WebResponse.php

Go to the documentation of this file.

<?php
class WebResponse {
 
    protected static $setCookies = [];
 
    protected static $disableForPostSend = false;
 
    public static function disableForPostSend() {
        self::$disableForPostSend = true;
    }
 
    public function header( $string, $replace = true, $http_response_code = null ) {
        if ( self::$disableForPostSend ) {
            wfDebugLog( 'header', 'ignored post-send header {header}', 'all', [
                'header' => $string,
                'replace' => $replace,
                'http_response_code' => $http_response_code,
                'exception' => new RuntimeException( 'Ignored post-send header' ),
            ] );
            return;
        }
 
        \MediaWiki\HeaderCallback::warnIfHeadersSent();
        if ( $http_response_code ) {
            header( $string, $replace, $http_response_code );
        } else {
            header( $string, $replace );
        }
    }
 
    public function getHeader( $key ) {
        foreach ( headers_list() as $header ) {
            list( $name, $val ) = explode( ':', $header, 2 );
            if ( !strcasecmp( $name, $key ) ) {
                return trim( $val );
            }
        }
        return null;
    }
 
    public function statusHeader( $code ) {
        if ( self::$disableForPostSend ) {
            wfDebugLog( 'header', 'ignored post-send status header {code}', 'all', [
                'code' => $code,
                'exception' => new RuntimeException( 'Ignored post-send status header' ),
            ] );
            return;
        }
 
        HttpStatus::header( $code );
    }
 
    public function headersSent() {
        return headers_sent();
    }
 
    public function setCookie( $name, $value, $expire = 0, $options = [] ) {
        global $wgCookiePath, $wgCookiePrefix, $wgCookieDomain;
        global $wgCookieSecure, $wgCookieExpiration, $wgCookieHttpOnly;
 
        $options = array_filter( $options, function ( $a ) {
            return $a !== null;
        } ) + [
            'prefix' => $wgCookiePrefix,
            'domain' => $wgCookieDomain,
            'path' => $wgCookiePath,
            'secure' => $wgCookieSecure,
            'httpOnly' => $wgCookieHttpOnly,
            'raw' => false,
        ];
 
        if ( $expire === null ) {
            $expire = 0; // Session cookie
        } elseif ( $expire == 0 && $wgCookieExpiration != 0 ) {
            $expire = time() + $wgCookieExpiration;
        }
 
        if ( self::$disableForPostSend ) {
            $cookie = $options['prefix'] . $name;
            wfDebugLog( 'cookie', 'ignored post-send cookie {cookie}', 'all', [
                'cookie' => $cookie,
                'data' => [
                    'name' => (string)$cookie,
                    'value' => (string)$value,
                    'expire' => (int)$expire,
                    'path' => (string)$options['path'],
                    'domain' => (string)$options['domain'],
                    'secure' => (bool)$options['secure'],
                    'httpOnly' => (bool)$options['httpOnly'],
                ],
                'exception' => new RuntimeException( 'Ignored post-send cookie' ),
            ] );
            return;
        }
 
        $func = $options['raw'] ? 'setrawcookie' : 'setcookie';
 
        if ( Hooks::run( 'WebResponseSetCookie', [ &$name, &$value, &$expire, &$options ] ) ) {
            // Note: Don't try to move this earlier to reuse it for self::$disableForPostSend,
            // we need to use the altered values from the hook here. (T198525)
            $cookie = $options['prefix'] . $name;
            $data = [
                'name' => (string)$cookie,
                'value' => (string)$value,
                'expire' => (int)$expire,
                'path' => (string)$options['path'],
                'domain' => (string)$options['domain'],
                'secure' => (bool)$options['secure'],
                'httpOnly' => (bool)$options['httpOnly'],
            ];
 
            // Per RFC 6265, key is name + domain + path
            $key = "{$data['name']}\n{$data['domain']}\n{$data['path']}";
 
            // If this cookie name was in the request, fake an entry in
            // self::$setCookies for it so the deleting check works right.
            if ( isset( $_COOKIE[$cookie] ) && !array_key_exists( $key, self::$setCookies ) ) {
                self::$setCookies[$key] = [];
            }
 
            // PHP deletes if value is the empty string; also, a past expiry is deleting
            $deleting = ( $data['value'] === '' || $data['expire'] > 0 && $data['expire'] <= time() );
 
            if ( $deleting && !isset( self::$setCookies[$key] ) ) { // isset( null ) is false
                wfDebugLog( 'cookie', 'already deleted ' . $func . ': "' . implode( '", "', $data ) . '"' );
            } elseif ( !$deleting && isset( self::$setCookies[$key] ) &&
                self::$setCookies[$key] === [ $func, $data ]
            ) {
                wfDebugLog( 'cookie', 'already set ' . $func . ': "' . implode( '", "', $data ) . '"' );
            } else {
                wfDebugLog( 'cookie', $func . ': "' . implode( '", "', $data ) . '"' );
                if ( $func( ...array_values( $data ) ) ) {
                    self::$setCookies[$key] = $deleting ? null : [ $func, $data ];
                }
            }
        }
    }
 
    public function clearCookie( $name, $options = [] ) {
        $this->setCookie( $name, '', time() - 31536000 /* 1 year */, $options );
    }
 
    public function hasCookies() {
        return (bool)self::$setCookies;
    }
}