/usr/lib/ruby/vendor_ruby/merb-core/dispatch/cookies.rb is in ruby-merb-core 1.1.3+dfsg-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 | module Merb
class Cookies < Mash
# :api: private
def initialize(constructor = {})
@_options_lookup = Mash.new
@_cookie_defaults = { "domain" => Merb::Controller._default_cookie_domain, "path" => '/' }
super constructor
end
# Implicit assignment of cookie key and value.
#
# ==== Parameters
# name<~to_s>:: Name of the cookie.
# value<~to_s>:: Value of the cookie.
#
# ==== Notes
# By using this method, a cookie key is marked for being
# included in the Set-Cookie response header.
#
# :api: public
def []=(key, value)
@_options_lookup[key] ||= {}
super
end
# Explicit assignment of cookie key, value and options
#
# ==== Parameters
# name<~to_s>:: Name of the cookie.
# value<~to_s>:: Value of the cookie.
# options<Hash>:: Additional options for the cookie (see below).
#
# ==== Options (options)
# :path<String>:: The path for which this cookie applies. Defaults to "/".
# :expires<Time>:: Cookie expiry date.
# :domain<String>:: The domain for which this cookie applies.
# :secure<Boolean>:: Security flag.
# :http_only<Boolean>:: HttpOnly cookies
#
# ==== Notes
# By using this method, a cookie key is marked for being
# included in the Set-Cookie response header.
#
# :api: private
def set_cookie(name, value, options = {})
@_options_lookup[name] = options
self[name] = value
end
# Removes the cookie on the client machine by setting the value to an empty
# string and setting its expiration date into the past.
#
# ==== Parameters
# name<~to_s>:: Name of the cookie to delete.
# options<Hash>:: Additional options to pass to +set_cookie+.
#
# :api: public
def delete(name, options = {})
set_cookie(name, "", options.merge("expires" => Time.at(0)))
end
# Generate any necessary headers.
#
# ==== Returns
# Hash:: The headers to set, or an empty array if no cookies are set.
#
# :api: private
def extract_headers(controller_defaults = {})
defaults = @_cookie_defaults.merge(controller_defaults)
cookies = []
self.each do |name, value|
# Only set cookies that marked for inclusion in the response header.
next unless @_options_lookup[name]
options = defaults.merge(@_options_lookup[name])
if (expiry = options["expires"]).respond_to?(:gmtime)
options["expires"] = expiry.gmtime.strftime(Merb::Const::COOKIE_EXPIRATION_FORMAT)
end
secure = options.delete("secure")
http_only = options.delete("http_only")
kookie = "#{name}=#{Merb::Parse.escape(value)}; "
# WebKit in particular doens't like empty cookie options - skip them.
options.each { |k, v| kookie << "#{k}=#{v}; " unless v.blank? }
kookie << 'secure; ' if secure
kookie << 'HttpOnly; ' if http_only
cookies << kookie.rstrip
end
cookies.empty? ? {} : { 'Set-Cookie' => cookies.join(Merb::Const::NEWLINE) }
end
end
module CookiesMixin
def self.included(base)
# Allow per-controller default cookie domains (see callback below)
base.class_inheritable_accessor :_default_cookie_domain
base._default_cookie_domain = Merb::Config[:default_cookie_domain]
# Add a callback to enable Set-Cookie headers
base._after_dispatch_callbacks << lambda do |c|
headers = c.request.cookies.extract_headers("domain" => c._default_cookie_domain)
c.headers.update(headers)
end
end
# ==== Returns
# Merb::Cookies::
# A new Merb::Cookies instance representing the cookies that came in
# from the request object
#
# ==== Notes
# Headers are passed into the cookie object so that you can do:
# cookies[:foo] = "bar"
#
# :api: public
def cookies
request.cookies
end
module RequestMixin
# ==== Returns
# Hash:: The cookies for this request.
#
# ==== Notes
# If a method #default_cookies is defined it will be called. This can
# be used for session fixation purposes for example. The method returns
# a Hash of key => value pairs.
#
# :api: public
def cookies
@cookies ||= begin
values = Merb::Parse.query(@env[Merb::Const::HTTP_COOKIE], ';,')
cookies = Merb::Cookies.new(values)
cookies.update(default_cookies) if respond_to?(:default_cookies)
cookies
end
end
end
end
end
|