123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424 |
- <?php
- /*
- * This file is part of the Symfony package.
- *
- * (c) Fabien Potencier <fabien@symfony.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
- namespace Symfony\Component\HttpFoundation;
- /**
- * Represents a cookie.
- *
- * @author Johannes M. Schmitt <schmittjoh@gmail.com>
- */
- class Cookie
- {
- public const SAMESITE_NONE = 'none';
- public const SAMESITE_LAX = 'lax';
- public const SAMESITE_STRICT = 'strict';
- protected $name;
- protected $value;
- protected $domain;
- protected $expire;
- protected $path;
- protected $secure;
- protected $httpOnly;
- private $raw;
- private $sameSite;
- private $secureDefault = false;
- private static $reservedCharsList = "=,; \t\r\n\v\f";
- private const RESERVED_CHARS_FROM = ['=', ',', ';', ' ', "\t", "\r", "\n", "\v", "\f"];
- private const RESERVED_CHARS_TO = ['%3D', '%2C', '%3B', '%20', '%09', '%0D', '%0A', '%0B', '%0C'];
- /**
- * Creates cookie from raw header string.
- *
- * @return static
- */
- public static function fromString(string $cookie, bool $decode = false)
- {
- $data = [
- 'expires' => 0,
- 'path' => '/',
- 'domain' => null,
- 'secure' => false,
- 'httponly' => false,
- 'raw' => !$decode,
- 'samesite' => null,
- ];
- $parts = HeaderUtils::split($cookie, ';=');
- $part = array_shift($parts);
- $name = $decode ? urldecode($part[0]) : $part[0];
- $value = isset($part[1]) ? ($decode ? urldecode($part[1]) : $part[1]) : null;
- $data = HeaderUtils::combine($parts) + $data;
- $data['expires'] = self::expiresTimestamp($data['expires']);
- if (isset($data['max-age']) && ($data['max-age'] > 0 || $data['expires'] > time())) {
- $data['expires'] = time() + (int) $data['max-age'];
- }
- return new static($name, $value, $data['expires'], $data['path'], $data['domain'], $data['secure'], $data['httponly'], $data['raw'], $data['samesite']);
- }
- public static function create(string $name, string $value = null, $expire = 0, ?string $path = '/', string $domain = null, bool $secure = null, bool $httpOnly = true, bool $raw = false, ?string $sameSite = self::SAMESITE_LAX): self
- {
- return new self($name, $value, $expire, $path, $domain, $secure, $httpOnly, $raw, $sameSite);
- }
- /**
- * @param string $name The name of the cookie
- * @param string|null $value The value of the cookie
- * @param int|string|\DateTimeInterface $expire The time the cookie expires
- * @param string $path The path on the server in which the cookie will be available on
- * @param string|null $domain The domain that the cookie is available to
- * @param bool|null $secure Whether the client should send back the cookie only over HTTPS or null to auto-enable this when the request is already using HTTPS
- * @param bool $httpOnly Whether the cookie will be made accessible only through the HTTP protocol
- * @param bool $raw Whether the cookie value should be sent with no url encoding
- * @param string|null $sameSite Whether the cookie will be available for cross-site requests
- *
- * @throws \InvalidArgumentException
- */
- public function __construct(string $name, string $value = null, $expire = 0, ?string $path = '/', string $domain = null, bool $secure = null, bool $httpOnly = true, bool $raw = false, ?string $sameSite = 'lax')
- {
- // from PHP source code
- if ($raw && false !== strpbrk($name, self::$reservedCharsList)) {
- throw new \InvalidArgumentException(sprintf('The cookie name "%s" contains invalid characters.', $name));
- }
- if (empty($name)) {
- throw new \InvalidArgumentException('The cookie name cannot be empty.');
- }
- $this->name = $name;
- $this->value = $value;
- $this->domain = $domain;
- $this->expire = self::expiresTimestamp($expire);
- $this->path = empty($path) ? '/' : $path;
- $this->secure = $secure;
- $this->httpOnly = $httpOnly;
- $this->raw = $raw;
- $this->sameSite = $this->withSameSite($sameSite)->sameSite;
- }
- /**
- * Creates a cookie copy with a new value.
- *
- * @return static
- */
- public function withValue(?string $value): self
- {
- $cookie = clone $this;
- $cookie->value = $value;
- return $cookie;
- }
- /**
- * Creates a cookie copy with a new domain that the cookie is available to.
- *
- * @return static
- */
- public function withDomain(?string $domain): self
- {
- $cookie = clone $this;
- $cookie->domain = $domain;
- return $cookie;
- }
- /**
- * Creates a cookie copy with a new time the cookie expires.
- *
- * @param int|string|\DateTimeInterface $expire
- *
- * @return static
- */
- public function withExpires($expire = 0): self
- {
- $cookie = clone $this;
- $cookie->expire = self::expiresTimestamp($expire);
- return $cookie;
- }
- /**
- * Converts expires formats to a unix timestamp.
- *
- * @param int|string|\DateTimeInterface $expire
- *
- * @return int
- */
- private static function expiresTimestamp($expire = 0)
- {
- // convert expiration time to a Unix timestamp
- if ($expire instanceof \DateTimeInterface) {
- $expire = $expire->format('U');
- } elseif (!is_numeric($expire)) {
- $expire = strtotime($expire);
- if (false === $expire) {
- throw new \InvalidArgumentException('The cookie expiration time is not valid.');
- }
- }
- return 0 < $expire ? (int) $expire : 0;
- }
- /**
- * Creates a cookie copy with a new path on the server in which the cookie will be available on.
- *
- * @return static
- */
- public function withPath(string $path): self
- {
- $cookie = clone $this;
- $cookie->path = '' === $path ? '/' : $path;
- return $cookie;
- }
- /**
- * Creates a cookie copy that only be transmitted over a secure HTTPS connection from the client.
- *
- * @return static
- */
- public function withSecure(bool $secure = true): self
- {
- $cookie = clone $this;
- $cookie->secure = $secure;
- return $cookie;
- }
- /**
- * Creates a cookie copy that be accessible only through the HTTP protocol.
- *
- * @return static
- */
- public function withHttpOnly(bool $httpOnly = true): self
- {
- $cookie = clone $this;
- $cookie->httpOnly = $httpOnly;
- return $cookie;
- }
- /**
- * Creates a cookie copy that uses no url encoding.
- *
- * @return static
- */
- public function withRaw(bool $raw = true): self
- {
- if ($raw && false !== strpbrk($this->name, self::$reservedCharsList)) {
- throw new \InvalidArgumentException(sprintf('The cookie name "%s" contains invalid characters.', $this->name));
- }
- $cookie = clone $this;
- $cookie->raw = $raw;
- return $cookie;
- }
- /**
- * Creates a cookie copy with SameSite attribute.
- *
- * @return static
- */
- public function withSameSite(?string $sameSite): self
- {
- if ('' === $sameSite) {
- $sameSite = null;
- } elseif (null !== $sameSite) {
- $sameSite = strtolower($sameSite);
- }
- if (!\in_array($sameSite, [self::SAMESITE_LAX, self::SAMESITE_STRICT, self::SAMESITE_NONE, null], true)) {
- throw new \InvalidArgumentException('The "sameSite" parameter value is not valid.');
- }
- $cookie = clone $this;
- $cookie->sameSite = $sameSite;
- return $cookie;
- }
- /**
- * Returns the cookie as a string.
- *
- * @return string The cookie
- */
- public function __toString()
- {
- if ($this->isRaw()) {
- $str = $this->getName();
- } else {
- $str = str_replace(self::RESERVED_CHARS_FROM, self::RESERVED_CHARS_TO, $this->getName());
- }
- $str .= '=';
- if ('' === (string) $this->getValue()) {
- $str .= 'deleted; expires='.gmdate('D, d-M-Y H:i:s T', time() - 31536001).'; Max-Age=0';
- } else {
- $str .= $this->isRaw() ? $this->getValue() : rawurlencode($this->getValue());
- if (0 !== $this->getExpiresTime()) {
- $str .= '; expires='.gmdate('D, d-M-Y H:i:s T', $this->getExpiresTime()).'; Max-Age='.$this->getMaxAge();
- }
- }
- if ($this->getPath()) {
- $str .= '; path='.$this->getPath();
- }
- if ($this->getDomain()) {
- $str .= '; domain='.$this->getDomain();
- }
- if (true === $this->isSecure()) {
- $str .= '; secure';
- }
- if (true === $this->isHttpOnly()) {
- $str .= '; httponly';
- }
- if (null !== $this->getSameSite()) {
- $str .= '; samesite='.$this->getSameSite();
- }
- return $str;
- }
- /**
- * Gets the name of the cookie.
- *
- * @return string
- */
- public function getName()
- {
- return $this->name;
- }
- /**
- * Gets the value of the cookie.
- *
- * @return string|null
- */
- public function getValue()
- {
- return $this->value;
- }
- /**
- * Gets the domain that the cookie is available to.
- *
- * @return string|null
- */
- public function getDomain()
- {
- return $this->domain;
- }
- /**
- * Gets the time the cookie expires.
- *
- * @return int
- */
- public function getExpiresTime()
- {
- return $this->expire;
- }
- /**
- * Gets the max-age attribute.
- *
- * @return int
- */
- public function getMaxAge()
- {
- $maxAge = $this->expire - time();
- return 0 >= $maxAge ? 0 : $maxAge;
- }
- /**
- * Gets the path on the server in which the cookie will be available on.
- *
- * @return string
- */
- public function getPath()
- {
- return $this->path;
- }
- /**
- * Checks whether the cookie should only be transmitted over a secure HTTPS connection from the client.
- *
- * @return bool
- */
- public function isSecure()
- {
- return $this->secure ?? $this->secureDefault;
- }
- /**
- * Checks whether the cookie will be made accessible only through the HTTP protocol.
- *
- * @return bool
- */
- public function isHttpOnly()
- {
- return $this->httpOnly;
- }
- /**
- * Whether this cookie is about to be cleared.
- *
- * @return bool
- */
- public function isCleared()
- {
- return 0 !== $this->expire && $this->expire < time();
- }
- /**
- * Checks if the cookie value should be sent with no url encoding.
- *
- * @return bool
- */
- public function isRaw()
- {
- return $this->raw;
- }
- /**
- * Gets the SameSite attribute.
- *
- * @return string|null
- */
- public function getSameSite()
- {
- return $this->sameSite;
- }
- /**
- * @param bool $default The default value of the "secure" flag when it is set to null
- */
- public function setSecureDefault(bool $default): void
- {
- $this->secureDefault = $default;
- }
- }
|