Fixed cookies not being set correctly when running on a non-standard port.

2022-06-06 16:57:45 +02:00 · 2022-06-06 16:57:45 +02:00 · 3c518c48e6
commit 3c518c48e6
parent ba4f03cefa
5 changed files with 15 additions and 6 deletions
--- a/misuzu.php
+++ b/misuzu.php
@ -151,7 +151,7 @@ if(isset($_COOKIE['msz_uid']) && isset($_COOKIE['msz_sid'])) {
        ->setSessionToken(filter_input(INPUT_COOKIE, 'msz_sid') ?? '');

    if($authToken->isValid())
-        setcookie('msz_auth', $authToken->pack(), strtotime('1 year'), '/', '.' . $_SERVER['HTTP_HOST'], !empty($_SERVER['HTTPS']), true);
+        setcookie('msz_auth', $authToken->pack(), strtotime('1 year'), '/', msz_cookie_domain(), !empty($_SERVER['HTTPS']), true);

    setcookie('msz_uid', '', -3600, '/', '', !empty($_SERVER['HTTPS']), true);
    setcookie('msz_sid', '', -3600, '/', '', !empty($_SERVER['HTTPS']), true);
@ -173,7 +173,7 @@ if($authToken->isValid()) {
                $sessionInfo->bump();

                if($sessionInfo->shouldBumpExpire())
-                    setcookie('msz_auth', $authToken->pack(), $sessionInfo->getExpiresTime(), '/', '.' . $_SERVER['HTTP_HOST'], !empty($_SERVER['HTTPS']), true);
+                    setcookie('msz_auth', $authToken->pack(), $sessionInfo->getExpiresTime(), '/', msz_cookie_domain(), !empty($_SERVER['HTTPS']), true);
            }
        }
    } catch(UserNotFoundException $ex) {
@ -187,7 +187,7 @@ if($authToken->isValid()) {
    if(UserSession::hasCurrent()) {
        $userInfo->bumpActivity();
    } else {
-        setcookie('msz_auth', '', -9001, '/', '.' . $_SERVER['HTTP_HOST'], !empty($_SERVER['HTTPS']), true);
+        setcookie('msz_auth', '', -9001, '/', msz_cookie_domain(), !empty($_SERVER['HTTPS']), true);
        setcookie('msz_auth', '', -9001, '/', '', !empty($_SERVER['HTTPS']), true);
    }
 }
--- a/public/auth/login.php
+++ b/public/auth/login.php
@ -118,7 +118,7 @@ while(!empty($_POST['login']) && is_array($_POST['login'])) {
    }

    $authToken = AuthToken::create($userInfo, $sessionInfo);
-    setcookie('msz_auth', $authToken->pack(), $sessionInfo->getExpiresTime(), '/', '.' . $_SERVER['HTTP_HOST'], !empty($_SERVER['HTTPS']), true);
+    setcookie('msz_auth', $authToken->pack(), $sessionInfo->getExpiresTime(), '/', msz_cookie_domain(), !empty($_SERVER['HTTPS']), true);

    if(!is_local_url($loginRedirect))
        $loginRedirect = url('index');
--- a/public/auth/logout.php
+++ b/public/auth/logout.php
@ -12,7 +12,7 @@ if(!UserSession::hasCurrent()) {
 }

 if(CSRF::validateRequest()) {
-    setcookie('msz_auth', '', -9001, '/', '.' . $_SERVER['HTTP_HOST'], !empty($_SERVER['HTTPS']), true);
+    setcookie('msz_auth', '', -9001, '/', msz_cookie_domain(), !empty($_SERVER['HTTPS']), true);
    setcookie('msz_auth', '', -9001, '/', '', !empty($_SERVER['HTTPS']), true);
    UserSession::getCurrent()->delete();
    UserSession::unsetCurrent();
--- a/public/auth/twofactor.php
+++ b/public/auth/twofactor.php
@ -84,7 +84,7 @@ while(!empty($twofactor)) {
    }

    $authToken = AuthToken::create($userInfo, $sessionInfo);
-    setcookie('msz_auth', $authToken->pack(), $sessionInfo->getExpiresTime(), '/', '.' . $_SERVER['HTTP_HOST'], !empty($_SERVER['HTTPS']), true);
+    setcookie('msz_auth', $authToken->pack(), $sessionInfo->getExpiresTime(), '/', msz_cookie_domain(), !empty($_SERVER['HTTPS']), true);

    if(!is_local_url($redirect)) {
        $redirect = url('index');
--- a/utility.php
+++ b/utility.php
@ -209,3 +209,12 @@ function msz_server_timing(\Index\Performance\Timings $timings): string {

    return sprintf('Server-Timing: %s', implode(', ', $timings));
 }
+
+function msz_cookie_domain(bool $compatible = true): string {
+    $url = parse_url($_SERVER['HTTP_HOST'], PHP_URL_HOST);
+
+    if(!filter_var($url, FILTER_VALIDATE_IP) && $compatible)
+        $url = '.' . $url;
+
+    return $url;
+}