From e6a6c265b04cd84be515bb2d00c7bcd5075a3bbb Mon Sep 17 00:00:00 2001 From: Alex Arwine Date: Fri, 17 Jan 2014 08:07:57 -0800 Subject: [PATCH] Aprhont - Adding cookie-prefix, as config option, and into cookie methods Summary: Cookie-prefix should fix phabricator instances where x.com and x.y.com have conflicting cookie names Test Plan: Pushed branch to dev.phab.example.com, logged into phab.example.com and into dev.phab.example.com. Reviewers: epriestley, #blessed_reviewers Reviewed By: epriestley CC: Korvin, epriestley, aran Differential Revision: https://secure.phabricator.com/D7979 --- src/aphront/AphrontRequest.php | 16 ++++++++++++++++ .../AphrontDefaultApplicationConfiguration.php | 3 +++ .../option/PhabricatorCoreConfigOptions.php | 10 ++++++++++ 3 files changed, 29 insertions(+) diff --git a/src/aphront/AphrontRequest.php b/src/aphront/AphrontRequest.php index 07c0c692ec..484219afa4 100644 --- a/src/aphront/AphrontRequest.php +++ b/src/aphront/AphrontRequest.php @@ -273,11 +273,26 @@ final class AphrontRequest { return $this->validateCSRF(); } + final public function setCookiePrefix($prefix) { + $this->cookiePrefix = $prefix; + return $this; + } + + final private function getPrefixedCookieName($name) { + if (strlen($this->cookiePrefix)) { + return $this->cookiePrefix.'_'.$name; + } else { + return $name; + } + } + final public function getCookie($name, $default = null) { + $name = $this->getPrefixedCookieName($name); return idx($_COOKIE, $name, $default); } final public function clearCookie($name) { + $name = $this->getPrefixedCookieName($name); $this->setCookie($name, '', time() - (60 * 60 * 24 * 30)); unset($_COOKIE[$name]); } @@ -342,6 +357,7 @@ final class AphrontRequest { $expire = time() + (60 * 60 * 24 * 365 * 5); } + $name = $this->getPrefixedCookieName($name); if (php_sapi_name() == 'cli') { // Do nothing, to avoid triggering "Cannot modify header information" diff --git a/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php b/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php index 24a9043864..7523a04821 100644 --- a/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php +++ b/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php @@ -107,9 +107,12 @@ class AphrontDefaultApplicationConfiguration $data += $parser->parseQueryString(idx($_SERVER, 'QUERY_STRING', '')); + $cookie_prefix = PhabricatorEnv::getEnvConfig('phabricator.cookie-prefix'); + $request = new AphrontRequest($this->getHost(), $this->getPath()); $request->setRequestData($data); $request->setApplicationConfiguration($this); + $request->setCookiePrefix($cookie_prefix); return $request; } diff --git a/src/applications/config/option/PhabricatorCoreConfigOptions.php b/src/applications/config/option/PhabricatorCoreConfigOptions.php index 54eb700ecf..62005f9d9d 100644 --- a/src/applications/config/option/PhabricatorCoreConfigOptions.php +++ b/src/applications/config/option/PhabricatorCoreConfigOptions.php @@ -76,6 +76,16 @@ final class PhabricatorCoreConfigOptions ->addExample('America/Chicago', pht('US Central (CDT)')) ->addExample('America/Boise', pht('US Mountain (MDT)')) ->addExample('America/Los_Angeles', pht('US West (PDT)')), + $this->newOption('phabricator.cookie-prefix', 'string', null) + ->setSummary( + pht("Set a string Phabricator should use to prefix ". + "cookie names")) + ->setDescription( + pht( + "Cookies set for x.com are also sent for y.x.com. Assuming ". + "Phabricator instances are running on both domains, this will ". + "create a collision preventing you from logging in.")) + ->addExample('dev', pht('Prefix cookie with "dev"')), $this->newOption('phabricator.show-beta-applications', 'bool', false) ->setBoolOptions( array(