {
$sPath = static::$CookieDefaultPath; $sPath = static::$CookieDefaultPath;
unset($_COOKIE[$sName]); foreach (\array_keys($_COOKIE) as $sCookieName) {
\setcookie($sName, '', array( if (\strtok($sCookieName, '~') === $sName) {
unset($_COOKIE[$sCookieName]);
\setcookie($sCookieName, '', array(
'expires' => \time() - 3600 * 24 * 30, 'expires' => \time() - 3600 * 24 * 30,
'path' => $sPath && \strlen($sPath) ? $sPath : '/', 'path' => $sPath && \strlen($sPath) ? $sPath : '/',
// 'domain' => null, // 'domain' => null,
@ -138,6 +159,8 @@ class Utils
)); ));
} }
} }
}
}
public static function UrlEncode(string $sV, bool $bEncode = false) : string public static function UrlEncode(string $sV, bool $bEncode = false) : string
{ {