MediaWiki  1.30.0
OutputHandler.php
Go to the documentation of this file.
1 <?php
30 function wfOutputHandler( $s ) {
31  global $wgDisableOutputCompression, $wgValidateAllHtml, $wgMangleFlashPolicy;
32  if ( $wgMangleFlashPolicy ) {
33  $s = wfMangleFlashPolicy( $s );
34  }
35  if ( $wgValidateAllHtml ) {
36  $headers = headers_list();
37  $isHTML = false;
38  foreach ( $headers as $header ) {
39  $parts = explode( ':', $header, 2 );
40  if ( count( $parts ) !== 2 ) {
41  continue;
42  }
43  $name = strtolower( trim( $parts[0] ) );
44  $value = trim( $parts[1] );
45  if ( $name == 'content-type' && ( strpos( $value, 'text/html' ) === 0
46  || strpos( $value, 'application/xhtml+xml' ) === 0 )
47  ) {
48  $isHTML = true;
49  break;
50  }
51  }
52  if ( $isHTML ) {
53  $s = wfHtmlValidationHandler( $s );
54  }
55  }
56  if ( !$wgDisableOutputCompression && !ini_get( 'zlib.output_compression' ) ) {
57  if ( !defined( 'MW_NO_OUTPUT_COMPRESSION' ) ) {
58  $s = wfGzipHandler( $s );
59  }
60  if ( !ini_get( 'output_handler' ) ) {
61  wfDoContentLength( strlen( $s ) );
62  }
63  }
64  return $s;
65 }
66 
75 function wfRequestExtension() {
77  if ( isset( $_SERVER['REQUEST_URI'] ) ) {
78  // Strip the query string...
79  list( $path ) = explode( '?', $_SERVER['REQUEST_URI'], 2 );
80  } elseif ( isset( $_SERVER['SCRIPT_NAME'] ) ) {
81  // Probably IIS. QUERY_STRING appears separately.
82  $path = $_SERVER['SCRIPT_NAME'];
83  } else {
84  // Can't get the path from the server? :(
85  return '';
86  }
87 
88  $period = strrpos( $path, '.' );
89  if ( $period !== false ) {
90  return strtolower( substr( $path, $period ) );
91  }
92  return '';
93 }
94 
103 function wfGzipHandler( $s ) {
104  if ( !function_exists( 'gzencode' ) ) {
105  wfDebug( __FUNCTION__ . "() skipping compression (gzencode unavailable)\n" );
106  return $s;
107  }
108  if ( headers_sent() ) {
109  wfDebug( __FUNCTION__ . "() skipping compression (headers already sent)\n" );
110  return $s;
111  }
112 
113  $ext = wfRequestExtension();
114  if ( $ext == '.gz' || $ext == '.tgz' ) {
115  // Don't do gzip compression if the URL path ends in .gz or .tgz
116  // This confuses Safari and triggers a download of the page,
117  // even though it's pretty clearly labeled as viewable HTML.
118  // Bad Safari! Bad!
119  return $s;
120  }
121 
122  if ( wfClientAcceptsGzip() ) {
123  wfDebug( __FUNCTION__ . "() is compressing output\n" );
124  header( 'Content-Encoding: gzip' );
125  $s = gzencode( $s, 6 );
126  }
127 
128  // Set vary header if it hasn't been set already
129  $headers = headers_list();
130  $foundVary = false;
131  foreach ( $headers as $header ) {
132  $headerName = strtolower( substr( $header, 0, 5 ) );
133  if ( $headerName == 'vary:' ) {
134  $foundVary = true;
135  break;
136  }
137  }
138  if ( !$foundVary ) {
139  header( 'Vary: Accept-Encoding' );
140  global $wgUseKeyHeader;
141  if ( $wgUseKeyHeader ) {
142  header( 'Key: Accept-Encoding;match=gzip' );
143  }
144  }
145  return $s;
146 }
147 
155 function wfMangleFlashPolicy( $s ) {
156  # Avoid weird excessive memory usage in PCRE on big articles
157  if ( preg_match( '/<\s*cross-domain-policy(?=\s|>)/i', $s ) ) {
158  return preg_replace( '/<(\s*)(cross-domain-policy(?=\s|>))/i', '<$1NOT-$2', $s );
159  } else {
160  return $s;
161  }
162 }
163 
169 function wfDoContentLength( $length ) {
170  if ( !headers_sent()
171  && isset( $_SERVER['SERVER_PROTOCOL'] )
172  && $_SERVER['SERVER_PROTOCOL'] == 'HTTP/1.0'
173  ) {
174  header( "Content-Length: $length" );
175  }
176 }
177 
185 function wfHtmlValidationHandler( $s ) {
186  $errors = '';
187  if ( MWTidy::checkErrors( $s, $errors ) ) {
188  return $s;
189  }
190 
191  header( 'Cache-Control: no-cache' );
192 
193  $out = Html::element( 'h1', null, 'HTML validation error' );
194  $out .= Html::openElement( 'ul' );
195 
196  $error = strtok( $errors, "\n" );
197  $badLines = [];
198  while ( $error !== false ) {
199  if ( preg_match( '/^line (\d+)/', $error, $m ) ) {
200  $lineNum = intval( $m[1] );
201  $badLines[$lineNum] = true;
202  $out .= Html::rawElement( 'li', null,
203  Html::element( 'a', [ 'href' => "#line-{$lineNum}" ], $error ) ) . "\n";
204  }
205  $error = strtok( "\n" );
206  }
207 
208  $out .= Html::closeElement( 'ul' );
209  $out .= Html::element( 'pre', null, $errors );
210  $out .= Html::openElement( 'ol' ) . "\n";
211  $line = strtok( $s, "\n" );
212  $i = 1;
213  while ( $line !== false ) {
214  $attrs = [];
215  if ( isset( $badLines[$i] ) ) {
216  $attrs['class'] = 'highlight';
217  $attrs['id'] = "line-$i";
218  }
219  $out .= Html::element( 'li', $attrs, $line ) . "\n";
220  $line = strtok( "\n" );
221  $i++;
222  }
223  $out .= Html::closeElement( 'ol' );
224 
225  $style = <<<CSS
226 .highlight { background-color: #ffc }
227 li { white-space: pre }
228 CSS;
229 
230  $out = Html::htmlHeader( [ 'lang' => 'en', 'dir' => 'ltr' ] ) .
231  Html::rawElement( 'head', null,
232  Html::element( 'title', null, 'HTML validation error' ) .
233  Html::inlineStyle( $style ) ) .
234  Html::rawElement( 'body', null, $out ) .
235  Html::closeElement( 'html' );
236 
237  return $out;
238 }
$wgMangleFlashPolicy
$wgMangleFlashPolicy
When OutputHandler is used, mangle any output that contains <cross-domain-policy>.
Definition: DefaultSettings.php:3505
captcha-old.count
count
Definition: captcha-old.py:249
wfMangleFlashPolicy
wfMangleFlashPolicy( $s)
Mangle flash policy tags which open up the site to XSS attacks.
Definition: OutputHandler.php:155
Html\htmlHeader
static htmlHeader(array $attribs=[])
Constructs the opening html-tag with necessary doctypes depending on global variables.
Definition: Html.php:886
$s
$s
Definition: mergeMessageFileList.php:188
$name
Allows to change the fields on the form that will be generated $name
Definition: hooks.txt:302
php
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition: injection.txt:35
Html\closeElement
static closeElement( $element)
Returns "</$element>".
Definition: Html.php:309
$wgUseKeyHeader
$wgUseKeyHeader
Send the Key HTTP header for better caching.
Definition: DefaultSettings.php:2667
wfHtmlValidationHandler
wfHtmlValidationHandler( $s)
Replace the output with an error if the HTML is not valid.
Definition: OutputHandler.php:185
global
when a variable name is used in a it is silently declared as a new masking the global
Definition: design.txt:93
wfDebug
wfDebug( $text, $dest='all', array $context=[])
Sends a line to the debug log if enabled or, optionally, to a comment in output.
Definition: GlobalFunctions.php:1047
list
deferred txt A few of the database updates required by various functions here can be deferred until after the result page is displayed to the user For updating the view updating the linked to tables after a etc PHP does not yet have any way to tell the server to actually return and disconnect while still running these but it might have such a feature in the future We handle these by creating a deferred update object and putting those objects on a global list
Definition: deferred.txt:11
$line
$line
Definition: cdb.php:58
$value
$value
Definition: styleTest.css.php:45
wfClientAcceptsGzip
wfClientAcceptsGzip( $force=false)
Whether the client accept gzip encoding.
Definition: GlobalFunctions.php:1669
$header
$header
Definition: updateCredits.php:35
Html\inlineStyle
static inlineStyle( $contents, $media='all')
Output a "<style>" tag with the given contents for the given media type (if any).
Definition: Html.php:594
$wgDisableOutputCompression
$wgDisableOutputCompression
Disable output compression (enabled by default if zlib is available)
Definition: DefaultSettings.php:3353
wfGzipHandler
wfGzipHandler( $s)
Handler that compresses data with gzip if allowed by the Accept header.
Definition: OutputHandler.php:103
wfOutputHandler
wfOutputHandler( $s)
Standard output handler for use with ob_start.
Definition: OutputHandler.php:30
$ext
$ext
Definition: NoLocalSettings.php:25
color
in the sidebar</td >< td > font color
Definition: All_system_messages.txt:425
$path
$path
Definition: NoLocalSettings.php:26
as
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such as
Definition: distributors.txt:9
Html\openElement
static openElement( $element, $attribs=[])
Identical to rawElement(), but has no third parameter and omits the end tag (and the self-closing '/'...
Definition: Html.php:251
Html\rawElement
static rawElement( $element, $attribs=[], $contents='')
Returns an HTML element in a string.
Definition: Html.php:209
wfDoContentLength
wfDoContentLength( $length)
Add a Content-Length header if possible.
Definition: OutputHandler.php:169
Html\element
static element( $element, $attribs=[], $contents='')
Identical to rawElement(), but HTML-escapes $contents (like Xml::element()).
Definition: Html.php:231
MWTidy\checkErrors
static checkErrors( $text, &$errorStr=null)
Check HTML for errors, used if $wgValidateAllHtml = true.
Definition: MWTidy.php:63
$wgValidateAllHtml
$wgValidateAllHtml
Validate the overall output using tidy and refuse to display the page if it's not valid.
Definition: DefaultSettings.php:3253
$out
this hook is for auditing only or null if authentication failed before getting that far or null if we can t even determine that probably a stub it is not rendered in wiki pages or galleries in category pages allow injecting custom HTML after the section Any uses of the hook need to handle escaping see BaseTemplate::getToolbox and BaseTemplate::makeListItem for details on the format of individual items inside of this array or by returning and letting standard HTTP rendering take place modifiable or by returning false and taking over the output $out
Definition: hooks.txt:781
wfRequestExtension
wfRequestExtension()
Get the "file extension" that some client apps will estimate from the currently-requested URL.
Definition: OutputHandler.php:75