Issues in Cookie.php - New Issues - Inspection of "Debug locationAPI & comment error" - mmainstreet/jodel-web - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 62cb27...c16962 )

by mains

created 2017-04-20 22:11 UTC

php/Requests/libary/Requests/Cookie.php (1 issue)

Labels

Coding Style 1

Severity

Informational 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Cookie storage object
 *
 * @package Requests
 * @subpackage Cookies
 */

/**
 * Cookie storage object
 *
 * @package Requests
 * @subpackage Cookies
 */
class Requests_Cookie {
	/**
	 * Cookie name.
	 *
	 * @var string
	 */
	public $name;

	/**
	 * Cookie value.
	 *
	 * @var string
	 */
	public $value;

	/**
	 * Cookie attributes
	 *
	 * Valid keys are (currently) path, domain, expires, max-age, secure and
	 * httponly.
	 *
	 * @var Requests_Utility_CaseInsensitiveDictionary|array Array-like object
	 */
	public $attributes = array();

	/**
	 * Cookie flags
	 *
	 * Valid keys are (currently) creation, last-access, persistent and
	 * host-only.
	 *
	 * @var array
	 */
	public $flags = array();

	/**
	 * Reference time for relative calculations
	 *
	 * This is used in place of `time()` when calculating Max-Age expiration and
	 * checking time validity.
	 *
	 * @var int
	 */
	public $reference_time = 0;

	/**
	 * Create a new cookie object
	 *
	 * @param string $name
	 * @param string $value
	 * @param array|Requests_Utility_CaseInsensitiveDictionary $attributes Associative array of attribute data
	 */
	public function __construct($name, $value, $attributes = array(), $flags = array(), $reference_time = null) {
		$this->name = $name;
		$this->value = $value;
		$this->attributes = $attributes;
		$default_flags = array(
			'creation' => time(),
			'last-access' => time(),
			'persistent' => false,
			'host-only' => true,
		);
		$this->flags = array_merge($default_flags, $flags);

		$this->reference_time = time();
		if ($reference_time !== null) {
			$this->reference_time = $reference_time;
		}

		$this->normalize();
	}

	/**
	 * Check if a cookie is expired.
	 *
	 * Checks the age against $this->reference_time to determine if the cookie
	 * is expired.
	 *
	 * @return boolean True if expired, false if time is valid.
	 */
	public function is_expired() {
		// RFC6265, s. 4.1.2.2:
		// If a cookie has both the Max-Age and the Expires attribute, the Max-
		// Age attribute has precedence and controls the expiration date of the
		// cookie.
		if (isset($this->attributes['max-age'])) {
			$max_age = $this->attributes['max-age'];
			return $max_age < $this->reference_time;
		}

		if (isset($this->attributes['expires'])) {
			$expires = $this->attributes['expires'];
			return $expires < $this->reference_time;
		}

		return false;
	}

	/**
	 * Check if a cookie is valid for a given URI
	 *
	 * @param Requests_IRI $uri URI to check
	 * @return boolean Whether the cookie is valid for the given URI
	 */
	public function uri_matches(Requests_IRI $uri) {
		if (!$this->domain_matches($uri->host)) {
			return false;
		}

		if (!$this->path_matches($uri->path)) {
			return false;
		}

		return empty($this->attributes['secure']) || $uri->scheme === 'https';
	}

	/**
	 * Check if a cookie is valid for a given domain
	 *
	 * @param string $string Domain to check
	 * @return boolean Whether the cookie is valid for the given domain
	 */
	public function domain_matches($string) {
		if (!isset($this->attributes['domain'])) {
			// Cookies created manually; cookies created by Requests will set
			// the domain to the requested domain
			return true;
		}

		$domain_string = $this->attributes['domain'];
		if ($domain_string === $string) {
			// The domain string and the string are identical.
			return true;
		}

		// If the cookie is marked as host-only and we don't have an exact
		// match, reject the cookie
		if ($this->flags['host-only'] === true) {
			return false;
		}

		if (strlen($string) <= strlen($domain_string)) {
			// For obvious reasons, the string cannot be a suffix if the domain
			// is shorter than the domain string
			return false;
		}

		if (substr($string, -1 * strlen($domain_string)) !== $domain_string) {
			// The domain string should be a suffix of the string.
			return false;
		}

		$prefix = substr($string, 0, strlen($string) - strlen($domain_string));
		if (substr($prefix, -1) !== '.') {
			// The last character of the string that is not included in the
			// domain string should be a %x2E (".") character.
			return false;
		}

		// The string should be a host name (i.e., not an IP address).
		return !preg_match('#^(.+\.)\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$#', $string);
	}

	/**
	 * Check if a cookie is valid for a given path
	 *
	 * From the path-match check in RFC 6265 section 5.1.4
	 *
	 * @param string $request_path Path to check
	 * @return boolean Whether the cookie is valid for the given path
	 */
	public function path_matches($request_path) {
		if (empty($request_path)) {
			// Normalize empty path to root
			$request_path = '/';
		}

		if (!isset($this->attributes['path'])) {
			// Cookies created manually; cookies created by Requests will set
			// the path to the requested path
			return true;
		}

		$cookie_path = $this->attributes['path'];

		if ($cookie_path === $request_path) {
			// The cookie-path and the request-path are identical.
			return true;
		}

		if (strlen($request_path) > strlen($cookie_path) && substr($request_path, 0, strlen($cookie_path)) === $cookie_path) {
			if (substr($cookie_path, -1) === '/') {
				// The cookie-path is a prefix of the request-path, and the last
				// character of the cookie-path is %x2F ("/").
				return true;
			}

			if (substr($request_path, strlen($cookie_path), 1) === '/') {
				// The cookie-path is a prefix of the request-path, and the
				// first character of the request-path that is not included in
				// the cookie-path is a %x2F ("/") character.
				return true;
			}
		}

		return false;
	}

	/**
	 * Normalize cookie and attributes
	 *
	 * @return boolean Whether the cookie was successfully normalized
	 */
	public function normalize() {
		foreach ($this->attributes as $key => $value) {
			$orig_value = $value;
			$value = $this->normalize_attribute($key, $value);
			if ($value === null) {
				unset($this->attributes[$key]);
				continue;
			}

			if ($value !== $orig_value) {
				$this->attributes[$key] = $value;
			}
		}

		return true;
	}

	/**
	 * Parse an individual cookie attribute
	 *
	 * Handles parsing individual attributes from the cookie values.
	 *
	 * @param string $name Attribute name
	 * @param string|boolean $value Attribute value (string value, or true if empty/flag)
	 * @return mixed Value if available, or null if the attribute value is invalid (and should be skipped)
	 */
	protected function normalize_attribute($name, $value) {
		switch (strtolower($name)) {
			case 'expires':
				// Expiration parsing, as per RFC 6265 section 5.2.1
				if (is_int($value)) {
					return $value;
				}

				$expiry_time = strtotime($value);
				if ($expiry_time === false) {
					return null;
				}

				return $expiry_time;

			case 'max-age':
				// Expiration parsing, as per RFC 6265 section 5.2.2
				if (is_int($value)) {
					return $value;
				}

				// Check that we have a valid age
				if (!preg_match('/^-?\d+$/', $value)) {
					return null;
				}

				$delta_seconds = (int) $value;
				if ($delta_seconds <= 0) {
					$expiry_time = 0;
				}
				else {
					$expiry_time = $this->reference_time + $delta_seconds;
				}

				return $expiry_time;

			case 'domain':
				// Domain normalization, as per RFC 6265 section 5.2.3
				if ($value[0] === '.') {
					$value = substr($value, 1);
				}

				return $value;

			default:
				return $value;
		}
	}

	/**
	 * Format a cookie for a Cookie header
	 *
	 * This is used when sending cookies to a server.
	 *
	 * @return string Cookie formatted for Cookie header
	 */
	public function format_for_header() {
		return sprintf('%s=%s', $this->name, $this->value);
	}

	/**
	 * Format a cookie for a Cookie header
	 *
	 * @codeCoverageIgnore
	 * @deprecated Use {@see Requests_Cookie::format_for_header}
	 * @return string
	 */
	public function formatForHeader() {
		return $this->format_for_header();
	}

	/**
	 * Format a cookie for a Set-Cookie header
	 *
	 * This is used when sending cookies to clients. This isn't really
	 * applicable to client-side usage, but might be handy for debugging.
	 *
	 * @return string Cookie formatted for Set-Cookie header
	 */
	public function format_for_set_cookie() {
		$header_value = $this->format_for_header();
		if (!empty($this->attributes)) {
			$parts = array();
			foreach ($this->attributes as $key => $value) {
				// Ignore non-associative attributes
				if (is_numeric($key)) {
					$parts[] = $value;
				}
				else {
					$parts[] = sprintf('%s=%s', $key, $value);
				}
			}

			$header_value .= '; ' . implode('; ', $parts);
		}
		return $header_value;
	}

	/**
	 * Format a cookie for a Set-Cookie header
	 *
	 * @codeCoverageIgnore
	 * @deprecated Use {@see Requests_Cookie::format_for_set_cookie}
	 * @return string
	 */
	public function formatForSetCookie() {
		return $this->format_for_set_cookie();
	}

	/**
	 * Get the cookie value
	 *
	 * Attributes and other data can be accessed via methods.
	 */
	public function __toString() {
		return $this->value;
	}

	/**
	 * Parse a cookie string into a cookie object
	 *
	 * Based on Mozilla's parsing code in Firefox and related projects, which
	 * is an intentional deviation from RFC 2109 and RFC 2616. RFC 6265
	 * specifies some of this handling, but not in a thorough manner.
	 *
	 * @param string Cookie header value (from a Set-Cookie header)
	 * @return Requests_Cookie Parsed cookie object
	 */
	public static function parse($string, $name = '', $reference_time = null) {
		$parts = explode(';', $string);
		$kvparts = array_shift($parts);

		if (!empty($name)) {
			$value = $string;
		}
		elseif (strpos($kvparts, '=') === false) {
			// Some sites might only have a value without the equals separator.
			// Deviate from RFC 6265 and pretend it was actually a blank name
			// (`=foo`)
			//
			// https://bugzilla.mozilla.org/show_bug.cgi?id=169091
			$name = '';
			$value = $kvparts;
		}
		else {
			list($name, $value) = explode('=', $kvparts, 2);
		}
		$name = trim($name);
		$value = trim($value);

		// Attribute key are handled case-insensitively
		$attributes = new Requests_Utility_CaseInsensitiveDictionary();

		if (!empty($parts)) {
			foreach ($parts as $part) {
				if (strpos($part, '=') === false) {
					$part_key = $part;
					$part_value = true;
				}
				else {
					list($part_key, $part_value) = explode('=', $part, 2);
					$part_value = trim($part_value);
				}

				$part_key = trim($part_key);
				$attributes[$part_key] = $part_value;
			}
		}

		return new Requests_Cookie($name, $value, $attributes, array(), $reference_time);
	}

	/**
	 * Parse all Set-Cookie headers from request headers
	 *
	 * @param Requests_Response_Headers $headers Headers to parse from
	 * @param Requests_IRI|null $origin URI for comparing cookie origins
	 * @param int|null $time Reference time for expiration calculation
	 * @return array
	 */
	public static function parse_from_headers(Requests_Response_Headers $headers, Requests_IRI $origin = null, $time = null) {
		$cookie_headers = $headers->getValues('Set-Cookie');
		if (empty($cookie_headers)) {
			return array();
		}

		$cookies = array();
		foreach ($cookie_headers as $header) {
			$parsed = self::parse($header, '', $time);

			// Default domain/path attributes
			if (empty($parsed->attributes['domain']) && !empty($origin)) {
				$parsed->attributes['domain'] = $origin->host;
				$parsed->flags['host-only'] = true;
			}
			else {
				$parsed->flags['host-only'] = false;
			}

			$path_is_valid = (!empty($parsed->attributes['path']) && $parsed->attributes['path'][0] === '/');
			if (!$path_is_valid && !empty($origin)) {
				$path = $origin->path;

				// Default path normalization as per RFC 6265 section 5.1.4
				if (substr($path, 0, 1) !== '/') {
					// If the uri-path is empty or if the first character of
					// the uri-path is not a %x2F ("/") character, output
					// %x2F ("/") and skip the remaining steps.
					$path = '/';
				}
				elseif (substr_count($path, '/') === 1) {
					// If the uri-path contains no more than one %x2F ("/")
					// character, output %x2F ("/") and skip the remaining
					// step.
					$path = '/';
				}
				else {
					// Output the characters of the uri-path from the first
					// character up to, but not including, the right-most
					// %x2F ("/").
					$path = substr($path, 0, strrpos($path, '/'));
				}
				$parsed->attributes['path'] = $path;
			}

			// Reject invalid cookie domains
			if (!empty($origin) && !$parsed->domain_matches($origin->host)) {
				continue;
			}

			$cookies[$parsed->name] = $parsed;
		}

		return $cookies;
	}

	/**
	 * Parse all Set-Cookie headers from request headers
	 *
	 * @codeCoverageIgnore
	 * @deprecated Use {@see Requests_Cookie::parse_from_headers}
	 * @return string
	 */
	public static function parseFromHeaders(Requests_Response_Headers $headers) {
		return self::parse_from_headers($headers);
	}
}



1			<?php
2			/**
3			* Cookie storage object
4			*
5			* @package Requests
6			* @subpackage Cookies
7			*/
8
9			/**
10			* Cookie storage object
11			*
12			* @package Requests
13			* @subpackage Cookies
14			*/
15			class Requests_Cookie {
16			/**
17			* Cookie name.
18			*
19			* @var string
20			*/
21			public $name;
22
23			/**
24			* Cookie value.
25			*
26			* @var string
27			*/
28			public $value;
29
30			/**
31			* Cookie attributes
32			*
33			* Valid keys are (currently) path, domain, expires, max-age, secure and
34			* httponly.
35			*
36			* @var Requests_Utility_CaseInsensitiveDictionary\|array Array-like object
37			*/
38			public $attributes = array();
39
40			/**
41			* Cookie flags
42			*
43			* Valid keys are (currently) creation, last-access, persistent and
44			* host-only.
45			*
46			* @var array
47			*/
48			public $flags = array();
49
50			/**
51			* Reference time for relative calculations
52			*
53			* This is used in place of `time()` when calculating Max-Age expiration and
54			* checking time validity.
55			*
56			* @var int
57			*/
58			public $reference_time = 0;
59
60			/**
61			* Create a new cookie object
62			*
63			* @param string $name
64			* @param string $value
65			* @param array\|Requests_Utility_CaseInsensitiveDictionary $attributes Associative array of attribute data
66			*/
67			public function __construct($name, $value, $attributes = array(), $flags = array(), $reference_time = null) {
68			$this->name = $name;
69			$this->value = $value;
70			$this->attributes = $attributes;
71			$default_flags = array(
72			'creation' => time(),
73			'last-access' => time(),
74			'persistent' => false,
75			'host-only' => true,
76			);
77			$this->flags = array_merge($default_flags, $flags);
78
79			$this->reference_time = time();
80			if ($reference_time !== null) {
81			$this->reference_time = $reference_time;
82			}
83
84			$this->normalize();
85			}
86
87			/**
88			* Check if a cookie is expired.
89			*
90			* Checks the age against $this->reference_time to determine if the cookie
91			* is expired.
92			*
93			* @return boolean True if expired, false if time is valid.
94			*/
95			public function is_expired() {
96			// RFC6265, s. 4.1.2.2:
97			// If a cookie has both the Max-Age and the Expires attribute, the Max-
98			// Age attribute has precedence and controls the expiration date of the
99			// cookie.
100			if (isset($this->attributes['max-age'])) {
101			$max_age = $this->attributes['max-age'];
102			return $max_age < $this->reference_time;
103			}
104
105			if (isset($this->attributes['expires'])) {
106			$expires = $this->attributes['expires'];
107			return $expires < $this->reference_time;
108			}
109
110			return false;
111			}
112
113			/**
114			* Check if a cookie is valid for a given URI
115			*
116			* @param Requests_IRI $uri URI to check
117			* @return boolean Whether the cookie is valid for the given URI
118			*/
119			public function uri_matches(Requests_IRI $uri) {
120			if (!$this->domain_matches($uri->host)) {
121			return false;
122			}
123
124			if (!$this->path_matches($uri->path)) {
125			return false;
126			}
127
128			return empty($this->attributes['secure']) \|\| $uri->scheme === 'https';
129			}
130
131			/**
132			* Check if a cookie is valid for a given domain
133			*
134			* @param string $string Domain to check
135			* @return boolean Whether the cookie is valid for the given domain
136			*/
137			public function domain_matches($string) {
138			if (!isset($this->attributes['domain'])) {
139			// Cookies created manually; cookies created by Requests will set
140			// the domain to the requested domain
141			return true;
142			}
143
144			$domain_string = $this->attributes['domain'];
145			if ($domain_string === $string) {
146			// The domain string and the string are identical.
147			return true;
148			}
149
150			// If the cookie is marked as host-only and we don't have an exact
151			// match, reject the cookie
152			if ($this->flags['host-only'] === true) {
153			return false;
154			}
155
156			if (strlen($string) <= strlen($domain_string)) {
157			// For obvious reasons, the string cannot be a suffix if the domain
158			// is shorter than the domain string
159			return false;
160			}
161
162			if (substr($string, -1 * strlen($domain_string)) !== $domain_string) {
163			// The domain string should be a suffix of the string.
164			return false;
165			}
166
167			$prefix = substr($string, 0, strlen($string) - strlen($domain_string));
168			if (substr($prefix, -1) !== '.') {
169			// The last character of the string that is not included in the
170			// domain string should be a %x2E (".") character.
171			return false;
172			}
173
174			// The string should be a host name (i.e., not an IP address).
175			return !preg_match('#^(.+\.)\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$#', $string);
176			}
177
178			/**
179			* Check if a cookie is valid for a given path
180			*
181			* From the path-match check in RFC 6265 section 5.1.4
182			*
183			* @param string $request_path Path to check
184			* @return boolean Whether the cookie is valid for the given path
185			*/
186			public function path_matches($request_path) {
187			if (empty($request_path)) {
188			// Normalize empty path to root
189			$request_path = '/';
190			}
191
192			if (!isset($this->attributes['path'])) {
193			// Cookies created manually; cookies created by Requests will set
194			// the path to the requested path
195			return true;
196			}
197
198			$cookie_path = $this->attributes['path'];
199
200			if ($cookie_path === $request_path) {
201			// The cookie-path and the request-path are identical.
202			return true;
203			}
204
205			if (strlen($request_path) > strlen($cookie_path) && substr($request_path, 0, strlen($cookie_path)) === $cookie_path) {
206			if (substr($cookie_path, -1) === '/') {
207			// The cookie-path is a prefix of the request-path, and the last
208			// character of the cookie-path is %x2F ("/").
209			return true;
210			}
211
212			if (substr($request_path, strlen($cookie_path), 1) === '/') {
213			// The cookie-path is a prefix of the request-path, and the
214			// first character of the request-path that is not included in
215			// the cookie-path is a %x2F ("/") character.
216			return true;
217			}
218			}
219
220			return false;
221			}
222
223			/**
224			* Normalize cookie and attributes
225			*
226			* @return boolean Whether the cookie was successfully normalized
227			*/
228			public function normalize() {
229			foreach ($this->attributes as $key => $value) {
230			$orig_value = $value;
231			$value = $this->normalize_attribute($key, $value);
232			if ($value === null) {
233			unset($this->attributes[$key]);
234			continue;
235			}
236
237			if ($value !== $orig_value) {
238			$this->attributes[$key] = $value;
239			}
240			}
241
242			return true;
243			}
244
245			/**
246			* Parse an individual cookie attribute
247			*
248			* Handles parsing individual attributes from the cookie values.
249			*
250			* @param string $name Attribute name
251			* @param string\|boolean $value Attribute value (string value, or true if empty/flag)
252			* @return mixed Value if available, or null if the attribute value is invalid (and should be skipped)
253			*/
254			protected function normalize_attribute($name, $value) {
255			switch (strtolower($name)) {
256			case 'expires':
257			// Expiration parsing, as per RFC 6265 section 5.2.1
258			if (is_int($value)) {
259			return $value;
260			}
261
262			$expiry_time = strtotime($value);
263			if ($expiry_time === false) {
264			return null;
265			}
266
267			return $expiry_time;
268
269			case 'max-age':
270			// Expiration parsing, as per RFC 6265 section 5.2.2
271			if (is_int($value)) {
272			return $value;
273			}
274
275			// Check that we have a valid age
276			if (!preg_match('/^-?\d+$/', $value)) {
277			return null;
278			}
279
280			$delta_seconds = (int) $value;
281			if ($delta_seconds <= 0) {
282			$expiry_time = 0;
283			}
284			else {
285			$expiry_time = $this->reference_time + $delta_seconds;
286			}
287
288			return $expiry_time;
289
290			case 'domain':
291			// Domain normalization, as per RFC 6265 section 5.2.3
292			if ($value[0] === '.') {
293			$value = substr($value, 1);
294			}
295
296			return $value;
297
298			default:
299			return $value;
300			}
301			}
302
303			/**
304			* Format a cookie for a Cookie header
305			*
306			* This is used when sending cookies to a server.
307			*
308			* @return string Cookie formatted for Cookie header
309			*/
310			public function format_for_header() {
311			return sprintf('%s=%s', $this->name, $this->value);
312			}
313
314			/**
315			* Format a cookie for a Cookie header
316			*
317			* @codeCoverageIgnore
318			* @deprecated Use {@see Requests_Cookie::format_for_header}
319			* @return string
320			*/
321			public function formatForHeader() {
322			return $this->format_for_header();
323			}
324
325			/**
326			* Format a cookie for a Set-Cookie header
327			*
328			* This is used when sending cookies to clients. This isn't really
329			* applicable to client-side usage, but might be handy for debugging.
330			*
331			* @return string Cookie formatted for Set-Cookie header
332			*/
333			public function format_for_set_cookie() {
334			$header_value = $this->format_for_header();
335			if (!empty($this->attributes)) {
336			$parts = array();
337			foreach ($this->attributes as $key => $value) {
338			// Ignore non-associative attributes
339			if (is_numeric($key)) {
340			$parts[] = $value;
341			}
342			else {
343			$parts[] = sprintf('%s=%s', $key, $value);
344			}
345			}
346
347			$header_value .= '; ' . implode('; ', $parts);
348			}
349			return $header_value;
350			}
351
352			/**
353			* Format a cookie for a Set-Cookie header
354			*
355			* @codeCoverageIgnore
356			* @deprecated Use {@see Requests_Cookie::format_for_set_cookie}
357			* @return string
358			*/
359			public function formatForSetCookie() {
360			return $this->format_for_set_cookie();
361			}
362
363			/**
364			* Get the cookie value
365			*
366			* Attributes and other data can be accessed via methods.
367			*/
368			public function __toString() {
369			return $this->value;
370			}
371
372			/**
373			* Parse a cookie string into a cookie object
374			*
375			* Based on Mozilla's parsing code in Firefox and related projects, which
376			* is an intentional deviation from RFC 2109 and RFC 2616. RFC 6265
377			* specifies some of this handling, but not in a thorough manner.
378			*
379			* @param string Cookie header value (from a Set-Cookie header)
380			* @return Requests_Cookie Parsed cookie object
381			*/
382			public static function parse($string, $name = '', $reference_time = null) {
383			$parts = explode(';', $string);
384			$kvparts = array_shift($parts);
385
386			if (!empty($name)) {
387			$value = $string;
388			}
389			elseif (strpos($kvparts, '=') === false) {
390			// Some sites might only have a value without the equals separator.
391			// Deviate from RFC 6265 and pretend it was actually a blank name
392			// (`=foo`)
393			//
394			// https://bugzilla.mozilla.org/show_bug.cgi?id=169091
395			$name = '';
396			$value = $kvparts;
397			}
398			else {
399			list($name, $value) = explode('=', $kvparts, 2);
400			}
401			$name = trim($name);
402			$value = trim($value);
403
404			// Attribute key are handled case-insensitively
405			$attributes = new Requests_Utility_CaseInsensitiveDictionary();
406
407			if (!empty($parts)) {
408			foreach ($parts as $part) {
409			if (strpos($part, '=') === false) {
410			$part_key = $part;
411			$part_value = true;
412			}
413			else {
414			list($part_key, $part_value) = explode('=', $part, 2);
415			$part_value = trim($part_value);
416			}
417
418			$part_key = trim($part_key);
419			$attributes[$part_key] = $part_value;
420			}
421			}
422
423			return new Requests_Cookie($name, $value, $attributes, array(), $reference_time);
424			}
425
426			/**
427			* Parse all Set-Cookie headers from request headers
428			*
429			* @param Requests_Response_Headers $headers Headers to parse from
430			* @param Requests_IRI\|null $origin URI for comparing cookie origins
431			* @param int\|null $time Reference time for expiration calculation
432			* @return array
433			*/
434			public static function parse_from_headers(Requests_Response_Headers $headers, Requests_IRI $origin = null, $time = null) {
435			$cookie_headers = $headers->getValues('Set-Cookie');
436			if (empty($cookie_headers)) {
437			return array();
438			}
439
440			$cookies = array();
441			foreach ($cookie_headers as $header) {
442			$parsed = self::parse($header, '', $time);
443
444			// Default domain/path attributes
445			if (empty($parsed->attributes['domain']) && !empty($origin)) {
446			$parsed->attributes['domain'] = $origin->host;
447			$parsed->flags['host-only'] = true;
448			}
449			else {
450			$parsed->flags['host-only'] = false;
451			}
452
453			$path_is_valid = (!empty($parsed->attributes['path']) && $parsed->attributes['path'][0] === '/');
454			if (!$path_is_valid && !empty($origin)) {
455			$path = $origin->path;
456
457			// Default path normalization as per RFC 6265 section 5.1.4
458			if (substr($path, 0, 1) !== '/') {
459			// If the uri-path is empty or if the first character of
460			// the uri-path is not a %x2F ("/") character, output
461			// %x2F ("/") and skip the remaining steps.
462			$path = '/';
463			}
464			elseif (substr_count($path, '/') === 1) {
465			// If the uri-path contains no more than one %x2F ("/")
466			// character, output %x2F ("/") and skip the remaining
467			// step.
468			$path = '/';
469			}
470			else {
471			// Output the characters of the uri-path from the first
472			// character up to, but not including, the right-most
473			// %x2F ("/").
474			$path = substr($path, 0, strrpos($path, '/'));
475			}
476			$parsed->attributes['path'] = $path;
477			}
478
479			// Reject invalid cookie domains
480			if (!empty($origin) && !$parsed->domain_matches($origin->host)) {
481			continue;
482			}
483
484			$cookies[$parsed->name] = $parsed;
485			}
486
487			return $cookies;
488			}
489
490			/**
491			* Parse all Set-Cookie headers from request headers
492			*
493			* @codeCoverageIgnore
494			* @deprecated Use {@see Requests_Cookie::parse_from_headers}
495			* @return string
496			*/
497			public static function parseFromHeaders(Requests_Response_Headers $headers) {
498			return self::parse_from_headers($headers);
499			}
500			}
			0 ignored issues – show Coding Style introduced 2016-11-20 17:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this As per coding style, files should not end with a newline character. This check marks files that end in a newline character, i.e. an empy line. Loading history...
501

mmainstreet / jodel-web

Push — master ( 62cb27...c16962 )

php/Requests/libary/Requests/Cookie.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like