aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/cgi_ext/cookie.rb
blob: a244e2a39ab64042728296bfeae3c0b45f74b93c (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
CGI.module_eval { remove_const "Cookie" }

# TODO: document how this differs from stdlib CGI::Cookie
class CGI #:nodoc:
  class Cookie < DelegateClass(Array)
    attr_accessor :name, :value, :path, :domain, :expires
    attr_reader :secure, :http_only

    # Create a new CGI::Cookie object.
    #
    # The contents of the cookie can be specified as a +name+ and one
    # or more +value+ arguments.  Alternatively, the contents can
    # be specified as a single hash argument.  The possible keywords of
    # this hash are as follows:
    #
    # name:: the name of the cookie.  Required.
    # value:: the cookie's value or list of values.
    # path:: the path for which this cookie applies.  Defaults to the
    #        base directory of the CGI script.
    # domain:: the domain for which this cookie applies.
    # expires:: the time at which this cookie expires, as a +Time+ object.
    # secure:: whether this cookie is a secure cookie or not (default to
    #          false).  Secure cookies are only transmitted to HTTPS
    #          servers.
    # http_only:: whether this cookie can be accessed by client side scripts (e.g. document.cookie) or only over HTTP 
    #             More details: http://msdn2.microsoft.com/en-us/library/system.web.httpcookie.httponly.aspx
    #             Defaults to false.
    # These keywords correspond to attributes of the cookie object.
    def initialize(name = '', *value)
      if name.kind_of?(String)
        @name = name
        @value = Array(value)
        @domain = nil
        @expires = nil
        @secure = false
        @http_only = false
        @path = nil
      else
        @name = name['name']
        @value = (name['value'].kind_of?(String) ? [name['value']] : Array(name['value'])).delete_if(&:blank?)
        @domain = name['domain']
        @expires = name['expires']
        @secure = name['secure'] || false
        @http_only = name['http_only'] || false
        @path = name['path']
      end

      raise ArgumentError, "`name' required" unless @name

      # simple support for IE
      unless @path
        %r|^(.*/)|.match(ENV['SCRIPT_NAME'])
        @path = ($1 or '')
      end

      super(@value)
    end

    # Set whether the Cookie is a secure cookie or not.
    def secure=(val)
      @secure = val == true
    end

    # Set whether the Cookie is an HTTP only cookie or not.
    def http_only=(val)
      @http_only = val == true
    end

    # Convert the Cookie to its string representation.
    def to_s
      buf = ''
      buf << @name << '='
      buf << (@value.kind_of?(String) ? CGI::escape(@value) : @value.collect{|v| CGI::escape(v) }.join("&"))
      buf << '; domain=' << @domain if @domain
      buf << '; path=' << @path if @path
      buf << '; expires=' << CGI::rfc1123_date(@expires) if @expires
      buf << '; secure' if @secure
      buf << '; HttpOnly' if @http_only
      buf
    end

    # Parse a raw cookie string into a hash of cookie-name=>Cookie
    # pairs.
    #
    #   cookies = CGI::Cookie::parse("raw_cookie_string")
    #     # { "name1" => cookie1, "name2" => cookie2, ... }
    #
    def self.parse(raw_cookie)
      cookies = Hash.new([])

      if raw_cookie
        raw_cookie.split(/;\s?/).each do |pairs|
          name, value = pairs.split('=',2)
          next unless name and value
          name = CGI::unescape(name)
          unless cookies.has_key?(name)
            cookies[name] = new(name, CGI::unescape(value))
          end
        end
      end

      cookies
    end
  end # class Cookie
end