From 042c025ea3718cdf18f7dc2b15442f48bf783d80 Mon Sep 17 00:00:00 2001 From: tianya Date: Thu, 11 Apr 2024 23:13:14 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96Cookie=E5=87=BD=E6=95=B0?= =?UTF-8?q?=EF=BC=8C=E5=A2=9E=E5=8A=A0samesite=E5=B1=9E=E6=80=A7=E7=AD=89?= =?UTF-8?q?=E8=AE=BE=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/changelog.md | 1 + src/system/common.inc.php | 4 ++++ src/system/helpers/cookie.helper.php | 34 ++++++++++++++++++++++------ 3 files changed, 32 insertions(+), 7 deletions(-) diff --git a/docs/changelog.md b/docs/changelog.md index 9b929276..4e569d12 100644 --- a/docs/changelog.md +++ b/docs/changelog.md @@ -8,6 +8,7 @@ - 优化后台链接官方资源加载超时,依然保持流畅; - 优化自动关键词默认状态; - 优化图片自动alt; +- 优化Cookie函数,增加samesite属性等设置; - 修正文档标题默认字符限制问题; - 重做响应式后台登录页面; - 其他常规问题修复; diff --git a/src/system/common.inc.php b/src/system/common.inc.php index e4a6d53e..360d17d6 100755 --- a/src/system/common.inc.php +++ b/src/system/common.inc.php @@ -205,6 +205,10 @@ $cfg_df_namerule = '{typedir}/{aid}'.$cfg_df_ext; $cfg_dir_purview = 0755; //会员是否使用精简模式 $cfg_mb_lit = 'N'; +//Cookie设置 +$cfg_cookie_samesite = 'Lax'; //samesite 属性 (Lax, Strict or None) +$cfg_cookie_secure = false; //仅当存在安全的 HTTPS 连接时才会设置 Cookie +$cfg_cookie_httponly = false; //只能通过 HTTP(S) 访问(无法通过 JavaScript 访问) //特殊全局变量 $_sys_globals['curfile'] = ''; $_sys_globals['typeid'] = 0; diff --git a/src/system/helpers/cookie.helper.php b/src/system/helpers/cookie.helper.php index fee8cea0..12a48176 100755 --- a/src/system/helpers/cookie.helper.php +++ b/src/system/helpers/cookie.helper.php @@ -3,12 +3,33 @@ if (!defined('DEDEINC')) exit ('dedebiz'); /** * Cookie处理助手 * - * @version $id:cookie.helper.php 13:58 2010年7月5日 tianya $ + * @version $id:cookie.helper.php 2024-04-11 tianya $ * @package DedeBIZ.Helpers * @copyright Copyright (c) 2022 DedeBIZ.COM * @license GNU GPL v2 (https://www.dedebiz.com/license) * @link https://www.dedebiz.com */ +function DedeSetCookie($key, $value = "", $expires = 0, $path = ""){ + global $cfg_domain_cookie,$cfg_cookie_samesite,$cfg_cookie_secure,$cfg_cookie_httponly; + if (version_compare(PHP_VERSION, '7.3.0', '>=')) { + $options = array( + "expires" => $expires, + 'path' => $path, + 'domain' => $cfg_domain_cookie, + 'samesite' => $cfg_cookie_samesite, + 'secure' => $cfg_cookie_secure, + 'httponly' => $cfg_cookie_httponly, + ); + setcookie($key, $value, $options); + } else { + $cookie_header = 'Set-Cookie: '.$key.'='.rawurlencode($value); + $cookie_header .= ($expires === 0 ? '' : '; Expires='.gmdate('D, d-M-Y H:i:s T', $expires)).';'; + $cookie_header .= '; Path='.$path.($cfg_domain_cookie !== '' ? '; Domain='.$cfg_domain_cookie : ''); + $cookie_header .= ($cfg_cookie_secure ? '; Secure' : '').($cfg_cookie_httponly ? '; HttpOnly' : '').'; SameSite='.$cfg_cookie_samesite; + header($cookie_header); + return; + } +} /** * 设置Cookie记录 * @@ -21,9 +42,9 @@ if (!defined('DEDEINC')) exit ('dedebiz'); if (!function_exists('PutCookie')) { function PutCookie($key, $value, $kptime = 0, $pa = "/") { - global $cfg_cookie_encode, $cfg_domain_cookie; - setcookie($key, $value, time() + $kptime, $pa, $cfg_domain_cookie); - setcookie($key.'__ckMd5', substr(md5($cfg_cookie_encode.$value), 0, 16), time() + $kptime, $pa, $cfg_domain_cookie); + global $cfg_cookie_encode; + DedeSetCookie($key, $value, time() + $kptime, $pa); + DedeSetCookie($key.'__ckMd5', substr(md5($cfg_cookie_encode.$value), 0, 16), time() + $kptime, $pa); } } /** @@ -35,9 +56,8 @@ if (!function_exists('PutCookie')) { if (!function_exists('DropCookie')) { function DropCookie($key) { - global $cfg_domain_cookie; - setcookie($key, '', time() - 360000, "/", $cfg_domain_cookie); - setcookie($key.'__ckMd5', '', time() - 360000, "/", $cfg_domain_cookie); + DedeSetCookie($key, '', time() - 360000, "/"); + DedeSetCookie($key.'__ckMd5', '', time() - 360000, "/"); } } /**