WP_Http_Cookie::test( string $url ): bool

Confirms that it’s OK to send this cookie to the URL checked against.

Description

Decision is based on RFC 2109/2965, so look there for details on validity.

Parameters

$urlstringrequired
URL you intend to send this cookie to

Return

bool true if allowed, false otherwise.

Source

public function test( $url ) {
	if ( is_null( $this->name ) ) {
		return false;
	}

	// Expires - if expired then nothing else matters.
	if ( isset( $this->expires ) && time() > $this->expires ) {
		return false;
	}

	// Get details on the URL we're thinking about sending to.
	$url         = parse_url( $url );
	$url['port'] = isset( $url['port'] ) ? $url['port'] : ( 'https' === $url['scheme'] ? 443 : 80 );
	$url['path'] = isset( $url['path'] ) ? $url['path'] : '/';

	// Values to use for comparison against the URL.
	$path   = isset( $this->path ) ? $this->path : '/';
	$port   = isset( $this->port ) ? $this->port : null;
	$domain = isset( $this->domain ) ? strtolower( $this->domain ) : strtolower( $url['host'] );
	if ( false === stripos( $domain, '.' ) ) {
		$domain .= '.local';
	}

	// Host - very basic check that the request URL ends with the domain restriction (minus leading dot).
	$domain = ( str_starts_with( $domain, '.' ) ) ? substr( $domain, 1 ) : $domain;
	if ( ! str_ends_with( $url['host'], $domain ) ) {
		return false;
	}

	// Port - supports "port-lists" in the format: "80,8000,8080".
	if ( ! empty( $port ) && ! in_array( $url['port'], array_map( 'intval', explode( ',', $port ) ), true ) ) {
		return false;
	}

	// Path - request path must start with path restriction.
	if ( ! str_starts_with( $url['path'], $path ) ) {
		return false;
	}

	return true;
}

Changelog

VersionDescription
2.8.0Introduced.

User Contributed Notes

You must log in before being able to contribute a note or feedback.