MediaWiki REL1_30
WebResponse.php
Go to the documentation of this file.
1<?php
29
33 protected static $setCookies = [];
34
41 public function header( $string, $replace = true, $http_response_code = null ) {
42 \MediaWiki\HeaderCallback::warnIfHeadersSent();
43 if ( $http_response_code ) {
44 header( $string, $replace, $http_response_code );
45 } else {
46 header( $string, $replace );
47 }
48 }
49
56 public function getHeader( $key ) {
57 foreach ( headers_list() as $header ) {
58 list( $name, $val ) = explode( ':', $header, 2 );
59 if ( !strcasecmp( $name, $key ) ) {
60 return trim( $val );
61 }
62 }
63 return null;
64 }
65
71 public function statusHeader( $code ) {
73 }
74
80 public function headersSent() {
81 return headers_sent();
82 }
83
99 public function setCookie( $name, $value, $expire = 0, $options = [] ) {
102
103 $options = array_filter( $options, function ( $a ) {
104 return $a !== null;
105 } ) + [
106 'prefix' => $wgCookiePrefix,
107 'domain' => $wgCookieDomain,
108 'path' => $wgCookiePath,
109 'secure' => $wgCookieSecure,
110 'httpOnly' => $wgCookieHttpOnly,
111 'raw' => false,
112 ];
113
114 if ( $expire === null ) {
115 $expire = 0; // Session cookie
116 } elseif ( $expire == 0 && $wgCookieExpiration != 0 ) {
117 $expire = time() + $wgCookieExpiration;
118 }
119
120 $func = $options['raw'] ? 'setrawcookie' : 'setcookie';
121
122 if ( Hooks::run( 'WebResponseSetCookie', [ &$name, &$value, &$expire, &$options ] ) ) {
123 $cookie = $options['prefix'] . $name;
124 $data = [
125 'name' => (string)$cookie,
126 'value' => (string)$value,
127 'expire' => (int)$expire,
128 'path' => (string)$options['path'],
129 'domain' => (string)$options['domain'],
130 'secure' => (bool)$options['secure'],
131 'httpOnly' => (bool)$options['httpOnly'],
132 ];
133
134 // Per RFC 6265, key is name + domain + path
135 $key = "{$data['name']}\n{$data['domain']}\n{$data['path']}";
136
137 // If this cookie name was in the request, fake an entry in
138 // self::$setCookies for it so the deleting check works right.
139 if ( isset( $_COOKIE[$cookie] ) && !array_key_exists( $key, self::$setCookies ) ) {
140 self::$setCookies[$key] = [];
141 }
142
143 // PHP deletes if value is the empty string; also, a past expiry is deleting
144 $deleting = ( $data['value'] === '' || $data['expire'] > 0 && $data['expire'] <= time() );
145
146 if ( $deleting && !isset( self::$setCookies[$key] ) ) { // isset( null ) is false
147 wfDebugLog( 'cookie', 'already deleted ' . $func . ': "' . implode( '", "', $data ) . '"' );
148 } elseif ( !$deleting && isset( self::$setCookies[$key] ) &&
149 self::$setCookies[$key] === [ $func, $data ]
150 ) {
151 wfDebugLog( 'cookie', 'already set ' . $func . ': "' . implode( '", "', $data ) . '"' );
152 } else {
153 wfDebugLog( 'cookie', $func . ': "' . implode( '", "', $data ) . '"' );
154 if ( call_user_func_array( $func, array_values( $data ) ) ) {
155 self::$setCookies[$key] = $deleting ? null : [ $func, $data ];
156 }
157 }
158 }
159 }
160
170 public function clearCookie( $name, $options = [] ) {
171 $this->setCookie( $name, '', time() - 31536000 /* 1 year */, $options );
172 }
173
180 public function hasCookies() {
181 return (bool)self::$setCookies;
182 }
183}
184
189 private $headers;
190 private $cookies = [];
191 private $code;
192
199 public function header( $string, $replace = true, $http_response_code = null ) {
200 if ( substr( $string, 0, 5 ) == 'HTTP/' ) {
201 $parts = explode( ' ', $string, 3 );
202 $this->code = intval( $parts[1] );
203 } else {
204 list( $key, $val ) = array_map( 'trim', explode( ":", $string, 2 ) );
205
206 $key = strtoupper( $key );
207
208 if ( $replace || !isset( $this->headers[$key] ) ) {
209 $this->headers[$key] = $val;
210 }
211 }
212
213 if ( $http_response_code !== null ) {
214 $this->code = intval( $http_response_code );
215 }
216 }
217
222 public function statusHeader( $code ) {
223 $this->code = intval( $code );
224 }
225
226 public function headersSent() {
227 return false;
228 }
229
234 public function getHeader( $key ) {
235 $key = strtoupper( $key );
236
237 if ( isset( $this->headers[$key] ) ) {
238 return $this->headers[$key];
239 }
240 return null;
241 }
242
248 public function getStatusCode() {
249 return $this->code;
250 }
251
258 public function setCookie( $name, $value, $expire = 0, $options = [] ) {
261
262 $options = array_filter( $options, function ( $a ) {
263 return $a !== null;
264 } ) + [
265 'prefix' => $wgCookiePrefix,
266 'domain' => $wgCookieDomain,
267 'path' => $wgCookiePath,
268 'secure' => $wgCookieSecure,
269 'httpOnly' => $wgCookieHttpOnly,
270 'raw' => false,
271 ];
272
273 if ( $expire === null ) {
274 $expire = 0; // Session cookie
275 } elseif ( $expire == 0 && $wgCookieExpiration != 0 ) {
276 $expire = time() + $wgCookieExpiration;
277 }
278
279 $this->cookies[$options['prefix'] . $name] = [
280 'value' => (string)$value,
281 'expire' => (int)$expire,
282 'path' => (string)$options['path'],
283 'domain' => (string)$options['domain'],
284 'secure' => (bool)$options['secure'],
285 'httpOnly' => (bool)$options['httpOnly'],
286 'raw' => (bool)$options['raw'],
287 ];
288 }
289
294 public function getCookie( $name ) {
295 if ( isset( $this->cookies[$name] ) ) {
296 return $this->cookies[$name]['value'];
297 }
298 return null;
299 }
300
305 public function getCookieData( $name ) {
306 if ( isset( $this->cookies[$name] ) ) {
307 return $this->cookies[$name];
308 }
309 return null;
310 }
311
315 public function getCookies() {
316 return $this->cookies;
317 }
318}
$wgCookieExpiration
Default cookie lifetime, in seconds.
$wgCookieHttpOnly
Set authentication cookies to HttpOnly to prevent access by JavaScript, in browsers that support this...
$wgCookiePath
Set this variable if you want to restrict cookies to a certain path within the domain specified by $w...
$wgCookieDomain
Set to set an explicit domain on the login cookies eg, "justthis.domain.org" or "....
$wgCookieSecure
Whether the "secure" flag should be set on the cookie.
$wgCookiePrefix
Cookies generated by MediaWiki have names starting with this prefix.
wfDebugLog( $logGroup, $text, $dest='all', array $context=[])
Send a line to a supplementary debug log file, if configured, or main debug log if not.
header( $string, $replace=true, $http_response_code=null)
Stores a HTTP header.
statusHeader( $code)
setCookie( $name, $value, $expire=0, $options=[])
getStatusCode()
Get the HTTP response code, null if not set.
headersSent()
Test if headers have been sent.
getCookie( $name)
getCookieData( $name)
static header( $code)
Output an HTTP status code header.
Allow programs to request this object from WebRequest::response() and handle all outputting (or lack ...
setCookie( $name, $value, $expire=0, $options=[])
Set the browser cookie.
hasCookies()
Checks whether this request is performing cookie operations.
getHeader( $key)
Get a response header.
statusHeader( $code)
Output an HTTP status code header.
header( $string, $replace=true, $http_response_code=null)
Output an HTTP header, wrapper for PHP's header()
clearCookie( $name, $options=[])
Unset a browser cookie.
headersSent()
Test if headers have been sent.
static array $setCookies
Used to record set cookies, because PHP's setcookie() will happily send an identical Set-Cookie to th...
deferred txt A few of the database updates required by various functions here can be deferred until after the result page is displayed to the user For updating the view updating the linked to tables after a etc PHP does not yet have any way to tell the server to actually return and disconnect while still running these but it might have such a feature in the future We handle these by creating a deferred update object and putting those objects on a global list
Definition deferred.txt:11
it sets a lot of them automatically from cookies
Definition design.txt:93
design txt This is a brief overview of the new design More thorough and up to date information is available on the documentation wiki at etc Handles the details of getting and saving to the user table of the and dealing with sessions and cookies OutputPage Encapsulates the entire HTML page that will be sent in response to any server request It is used by calling its functions to add headers
Definition design.txt:18
This code would result in ircNotify being run twice when an article is and once for brion Hooks can return three possible true was required This is the default since MediaWiki *some string
Definition hooks.txt:181
null means default in associative array with keys and values unescaped Should be merged with default with a value of false meaning to suppress the attribute in associative array with keys and values unescaped & $options
Definition hooks.txt:1971
this hook is for auditing only or null if authentication failed before getting that far or null if we can t even determine that probably a stub it is not rendered in wiki pages or galleries in category pages allow injecting custom HTML after the section Any uses of the hook need to handle escaping see BaseTemplate::getToolbox and BaseTemplate::makeListItem for details on the format of individual items inside of this array or by returning and letting standard HTTP rendering take place modifiable or by returning false and taking over the output modifiable & $code
Definition hooks.txt:863
Allows to change the fields on the form that will be generated $name
Definition hooks.txt:302
$header