[MediaWiki-commits] [Gerrit] Set a non-secure attribute when clearing a cookie - change (mediawiki/core)

Wed, 28 Aug 2013 18:47:58 -0700 

Seb35 has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/81614


Change subject: Set a non-secure attribute when clearing a cookie
......................................................................

Set a non-secure attribute when clearing a cookie

Added a parameter to User::clearCookie to set specify
the status of the Secure attribute of the cookie.

Used this parameter for the forceHTTPS cookie which
might be requested to be non-secure when cleared.

Bug: 53379
Change-Id: I01d18127a2206afe695b513714cfec683dd710ec
---
M includes/User.php
1 file changed, 7 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/14/81614/1

diff --git a/includes/User.php b/includes/User.php
index 25b35b3..1401aa8 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -3144,9 +3144,13 @@
        /**
         * Clear a cookie on the user's client
         * @param string $name Name of the cookie to clear
+        * @param bool $secure
+        *  true: Force setting the secure attribute when setting the cookie
+        *  false: Force NOT setting the secure attribute when setting the 
cookie
+        *  null (default): Use the default ($wgCookieSecure) to set the secure 
attribute
         */
-       protected function clearCookie( $name ) {
-               $this->setCookie( $name, '', time() - 86400 );
+       protected function clearCookie( $name, $secure = null ) {
+               $this->setCookie( $name, '', time() - 86400, $secure );
        }
 
        /**
@@ -3231,7 +3235,7 @@
 
                $this->clearCookie( 'UserID' );
                $this->clearCookie( 'Token' );
-               $this->clearCookie( 'forceHTTPS' );
+               $this->clearCookie( 'forceHTTPS', false );
 
                // Remember when user logged out, to prevent seeing cached pages
                $this->setCookie( 'LoggedOut', time(), time() + 86400 );

-- 
To view, visit https://gerrit.wikimedia.org/r/81614
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I01d18127a2206afe695b513714cfec683dd710ec
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Seb35 <seb35wikipe...@gmail.com>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to