|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* this file is part of magerun |
|
4
|
|
|
* |
|
5
|
|
|
* @author Tom Klingenberg <https://github.com/ktomk> |
|
6
|
|
|
*/ |
|
7
|
|
|
namespace N98\Magento\Command\System\Check\Settings; |
|
8
|
|
|
|
|
9
|
|
|
use N98\Magento\Command\System\Check\Result; |
|
10
|
|
|
|
|
11
|
|
|
/** |
|
12
|
|
|
* Class CookieDomainCheckAbstract |
|
13
|
|
|
* |
|
14
|
|
|
* @package N98\Magento\Command\System\Check\Settings |
|
15
|
|
|
*/ |
|
16
|
|
|
abstract class CookieDomainCheckAbstract extends CheckAbstract |
|
17
|
|
|
{ |
|
18
|
|
|
protected $class = 'abstract'; |
|
19
|
|
|
|
|
20
|
|
|
public function initConfigPaths() |
|
21
|
|
|
{ |
|
22
|
|
|
$this->registerStoreConfigPath('baseUrl', 'web/' . $this->class . '/base_url'); |
|
23
|
|
|
$this->registerStoreConfigPath('cookieDomain', 'web/cookie/cookie_domain'); |
|
24
|
|
|
} |
|
25
|
|
|
|
|
26
|
|
|
/** |
|
27
|
|
|
* @param Result $result |
|
28
|
|
|
* @param \Mage_Core_Model_Store $store |
|
29
|
|
|
* @param string $baseUrl setting |
|
30
|
|
|
* @param string $cookieDomain setting |
|
31
|
|
|
*/ |
|
32
|
|
|
protected function checkSettings(Result $result, \Mage_Core_Model_Store $store, $baseUrl, $cookieDomain) |
|
33
|
|
|
{ |
|
34
|
|
|
$errorMessage = 'cookie-domain and ' . $this->class . ' base-URL do not match'; |
|
35
|
|
|
|
|
36
|
|
|
if (strlen($cookieDomain)) { |
|
37
|
|
|
$isValid = $this->validateCookieDomainAgainstUrl($cookieDomain, $baseUrl); |
|
38
|
|
|
|
|
39
|
|
|
$result->setStatus($isValid); |
|
40
|
|
|
|
|
41
|
|
View Code Duplication |
if ($isValid) { |
|
|
|
|
|
|
42
|
|
|
$result->setMessage( |
|
43
|
|
|
'<info>Cookie Domain (' . $this->class . '): <comment>' . $cookieDomain . |
|
44
|
|
|
'</comment> of Store: <comment>' . $store->getCode() . '</comment> - OK</info>' |
|
45
|
|
|
); |
|
46
|
|
|
} else { |
|
47
|
|
|
$result->setMessage( |
|
48
|
|
|
'<error>Cookie Domain (' . $this->class . '): <comment>' . $cookieDomain . |
|
49
|
|
|
'</comment> of Store: <comment>' . $store->getCode() . '</comment> - ERROR: ' . $errorMessage . |
|
50
|
|
|
'</error>' |
|
51
|
|
|
); |
|
52
|
|
|
} |
|
53
|
|
|
} else { |
|
54
|
|
|
$result->setMessage( |
|
55
|
|
|
'<info>Empty cookie Domain (' . $this->class . ') of Store: <comment>' . $store->getCode() . |
|
56
|
|
|
'</comment> - OK</info>' |
|
57
|
|
|
); |
|
58
|
|
|
} |
|
59
|
|
|
} |
|
60
|
|
|
|
|
61
|
|
|
/** |
|
62
|
|
|
* simplified cookie domain against base-URL validation |
|
63
|
|
|
* |
|
64
|
|
|
* it follows the following (incomplete) verification: |
|
65
|
|
|
* |
|
66
|
|
|
* - the site-domain is extracted from the base-url |
|
67
|
|
|
* - site-domain and cookie-domain are normalized by making them lowercase |
|
68
|
|
|
* - if the site-domain is empty, the check returns false because it's moot |
|
69
|
|
|
* - if the cookie-domain is smaller than three, the check returns false because it's moot |
|
70
|
|
|
* - if the cookie-domain does not start with a dot ("."), and the whole matches site-domain return true. |
|
71
|
|
|
* - otherwise the dot is removed and the cookie-domain is now with removed starting dot. |
|
72
|
|
|
* - the cookie domain must be the suffix of the site-domain and the remaining prefix of site-domain must end with |
|
73
|
|
|
* a dot. returns true/false |
|
74
|
|
|
* |
|
75
|
|
|
* @param string $cookieDomain |
|
76
|
|
|
* @param string $siteUrl |
|
77
|
|
|
* |
|
78
|
|
|
* @return bool |
|
79
|
|
|
*/ |
|
80
|
|
|
public function validateCookieDomainAgainstUrl($cookieDomain, $siteUrl) |
|
81
|
|
|
{ |
|
82
|
|
|
$siteDomain = strtolower(parse_url($siteUrl, PHP_URL_HOST)); |
|
83
|
|
|
$siteLen = strlen($siteDomain); |
|
84
|
|
|
|
|
85
|
|
|
if (0 === $siteLen) { |
|
86
|
|
|
return false; |
|
87
|
|
|
} |
|
88
|
|
|
|
|
89
|
|
|
$cookieDomain = strtolower($cookieDomain); |
|
90
|
|
|
$cookieLen = strlen($cookieDomain); |
|
91
|
|
|
|
|
92
|
|
|
if (3 > $cookieLen) { |
|
93
|
|
|
return false; |
|
94
|
|
|
} |
|
95
|
|
|
|
|
96
|
|
|
$hasLeadingDot = $cookieDomain[0] === '.'; |
|
97
|
|
|
if ($hasLeadingDot) { |
|
98
|
|
|
$cookieDomain = substr($cookieDomain, 1); |
|
99
|
|
|
$cookieLen = strlen($cookieDomain); |
|
100
|
|
|
} elseif ($siteDomain === $cookieDomain) { |
|
101
|
|
|
return true; |
|
102
|
|
|
} |
|
103
|
|
|
|
|
104
|
|
|
// cookie domain must at least contain a SLD.TLD, no match or match at offset 0 for '.' invalidates |
|
105
|
|
|
if (!strpos($cookieDomain, '.')) { |
|
106
|
|
|
return false; |
|
107
|
|
|
} |
|
108
|
|
|
|
|
109
|
|
|
$suffix = substr($siteDomain, -$cookieLen); |
|
110
|
|
|
|
|
111
|
|
|
if ($suffix !== $cookieDomain) { |
|
112
|
|
|
return false; |
|
113
|
|
|
} |
|
114
|
|
|
|
|
115
|
|
|
$prefix = substr($siteDomain, 0, -$cookieLen); |
|
116
|
|
|
if (0 === strlen($prefix)) { |
|
117
|
|
|
return false; |
|
118
|
|
|
} |
|
119
|
|
|
|
|
120
|
|
|
if (substr($prefix, -1) !== '.') { |
|
121
|
|
|
return false; |
|
122
|
|
|
} |
|
123
|
|
|
|
|
124
|
|
|
return true; |
|
125
|
|
|
} |
|
126
|
|
|
} |
|
127
|
|
|
|
netz98 /
n98-magerun
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.