diff --git a/composer.json b/composer.json index 5e60c868f..cf05f7c65 100644 --- a/composer.json +++ b/composer.json @@ -45,13 +45,13 @@ "google/recaptcha": "^1.3", "guzzlehttp/guzzle": "^7.8", "guzzlehttp/psr7": "^2.6", + "josantonius/cookie": "^2.0", "longman/ip-tools": "1.2.1", "monolog/monolog": "^3.4", "samdark/sitemap": "2.4.1", "symfony/mailer": "^6.3", "symfony/polyfill": "v1.28.0", - "vlucas/phpdotenv": "^5.5", - "delight-im/cookie": "3.*" + "vlucas/phpdotenv": "^5.5" }, "require-dev": { "symfony/var-dumper": "^6.3" diff --git a/composer.lock b/composer.lock index ae5b06051..bb894d295 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "a2ee0a4e95404dca800219b4377f8e2c", + "content-hash": "bfcbfff44a7b82ebbac0fe610dfba0d4", "packages": [ { "name": "arokettu/bencode", @@ -275,91 +275,6 @@ ], "time": "2023-08-30T09:31:38+00:00" }, - { - "name": "delight-im/cookie", - "version": "v3.4.0", - "source": { - "type": "git", - "url": "https://github.com/delight-im/PHP-Cookie.git", - "reference": "67065d34272377d63bab0bd58f984f9b228c803f" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/delight-im/PHP-Cookie/zipball/67065d34272377d63bab0bd58f984f9b228c803f", - "reference": "67065d34272377d63bab0bd58f984f9b228c803f", - "shasum": "" - }, - "require": { - "delight-im/http": "^2.0", - "php": ">=5.4.0" - }, - "type": "library", - "autoload": { - "psr-4": { - "Delight\\Cookie\\": "src/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "description": "Modern cookie management for PHP", - "homepage": "https://github.com/delight-im/PHP-Cookie", - "keywords": [ - "cookie", - "cookies", - "csrf", - "http", - "same-site", - "samesite", - "xss" - ], - "support": { - "issues": "https://github.com/delight-im/PHP-Cookie/issues", - "source": "https://github.com/delight-im/PHP-Cookie/tree/v3.4.0" - }, - "time": "2020-04-16T11:01:26+00:00" - }, - { - "name": "delight-im/http", - "version": "v2.1.0", - "source": { - "type": "git", - "url": "https://github.com/delight-im/PHP-HTTP.git", - "reference": "a5c2c4eae1dd3207f797984e8f64f2d71ed889dd" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/delight-im/PHP-HTTP/zipball/a5c2c4eae1dd3207f797984e8f64f2d71ed889dd", - "reference": "a5c2c4eae1dd3207f797984e8f64f2d71ed889dd", - "shasum": "" - }, - "require": { - "php": ">=5.3.0" - }, - "type": "library", - "autoload": { - "psr-4": { - "Delight\\Http\\": "src/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "description": "Hypertext Transfer Protocol (HTTP) utilities for PHP", - "homepage": "https://github.com/delight-im/PHP-HTTP", - "keywords": [ - "headers", - "http", - "https" - ], - "support": { - "issues": "https://github.com/delight-im/PHP-HTTP/issues", - "source": "https://github.com/delight-im/PHP-HTTP/tree/v2.1.0" - }, - "time": "2021-10-12T18:52:29+00:00" - }, { "name": "doctrine/lexer", "version": "3.0.0", @@ -1069,6 +984,70 @@ ], "time": "2023-08-27T10:13:57+00:00" }, + { + "name": "josantonius/cookie", + "version": "v2.0.6", + "source": { + "type": "git", + "url": "https://github.com/josantonius/php-cookie.git", + "reference": "278c002e4b55c21c988e8c4e7e63eb6b7a3c3c56" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/josantonius/php-cookie/zipball/278c002e4b55c21c988e8c4e7e63eb6b7a3c3c56", + "reference": "278c002e4b55c21c988e8c4e7e63eb6b7a3c3c56", + "shasum": "" + }, + "require": { + "php": "^8.1" + }, + "require-dev": { + "guzzlehttp/guzzle": "^7.4", + "phpmd/phpmd": "^2.6", + "phpunit/phpunit": "^9.5", + "squizlabs/php_codesniffer": "^3.7" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.0-dev" + } + }, + "autoload": { + "psr-4": { + "Josantonius\\Cookie\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Josantonius", + "email": "hello@josantonius.dev", + "homepage": "https://josantonius.dev", + "role": "Developer" + } + ], + "description": "PHP library for handling cookies.", + "keywords": [ + "cookies", + "php" + ], + "support": { + "discussions": "https://github.com/josantonius/php-cookie/discussions", + "issues": "https://github.com/josantonius/php-cookie/issues", + "source": "https://github.com/josantonius/php-cookie" + }, + "funding": [ + { + "url": "https://github.com/Josantonius", + "type": "github" + } + ], + "time": "2022-08-10T22:19:41+00:00" + }, { "name": "longman/ip-tools", "version": "1.2.1", diff --git a/library/includes/init_bb.php b/library/includes/init_bb.php index ee1397506..f1a767a99 100644 --- a/library/includes/init_bb.php +++ b/library/includes/init_bb.php @@ -76,17 +76,33 @@ define('COOKIE_MAX_TRACKS', 90); /** * Set cookie * - * @param $name - * @param $val + * @param string $name + * @param mixed $val * @param int $lifetime * @param bool $httponly - * @return bool + * @param bool $isRaw + * @return void + * @throws \Josantonius\Cookie\Exceptions\CookieException */ -function bb_setcookie($name, $val, int $lifetime = COOKIE_PERSIST, bool $httponly = false): bool +function bb_setcookie(string $name, mixed $val, int $lifetime = COOKIE_PERSIST, bool $httponly = false, bool $isRaw = false): void { global $bb_cfg; - return \Delight\Cookie\Cookie::setcookie($name, $val, $lifetime, $bb_cfg['script_path'], $bb_cfg['cookie_domain'], $bb_cfg['cookie_secure'], $httponly, $bb_cfg['cookie_same_site']); + if (!empty($val)) { + $cookie = new \Josantonius\Cookie\Cookie( + domain: $bb_cfg['cookie_domain'], + expires: $lifetime, + httpOnly: $httponly, + path: $bb_cfg['script_path'], + raw: $isRaw, + sameSite: $bb_cfg['cookie_same_site'], + secure: $bb_cfg['cookie_secure'] + ); + $cookie->set($name, $val); + } else { + $cookie = new \Josantonius\Cookie\Cookie(); + $cookie->remove($name); + } } // User Levels diff --git a/library/includes/page_header.php b/library/includes/page_header.php index 078d81614..3cf29c5ca 100644 --- a/library/includes/page_header.php +++ b/library/includes/page_header.php @@ -211,7 +211,7 @@ if (!empty($bb_cfg['page']['show_torhelp'][BB_SCRIPT]) && !empty($userdata['torh if (TIMENOW > $ignore_time) { if ($ignore_time) { - bb_setcookie('torhelp', '', COOKIE_EXPIRED); + bb_setcookie('torhelp', null); } $sql = " diff --git a/src/Legacy/Common/User.php b/src/Legacy/Common/User.php index adaa57b40..9412a91dd 100644 --- a/src/Legacy/Common/User.php +++ b/src/Legacy/Common/User.php @@ -301,8 +301,8 @@ class User LIMIT 1 "); - bb_setcookie(COOKIE_TOPIC, ''); - bb_setcookie(COOKIE_FORUM, ''); + bb_setcookie(COOKIE_TOPIC, null); + bb_setcookie(COOKIE_FORUM, null); $this->data['user_lastvisit'] = $last_visit; } @@ -479,7 +479,7 @@ class User foreach ($delete_cookies as $cookie) { if (isset($_COOKIE[$cookie])) { - bb_setcookie($cookie, '', COOKIE_EXPIRED); + bb_setcookie($cookie, null); } } } else { @@ -487,14 +487,14 @@ class User $c_sdata_curr = ($this->sessiondata) ? serialize($this->sessiondata) : ''; if ($c_sdata_curr !== $c_sdata_resv) { - bb_setcookie(COOKIE_DATA, $c_sdata_curr, COOKIE_PERSIST, true); + bb_setcookie(COOKIE_DATA, $c_sdata_curr, httponly: true); } // Unset sql debug cookies if (!SQL_DEBUG || !APP_DEBUG) { foreach (array('explain', 'sql_log', 'sql_log_full') as $cookie) { if (isset($_COOKIE[$cookie])) { - bb_setcookie($cookie, '', COOKIE_EXPIRED); + bb_setcookie($cookie, null); } } } @@ -650,9 +650,9 @@ class User ]); // Delete cookies - bb_setcookie(COOKIE_TOPIC, ''); - bb_setcookie(COOKIE_FORUM, ''); - bb_setcookie(COOKIE_MARK, ''); + bb_setcookie(COOKIE_TOPIC, null); + bb_setcookie(COOKIE_FORUM, null); + bb_setcookie(COOKIE_MARK, null); } }