Merge pull request laravel#9150 from franzliedke/unencrypted-cookies

[5.1] Disable encryption for certain cookies
ebynum · Jun 9, 2015 · ad8a241 · ad8a241
2 parents 614eff5 + 7a114d0
commit ad8a241
Showing 1 changed file with 37 additions and 0 deletions.
diff --git a/src/Illuminate/Cookie/Middleware/EncryptCookies.php b/src/Illuminate/Cookie/Middleware/EncryptCookies.php
@@ -18,6 +18,13 @@ class EncryptCookies
      */
     protected $encrypter;
 
+    /**
+     * The names of all cookies for which encryption is disabled.
+     *
+     * @var array
+     */
+    protected static $disabled = [];
+
     /**
      * Create a new CookieGuard instance.
      *
@@ -29,6 +36,17 @@ public function __construct(EncrypterContract $encrypter)
         $this->encrypter = $encrypter;
     }
 
+    /**
+     * Disable encryption for the given cookie name(s).
+     *
+     * @param string|array $cookieName
+     * @return void
+     */
+    public static function disableFor($cookieName)
+    {
+        static::$disabled[] = array_merge(static::$disabled, (array) $cookieName);
+    }
+
     /**
      * Handle an incoming request.
      *
@@ -50,6 +68,10 @@ public function handle($request, Closure $next)
     protected function decrypt(Request $request)
     {
         foreach ($request->cookies as $key => $c) {
+            if ($this->isDisabled($key)) {
+                continue;
+            }
+
             try {
                 $request->cookies->set($key, $this->decryptCookie($c));
             } catch (DecryptException $e) {
@@ -99,6 +121,10 @@ protected function decryptArray(array $cookie)
     protected function encrypt(Response $response)
     {
         foreach ($response->headers->getCookies() as $key => $cookie) {
+            if ($this->isDisabled($key)) {
+                continue;
+            }
+
             $response->headers->setCookie($this->duplicate(
                 $cookie, $this->encrypter->encrypt($cookie->getValue())
             ));
@@ -121,4 +147,15 @@ protected function duplicate(Cookie $c, $value)
             $c->getDomain(), $c->isSecure(), $c->isHttpOnly()
         );
     }
+
+    /**
+     * Determine whether encryption has been disabled for the given cookie.
+     *
+     * @param string $name
+     * @return bool
+     */
+    protected function isDisabled($name)
+    {
+        return in_array($name, static::$disabled);
+    }
 }