HttpOnly in addCookie

MetaYii · October 29, 2008, 9:03pm

Please read this

qiang · October 29, 2008, 9:18pm

Done.

MetaYii · October 29, 2008, 9:44pm

Thanks Qiang, but, are you considering the fact that the httponly flag appeared until PHP 5.2? I guess a PHP version check is necessary or PHP 5.1 will throw an error (please see my post here and please correct me if I’m wrong).

MetaYii · October 29, 2008, 9:46pm

Also, there's another [tt]addCookie[/tt] in [tt]yiilite.php[/tt], line 2069…

qiang · October 29, 2008, 9:52pm

passing an extra parameter to a function won't cause problem. That's why I skipped the php version check.

MetaYii · October 29, 2008, 10:08pm

Quote

passing an extra parameter to a function won't cause problem. That's why I skipped the php version check.

hmmmm…

<?php


$name = 'x';


$value = 'y';


$expire = time();


$path = '/';


$domain = 'test.com';


$secure = false;


$httponly = true;


$something = 'xyz';


setcookie($name,$value,$expire,$path,$domain,$secure,$httponly,$something);


?>

shows a warning:

[tt]Warning: setcookie() expects at most 7 parameters, 8 given in /path/to/test.php on line 3[/tt]

with my PHP 5.2.6 ([tt]error_reporting = E_ALL & ~E_NOTICE[/tt]). I don't know if PHP 5.1 just ignores an extra parameter without warning, can someone confirm?

qiang · October 30, 2008, 11:30am

Ok, i fixed this. Thanks!

MetaYii · October 30, 2008, 9:19pm

Hmm, I can confirm that there’s a bug in addCookie (my mistake)