Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
0.00% |
0 / 27 |
|
0.00% |
0 / 1 |
CRAP | n/a |
0 / 0 |
|
| jetpack_shim_setcookie | |
0.00% |
0 / 27 |
|
0.00% |
0 / 1 |
272 | |||
| 1 | <?php // phpcs:ignore WordPress.Files.FileName.NotHyphenatedLowercase |
| 2 | /** |
| 3 | * This file is meant to be the home for any function handling cookies that can |
| 4 | * be accessed anywhere within Jetpack. |
| 5 | * |
| 6 | * This file is loaded whether or not Jetpack is connected to WP.com. |
| 7 | * |
| 8 | * @package automattic/jetpack |
| 9 | */ |
| 10 | |
| 11 | /** |
| 12 | * A PHP 7.0 compatible version of the array argument version of PHP 7.3's setcookie(). |
| 13 | * |
| 14 | * Useful for setting SameSite cookies in PHP 7.2 or earlier. |
| 15 | * |
| 16 | * @param string $name Name of the cookie. |
| 17 | * @param string $value Value of the cookie. |
| 18 | * @param array $options Options to include with the cookie. |
| 19 | * @return bool False when error happens, other wise true. |
| 20 | */ |
| 21 | function jetpack_shim_setcookie( $name, $value, $options ) { |
| 22 | $not_allowed_chars = ",; \t\r\n\013\014"; |
| 23 | |
| 24 | if ( false !== strpbrk( $name, $not_allowed_chars ) ) { |
| 25 | return false; |
| 26 | } |
| 27 | |
| 28 | if ( headers_sent() ) { |
| 29 | return false; |
| 30 | } |
| 31 | |
| 32 | $cookie = 'Set-Cookie: ' . $name . '=' . rawurlencode( $value ) . '; '; |
| 33 | |
| 34 | if ( ! empty( $options['expires'] ) ) { |
| 35 | $cookie_date = gmdate( 'D, d M Y H:i:s \G\M\T', $options['expires'] ); |
| 36 | $cookie .= sprintf( 'expires=%s', $cookie_date ) . ';'; |
| 37 | } |
| 38 | |
| 39 | if ( ! empty( $options['secure'] ) && true === $options['secure'] ) { |
| 40 | $cookie .= 'secure; '; |
| 41 | } |
| 42 | |
| 43 | if ( ! empty( $options['httponly'] ) && true === $options['httponly'] ) { |
| 44 | $cookie .= 'HttpOnly; '; |
| 45 | } |
| 46 | |
| 47 | if ( ! empty( $options['domain'] ) && is_string( $options['domain'] ) ) { |
| 48 | if ( false !== strpbrk( $options['domain'], $not_allowed_chars ) ) { |
| 49 | return false; |
| 50 | } |
| 51 | $cookie .= sprintf( 'domain=%s', $options['domain'] . '; ' ); |
| 52 | } |
| 53 | |
| 54 | if ( ! empty( $options['path'] ) && is_string( $options['path'] ) ) { |
| 55 | if ( false !== strpbrk( $options['path'], $not_allowed_chars ) ) { |
| 56 | return false; |
| 57 | } |
| 58 | $cookie .= sprintf( 'path=%s', $options['path'] . '; ' ); |
| 59 | } |
| 60 | |
| 61 | if ( ! empty( $options['samesite'] ) && is_string( $options['samesite'] ) ) { |
| 62 | $cookie .= sprintf( 'SameSite=%s', $options['samesite'] . '; ' ); |
| 63 | } |
| 64 | |
| 65 | $cookie = trim( $cookie ); |
| 66 | $cookie = trim( $cookie, ';' ); |
| 67 | header( $cookie, false ); |
| 68 | |
| 69 | return true; |
| 70 | } |