diff options
Diffstat (limited to 'actionpack/lib/action_controller/cgi/ext/cookie.rb')
| -rw-r--r-- | actionpack/lib/action_controller/cgi/ext/cookie.rb | 112 |
1 files changed, 112 insertions, 0 deletions
diff --git a/actionpack/lib/action_controller/cgi/ext/cookie.rb b/actionpack/lib/action_controller/cgi/ext/cookie.rb new file mode 100644 index 0000000000..9cd19bb12d --- /dev/null +++ b/actionpack/lib/action_controller/cgi/ext/cookie.rb @@ -0,0 +1,112 @@ +require 'delegate' + +CGI.module_eval { remove_const "Cookie" } + +# TODO: document how this differs from stdlib CGI::Cookie +class CGI #:nodoc: + class Cookie < DelegateClass(Array) + attr_accessor :name, :value, :path, :domain, :expires + attr_reader :secure, :http_only + + # Creates a new CGI::Cookie object. + # + # The contents of the cookie can be specified as a +name+ and one + # or more +value+ arguments. Alternatively, the contents can + # be specified as a single hash argument. The possible keywords of + # this hash are as follows: + # + # * <tt>:name</tt> - The name of the cookie. Required. + # * <tt>:value</tt> - The cookie's value or list of values. + # * <tt>:path</tt> - The path for which this cookie applies. Defaults to the + # base directory of the CGI script. + # * <tt>:domain</tt> - The domain for which this cookie applies. + # * <tt>:expires</tt> - The time at which this cookie expires, as a Time object. + # * <tt>:secure</tt> - Whether this cookie is a secure cookie or not (defaults to + # +false+). Secure cookies are only transmitted to HTTPS servers. + # * <tt>:http_only</tt> - Whether this cookie can be accessed by client side scripts (e.g. document.cookie) or only over HTTP. + # More details in http://msdn2.microsoft.com/en-us/library/system.web.httpcookie.httponly.aspx. Defaults to +false+. + # + # These keywords correspond to attributes of the cookie object. + def initialize(name = '', *value) + if name.kind_of?(String) + @name = name + @value = Array(value) + @domain = nil + @expires = nil + @secure = false + @http_only = false + @path = nil + else + @name = name['name'] + @value = (name['value'].kind_of?(String) ? [name['value']] : Array(name['value'])).delete_if(&:blank?) + @domain = name['domain'] + @expires = name['expires'] + @secure = name['secure'] || false + @http_only = name['http_only'] || false + @path = name['path'] + end + + raise ArgumentError, "`name' required" unless @name + + # simple support for IE + unless @path + %r|^(.*/)|.match(ENV['SCRIPT_NAME']) + @path = ($1 or '') + end + + super(@value) + end + + # Sets whether the Cookie is a secure cookie or not. + def secure=(val) + @secure = val == true + end + + # Sets whether the Cookie is an HTTP only cookie or not. + def http_only=(val) + @http_only = val == true + end + + # Converts the Cookie to its string representation. + def to_s + buf = '' + buf << @name << '=' + buf << (@value.kind_of?(String) ? CGI::escape(@value) : @value.collect{|v| CGI::escape(v) }.join("&")) + buf << '; domain=' << @domain if @domain + buf << '; path=' << @path if @path + buf << '; expires=' << CGI::rfc1123_date(@expires) if @expires + buf << '; secure' if @secure + buf << '; HttpOnly' if @http_only + buf + end + + # FIXME: work around broken 1.8.7 DelegateClass#respond_to? + def respond_to?(method, include_private = false) + return true if super(method) + return __getobj__.respond_to?(method, include_private) + end + + # Parses a raw cookie string into a hash of <tt>cookie-name => cookie-object</tt> + # pairs. + # + # cookies = CGI::Cookie::parse("raw_cookie_string") + # # => { "name1" => cookie1, "name2" => cookie2, ... } + # + def self.parse(raw_cookie) + cookies = Hash.new([]) + + if raw_cookie + raw_cookie.split(/;\s?/).each do |pairs| + name, value = pairs.split('=',2) + next unless name and value + name = CGI::unescape(name) + unless cookies.has_key?(name) + cookies[name] = new(name, CGI::unescape(value)) + end + end + end + + cookies + end + end # class Cookie +end |