Merge branch 'release/1.1.12' into v1

CHANGELOG.md

@@ -1,21 +1,25 @@
 # Cookies Changelog
 
-## 1.1.11 - 2017.12.06
+## 1.1.12 - 2020.02.13
+### Changed
+* Implemented `sameSite` for cookies, thank to a PR from Kenny Quan
+
+## 1.1.11 - 2018.12.06
 ### Changed
 * Fixed an issue where `getSecure()` would return nothing due to an improper parameter passed to `unserialize()`
 
-## 1.1.10 - 2017.07.22
+## 1.1.10 - 2018.07.22
 ### Changed
 * If the passed in domain is empty, use the `defaultCookieDomain` config setting
 * Don't unserialize any classes in secure cookie data
 * Code cleanup
 
-## 1.1.9 - 2017.02.01
+## 1.1.9 - 2018.02.01
 ### Changed
 * Renamed the composer package name to `craft-cookies`
 * Check to ensure a cookie exists before accessing it in `getSecure()`
 
-## 1.1.8 - 2017.01.23
+## 1.1.8 - 2018.01.23
 ### Changed
 * Fixed an issue with removing cookies
 * Added try/catch so errors are logged instead of exceptions thrown

composer.json

@@ -2,7 +2,7 @@
     "name": "nystudio107/craft-cookies",
     "description": "A simple plugin for setting and getting cookies from within Craft CMS templates.",
     "type": "craft-plugin",
-    "version": "1.1.11",
+    "version": "1.1.12",
     "keywords": [
         "craft",
         "cms",

docs/docs/README.md

@@ -22,21 +22,26 @@ You can also install Cookies via the **Plugin Store** in the Craft Control Panel
 ## Setting cookies
 
 All three of these methods accomplish the same thing:
+
 ```twig
     {# Set the cookie using 'setCookie' function #}
-    {% do setCookie( NAME, VALUE, DURATION, PATH, DOMAIN, SECURE, HTTPONLY) %}
+    {% do setCookie( NAME, VALUE, DURATION, PATH, DOMAIN, SECURE, HTTPONLY, SAMESITE) %}
 
     {# Set the cookie using 'setCookie' filter #}
-    {% do NAME | setCookie( VALUE, DURATION, PATH, DOMAIN, SECURE, HTTPONLY) %}
+    {% do NAME | setCookie( VALUE, DURATION, PATH, DOMAIN, SECURE, HTTPONLY, SAMESITE) %}
 
     {# Set the cookie using 'set' variable #}
-    {% do craft.cookies.set( NAME, VALUE, DURATION, PATH, DOMAIN, SECURE, HTTPONLY) %}
+    {% do craft.cookies.set( NAME, VALUE, DURATION, PATH, DOMAIN, SECURE, HTTPONLY, SAMESITE) %}
 ```
+
 They all act as a wrapper for the PHP `setcookie` function. [More info](http://php.net/manual/en/function.setcookie.php)
 
-All of the parameters except for `NAME` are optional.  The `PATH` defaults to `/` if not specified
+All of the parameters except for `NAME` are optional. The `PATH` defaults to `/` if not specified. The `SAMESITE` should be either 'None', 'Lax' or 'Strict'.
+
+(Note: `SAMESITE` only works for environments with PHP 7.3 and up)
 
 **Examples**
+
 ```twig
     {% do setCookie('marvin', 'martian', now | date_modify("+1 hour").timestamp) %}
     {# Sets a cookie to expire in an hour. #}
@@ -47,24 +52,30 @@ All of the parameters except for `NAME` are optional.  The `PATH` defaults to `/
     {% do craft.cookies.set('marvin', 'martian', '', '/foo/' ) %}
     {# Cookie available within /foo/ directory and sub-directories. #}
 ```
+
 ## Setting Secure cookies
 
 All three of these methods accomplish the same thing:
+
 ```twig
     {# Set the cookie using 'setSecureCookie' function #}
-    {% do setSecureCookie( NAME, VALUE, DURATION, PATH, DOMAIN, SECURE, HTTPONLY) %}
+    {% do setSecureCookie( NAME, VALUE, DURATION, PATH, DOMAIN, SECURE, HTTPONLY, SAMESITE) %}
 
     {# Set the cookie using 'setSecureCookie' filter #}
-    {% do NAME | setSecureCookie( VALUE, DURATION, PATH, DOMAIN, SECURE, HTTPONLY) %}
+    {% do NAME | setSecureCookie( VALUE, DURATION, PATH, DOMAIN, SECURE, HTTPONLY, SAMESITE) %}
 
     {# Set the cookie using 'setSecure' variable #}
-    {% do craft.cookies.setSecure( NAME, VALUE, DURATION, PATH, DOMAIN, SECURE, HTTPONLY) %}
+    {% do craft.cookies.setSecure( NAME, VALUE, DURATION, PATH, DOMAIN, SECURE, HTTPONLY, SAMESITE) %}
 ```
-This function works the same as `setCookie` but instead of using the PHP `setcookie` function, it uses the `Craft::$app->getResponse()->getCookies()->add` to add the cookies via Craft.  It also utilizes `craft->security` framework to encrypt and validate the cookie contents between requests.
 
-All of the parameters except for `NAME` are optional.  The `PATH` defaults to `/` if not specified
+This function works the same as `setCookie` but instead of using the PHP `setcookie` function, it uses the `Craft::$app->getResponse()->getCookies()->add` to add the cookies via Craft. It also utilizes `craft->security` framework to encrypt and validate the cookie contents between requests.
+
+All of the parameters except for `NAME` are optional. The `PATH` defaults to `/` if not specified. The `SAMESITE` should be either 'None', 'Lax' or 'Strict'.
+
+(Note: `SAMESITE` only works for environments with PHP 7.3 and up)
 
 **Examples**
+
 ```twig
     {% do setSecureCookie('marvin', 'martian', now | date_modify("+1 hour").timestamp) %}
     {# Sets a cookie to expire in an hour. #}
@@ -75,17 +86,21 @@ All of the parameters except for `NAME` are optional.  The `PATH` defaults to `/
     {% do craft.cookies.setSecure('marvin', 'martian', '', '/foo/' ) %}
     {# Cookie available within /foo/ directory and sub-directories. #}
 ```
+
 ## Retrieving cookies
 
 Both of these methods accomplish the same thing:
+
 ```twig
     {# Get the cookie using 'getCookie' function #}
     {% do getCookie( NAME ) %}
 
     {# Get the cookie using 'get' variable #}
     {% do craft.cookies.get( NAME ) %}
 ```
+
 **Example**
+
 ```twig
     {% do getCookie('marvin') %}
     {# Get the cookie using 'getCookie' function #}
@@ -98,17 +113,21 @@ Both of these methods accomplish the same thing:
         {{ myCookie }}
     {% endif %}
 ```
+
 ## Retrieving Secure cookies
 
 Both of these methods accomplish the same thing:
+
 ```twig
     {# Get the cookie using 'getSecureCookie' function #}
     {% do getSecureCookie( NAME ) %}
 
     {# Get the cookie using 'getSecure' variable #}
     {% do craft.cookies.getSecure( NAME ) %}
 ```
+
 **Example**
+
 ```twig
     {% do getSecureCookie('marvin') %}
     {# Get the cookie using 'getSecureCookie' function #}
@@ -121,9 +140,11 @@ Both of these methods accomplish the same thing:
         {{ myCookie }}
     {% endif %}
 ```
-This function works the same as `getCookie` but it uses `Craft::$app->getRequest()->getCookie()` to retrieve the cookies via Craft.  It also utilizes `craft->security` framework to decrypt and validate the cookie contents between requests.
+
+This function works the same as `getCookie` but it uses `Craft::$app->getRequest()->getCookie()` to retrieve the cookies via Craft. It also utilizes `craft->security` framework to decrypt and validate the cookie contents between requests.
 
 **Example**
+
 ```twig
     {% do getSecureCookie('marvin') %}
     {# Get the cookie using 'getSecureCookie' function #}
@@ -136,9 +157,11 @@ This function works the same as `getCookie` but it uses `Craft::$app->getRequest
         {{ myCookie }}
     {% endif %}
 ```
+
 ## Deleting cookies
 
 All three of these methods accomplish the same thing:
+
 ```twig
     {# Delete a cookie by passing no VALUE to 'setCookie' function #}
     {% do setCookie( NAME ) %}
@@ -149,9 +172,11 @@ All three of these methods accomplish the same thing:
     {# Delete a cookie by passing no VALUE to 'set' variable #}
     {% do craft.cookies.set( NAME ) %}
 ```
+
 ## Deleting Secure cookies
 
 All three of these methods accomplish the same thing:
+
 ```twig
     {# Delete a cookie by passing no VALUE to 'setSecureCookie' function #}
     {% do setSecureCookie( NAME ) %}
@@ -162,4 +187,5 @@ All three of these methods accomplish the same thing:
     {# Delete a cookie by passing no VALUE to 'setSecure' variable #}
     {% do craft.cookies.setSecure( NAME ) %}
 ```
+
 Brought to you by [nystudio107](http://nystudio107.com)

src/Cookies.php

@@ -1,4 +1,5 @@
 <?php
+
 /**
  * Cookies plugin for Craft CMS 3.x
  *

src/services/CookiesService.php

@@ -1,4 +1,5 @@
 <?php
+
 /**
  * Cookies plugin for Craft CMS 3.x
  *
@@ -36,6 +37,7 @@ class CookiesService extends Component
      * @param string $domain
      * @param bool   $secure
      * @param bool   $httpOnly
+     * @param string $sameSite
      */
     public function set(
         $name = '',
@@ -44,14 +46,26 @@ public function set(
         $path = '/',
         $domain = '',
         $secure = false,
-        $httpOnly = false
+        $httpOnly = false,
+        $sameSite = null
     ) {
         if (empty($value)) {
             Craft::$app->response->cookies->remove($name);
         } else {
             $domain = empty($domain) ? Craft::$app->getConfig()->getGeneral()->defaultCookieDomain : $domain;
-            $expire = (int)$expire;
-            setcookie($name, $value, $expire, $path, $domain, $secure, $httpOnly);
+            $expire = (int) $expire;
+            if (PHP_VERSION_ID >= 70300) {
+                setcookie($name, $value, [
+                    'expires' => $expire,
+                    'path' => $path,
+                    'domain' => $domain,
+                    'secure' => true,
+                    'httponly' => $httpOnly,
+                    'samesite' => $sameSite
+                ]);
+            } else {
+                setcookie($name, $value, $expire, $path, $domain, $secure, $httpOnly);
+            }
             $_COOKIE[$name] = $value;
         }
     }
@@ -83,6 +97,7 @@ public function get($name = '')
      * @param string $domain
      * @param bool   $secure
      * @param bool   $httpOnly
+     * @param string $sameSite
      */
     public function setSecure(
         $name = '',
@@ -91,27 +106,28 @@ public function setSecure(
         $path = '/',
         $domain = '',
         $secure = false,
-        $httpOnly = false
+        $httpOnly = false,
+        $sameSite = null
     ) {
         if (empty($value)) {
             Craft::$app->response->cookies->remove($name);
         } else {
             $domain = empty($domain) ? Craft::$app->getConfig()->getGeneral()->defaultCookieDomain : $domain;
-            $expire = (int)$expire;
+            $expire = (int) $expire;
             $cookie = new Cookie(['name' => $name, 'value' => '']);
 
             try {
                 $cookie->value = Craft::$app->security->hashData(base64_encode(serialize($value)));
             } catch (InvalidConfigException $e) {
                 Craft::error(
-                    'Error setting secure cookie: '.$e->getMessage(),
+                    'Error setting secure cookie: ' . $e->getMessage(),
                     __METHOD__
                 );
 
                 return;
             } catch (Exception $e) {
                 Craft::error(
-                    'Error setting secure cookie: '.$e->getMessage(),
+                    'Error setting secure cookie: ' . $e->getMessage(),
                     __METHOD__
                 );
 
@@ -122,7 +138,9 @@ public function setSecure(
             $cookie->domain = $domain;
             $cookie->secure = $secure;
             $cookie->httpOnly = $httpOnly;
-
+            if (PHP_VERSION_ID >= 70300) {
+                $cookie->sameSite = $sameSite;
+            }
             Craft::$app->response->cookies->add($cookie);
         }
     }
@@ -143,18 +161,19 @@ public function getSecure($name = '')
                 $data = Craft::$app->security->validateData($cookie->value);
             } catch (InvalidConfigException $e) {
                 Craft::error(
-                    'Error getting secure cookie: '.$e->getMessage(),
+                    'Error getting secure cookie: ' . $e->getMessage(),
                     __METHOD__
                 );
                 $data = false;
             } catch (Exception $e) {
                 Craft::error(
-                    'Error getting secure cookie: '.$e->getMessage(),
+                    'Error getting secure cookie: ' . $e->getMessage(),
                     __METHOD__
                 );
                 $data = false;
             }
-            if ($cookie
+            if (
+                $cookie
                 && !empty($cookie->value)
                 && $data !== false
             ) {

src/twigextensions/CookiesTwigExtension.php

@@ -1,4 +1,5 @@
 <?php
+
 /**
  * Cookies plugin for Craft CMS 3.x
  *
@@ -69,6 +70,7 @@ public function getFunctions()
      * @param string $domain
      * @param bool   $secure
      * @param bool   $httpOnly
+     * @param string $sameSite
      */
     public function setCookie(
         $name = "",
@@ -77,7 +79,8 @@ public function setCookie(
         $path = "/",
         $domain = "",
         $secure = false,
-        $httpOnly = false
+        $httpOnly = false,
+        $sameSite = null
     ) {
         Cookies::$plugin->cookies->set(
             $name,
@@ -86,7 +89,8 @@ public function setCookie(
             $path,
             $domain,
             $secure,
-            $httpOnly
+            $httpOnly,
+            $sameSite
         );
     }
 
@@ -112,6 +116,7 @@ public function getCookie($name)
      * @param string $domain
      * @param bool   $secure
      * @param bool   $httpOnly
+     * @param string $sameSite
      */
     public function setSecureCookie(
         $name = "",
@@ -120,7 +125,8 @@ public function setSecureCookie(
         $path = "/",
         $domain = "",
         $secure = false,
-        $httpOnly = false
+        $httpOnly = false,
+        $sameSite = null
     ) {
         Cookies::$plugin->cookies->setSecure(
             $name,
@@ -129,7 +135,8 @@ public function setSecureCookie(
             $path,
             $domain,
             $secure,
-            $httpOnly
+            $httpOnly,
+            $sameSite
         );
     }