1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
<?php
/**
* @link http://www.yiiframework.com/
* @copyright Copyright (c) 2008 Yii Software LLC
* @license http://www.yiiframework.com/license/
*/
namespace yii\web;
use Yii;
use yii\base\DictionaryIterator;
use yii\helpers\SecurityHelper;
/**
* CookieCollection maintains the cookies available in the current request.
*
* @property integer $count the number of cookies in the collection
*
* @author Qiang Xue <qiang.xue@gmail.com>
* @since 2.0
*/
class CookieCollection extends \yii\base\Object implements \IteratorAggregate, \ArrayAccess, \Countable
{
/**
* @var boolean whether to enable cookie validation. By setting this property to true,
* if a cookie is tampered on the client side, it will be ignored when received on the server side.
*/
public $enableValidation = true;
/**
* @var string the secret key used for cookie validation. If not set, a random key will be generated and used.
*/
public $validationKey;
/**
* @var Cookie[] the cookies in this collection (indexed by the cookie names)
*/
private $_cookies = array();
/**
* Constructor.
* @param array $config name-value pairs that will be used to initialize the object properties
*/
public function __construct($config = array())
{
parent::__construct($config);
$this->_cookies = $this->loadCookies();
}
/**
* Returns an iterator for traversing the cookies in the collection.
* This method is required by the SPL interface `IteratorAggregate`.
* It will be implicitly called when you use `foreach` to traverse the collection.
* @return DictionaryIterator an iterator for traversing the cookies in the collection.
*/
public function getIterator()
{
return new DictionaryIterator($this->_cookies);
}
/**
* Returns the number of cookies in the collection.
* This method is required by the SPL `Countable` interface.
* It will be implicitly called when you use `count($collection)`.
* @return integer the number of cookies in the collection.
*/
public function count()
{
return $this->getCount();
}
/**
* Returns the number of cookies in the collection.
* @return integer the number of cookies in the collection.
*/
public function getCount()
{
return count($this->_cookies);
}
/**
* Returns the cookie with the specified name.
* @param string $name the cookie name
* @return Cookie the cookie with the specified name. Null if the named cookie does not exist.
* @see getValue()
*/
public function get($name)
{
return isset($this->_cookies[$name]) ? $this->_cookies[$name] : null;
}
/**
* Returns the value of the named cookie.
* @param string $name the cookie name
* @param mixed $defaultValue the value that should be returned when the named cookie does not exist.
* @return mixed the value of the named cookie.
* @see get()
*/
public function getValue($name, $defaultValue = null)
{
return isset($this->_cookies[$name]) ? $this->_cookies[$name]->value : $defaultValue;
}
/**
* Adds a cookie to the collection.
* If there is already a cookie with the same name in the collection, it will be removed first.
* @param Cookie $cookie the cookie to be added
*/
public function add($cookie)
{
if (isset($this->_cookies[$cookie->name])) {
$c = $this->_cookies[$cookie->name];
setcookie($c->name, '', 0, $c->path, $c->domain, $c->secure, $c->httponly);
}
$value = $cookie->value;
if ($this->enableValidation) {
if ($this->validationKey === null) {
$key = SecurityHelper::getSecretKey(__CLASS__ . '/' . Yii::$app->id);
} else {
$key = $this->validationKey;
}
$value = SecurityHelper::hashData(serialize($value), $key);
}
setcookie($cookie->name, $value, $cookie->expire, $cookie->path, $cookie->domain, $cookie->secure, $cookie->httponly);
$this->_cookies[$cookie->name] = $cookie;
}
/**
* Removes a cookie from the collection.
* @param Cookie|string $cookie the cookie object or the name of the cookie to be removed.
*/
public function remove($cookie)
{
if (is_string($cookie) && isset($this->_cookies[$cookie])) {
$cookie = $this->_cookies[$cookie];
}
if ($cookie instanceof Cookie) {
setcookie($cookie->name, '', 0, $cookie->path, $cookie->domain, $cookie->secure, $cookie->httponly);
unset($this->_cookies[$cookie->name]);
}
}
/**
* Removes all cookies.
*/
public function removeAll()
{
foreach ($this->_cookies as $cookie) {
setcookie($cookie->name, '', 0, $cookie->path, $cookie->domain, $cookie->secure, $cookie->httponly);
}
$this->_cookies = array();
}
/**
* Returns the collection as a PHP array.
* @return array the array representation of the collection.
* The array keys are cookie names, and the array values are the corresponding
* cookie objects.
*/
public function toArray()
{
return $this->_cookies;
}
/**
* Returns whether there is a cookie with the specified name.
* This method is required by the SPL interface `ArrayAccess`.
* It is implicitly called when you use something like `isset($collection[$name])`.
* @param string $name the cookie name
* @return boolean whether the named cookie exists
*/
public function offsetExists($name)
{
return isset($this->_cookies[$name]);
}
/**
* Returns the cookie with the specified name.
* This method is required by the SPL interface `ArrayAccess`.
* It is implicitly called when you use something like `$cookie = $collection[$name];`.
* This is equivalent to [[get()]].
* @param string $name the cookie name
* @return Cookie the cookie with the specified name, null if the named cookie does not exist.
*/
public function offsetGet($name)
{
return $this->get($name);
}
/**
* Adds the cookie to the collection.
* This method is required by the SPL interface `ArrayAccess`.
* It is implicitly called when you use something like `$collection[$name] = $cookie;`.
* This is equivalent to [[add()]].
* @param string $name the cookie name
* @param Cookie $cookie the cookie to be added
*/
public function offsetSet($name, $cookie)
{
$this->add($cookie);
}
/**
* Removes the named cookie.
* This method is required by the SPL interface `ArrayAccess`.
* It is implicitly called when you use something like `unset($collection[$name])`.
* This is equivalent to [[remove()]].
* @param string $name the cookie name
*/
public function offsetUnset($name)
{
$this->remove($name);
}
/**
* Returns the current cookies in terms of [[Cookie]] objects.
* @return Cookie[] list of current cookies
*/
protected function loadCookies()
{
$cookies = array();
if ($this->enableValidation) {
if ($this->validationKey === null) {
$key = SecurityHelper::getSecretKey(__CLASS__ . '/' . Yii::$app->id);
} else {
$key = $this->validationKey;
}
foreach ($_COOKIE as $name => $value) {
if (is_string($value) && ($value = SecurityHelper::validateData($value, $key)) !== false) {
$cookies[$name] = new Cookie(array(
'name' => $name,
'value' => @unserialize($value),
));
}
}
} else {
foreach ($_COOKIE as $name => $value) {
$cookies[$name] = new Cookie(array(
'name' => $name,
'value' => $value,
));
}
}
return $cookies;
}
}