search

bcit-ci / CodeIgniter

Open Source PHP Framework (originally from EllisLab)
https://codeigniter.com/
MIT License
18.27k stars 7.6k forks source link

set_cookie: foreach not consistent with preceding comment #6159

Closed rwalkerands closed 1 year ago

rwalkerands commented 2 years ago

Commit eb770fdc6d809bc7c28d499f897c0ab2c449f669 added the $samesite parameter to set_cookie(). But now there's a contradiction between the foreach and the comment on the immediately preceding line (system/core/Input.php lines 311-312):

  // always leave 'name' in last place, as the loop will break otherwise, due to $$item
  foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'httponly', 'name', 'samesite') as $item)

Either the comment or the code is wrong ....

Kenqr commented 2 years ago

The code is wrong.

If you pass an array as the first parameter to set_cookie, the samesite setting will be ignored, and defaults to $config['cookie_samesite'] from application/config/config.php.

set_cookie([
    'name' => 'foo',
    'value' => 'bar',
    'samesite' => 'None', // this is ignored
]);