"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "framework/web/CHttpCookie.php" between
yii-1.1.21.733ac5.tar.gz and yii-1.1.22.bf1d26.tar.gz

About: Yii is a high-performance component-based PHP framework for developing large-scale Web applications. Hint: Yii 1.1 is now in maintenance mode.

CHttpCookie.php  (yii-1.1.21.733ac5):CHttpCookie.php  (yii-1.1.22.bf1d26)
skipping to change at line 21 skipping to change at line 21
/** /**
* A CHttpCookie instance stores a single cookie, including the cookie name, val ue, domain, path, expire, and secure. * A CHttpCookie instance stores a single cookie, including the cookie name, val ue, domain, path, expire, and secure.
* *
* @author Qiang Xue <qiang.xue@gmail.com> * @author Qiang Xue <qiang.xue@gmail.com>
* @package system.web * @package system.web
* @since 1.0 * @since 1.0
*/ */
class CHttpCookie extends CComponent class CHttpCookie extends CComponent
{ {
/** /**
* SameSite policy Lax will prevent the cookie from being sent by the bro
wser in all cross-site browsing context
* during CSRF-prone request methods (e.g. POST, PUT, PATCH etc).
* E.g. a POST request from https://otherdomain.com to https://yourdomain
.com will not include the cookie, however a GET request will.
* When a user follows a link from https://otherdomain.com to https://you
rdomain.com it will include the cookie
* @see $sameSite
* @since 1.1.22
*/
const SAME_SITE_LAX='Lax';
/**
* SameSite policy Strict will prevent the cookie from being sent by the
browser in all cross-site browsing context
* regardless of the request method and even when following a regular lin
k.
* E.g. a GET request from https://otherdomain.com to https://yourdomain.
com or a user following a link from
* https://otherdomain.com to https://yourdomain.com will not include the
cookie.
* @see $sameSite
* @since 1.1.22
*/
const SAME_SITE_STRICT='Strict';
/**
* @var string name of the cookie * @var string name of the cookie
*/ */
public $name; public $name;
/** /**
* @var string value of the cookie * @var string value of the cookie
*/ */
public $value=''; public $value='';
/** /**
* @var string domain of the cookie * @var string domain of the cookie
*/ */
skipping to change at line 51 skipping to change at line 70
* @var boolean whether cookie should be sent via secure connection * @var boolean whether cookie should be sent via secure connection
*/ */
public $secure=false; public $secure=false;
/** /**
* @var boolean whether the cookie should be accessible only through the HTTP protocol. * @var boolean whether the cookie should be accessible only through the HTTP protocol.
* By setting this property to true, the cookie will not be accessible by scripting languages, * By setting this property to true, the cookie will not be accessible by scripting languages,
* such as JavaScript, which can effectly help to reduce identity theft t hrough XSS attacks. * such as JavaScript, which can effectly help to reduce identity theft t hrough XSS attacks.
* Note, this property is only effective for PHP 5.2.0 or above. * Note, this property is only effective for PHP 5.2.0 or above.
*/ */
public $httpOnly=false; public $httpOnly=false;
/**
* @var array Cookie attribute "SameSite".
* @see https://www.owasp.org/index.php/SameSite
* This property only works for PHP 7.3.0 or above.
* @since 1.1.22
*/
public $sameSite=self::SAME_SITE_LAX;
/** /**
* Constructor. * Constructor.
* @param string $name name of this cookie * @param string $name name of this cookie
* @param string $value value of this cookie * @param string $value value of this cookie
* @param array $options the configuration array consisting of name-value pairs * @param array $options the configuration array consisting of name-value pairs
* that are used to configure this cookie * that are used to configure this cookie
*/ */
public function __construct($name,$value,$options=array()) public function __construct($name,$value,$options=array())
{ {
 End of changes. 2 change blocks. 
0 lines changed or deleted 33 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)