REL1_35/php/OutputHandler_8php_source.html

<?php

namespace MediaWiki;


class OutputHandler {


    public static function handle( $s, $phase ) {

        global $wgDisableOutputCompression, $wgMangleFlashPolicy;

        if ( $phase | PHP_OUTPUT_HANDLER_CLEAN ) {

            // Don't send headers if output is being discarded (T278579)

            return $s;

        }

        if ( $wgMangleFlashPolicy ) {

            $s = self::mangleFlashPolicy( $s );

        }

        if ( !$wgDisableOutputCompression && !ini_get( 'zlib.output_compression' ) ) {

            if ( !defined( 'MW_NO_OUTPUT_COMPRESSION' ) ) {

                $s = self::handleGzip( $s );

            }

            if ( !ini_get( 'output_handler' ) ) {

                self::emitContentLength( strlen( $s ) );

            }

        }

        return $s;

    }


    private static function findUriExtension() {

        if ( isset( $_SERVER['REQUEST_URI'] ) ) {

            // Strip the query string...

            $path = explode( '?', $_SERVER['REQUEST_URI'], 2 )[0];

        } elseif ( isset( $_SERVER['SCRIPT_NAME'] ) ) {

            // Probably IIS. QUERY_STRING appears separately.

            $path = $_SERVER['SCRIPT_NAME'];

        } else {

            // Can't get the path from the server? :(

            return '';

        }


        $period = strrpos( $path, '.' );

        if ( $period !== false ) {

            return strtolower( substr( $path, $period ) );

        }

        return '';

    }


    private static function handleGzip( $s ) {

        if ( !function_exists( 'gzencode' ) ) {

            wfDebug( __METHOD__ . "() skipping compression (gzencode unavailable)" );

            return $s;

        }

        if ( headers_sent() ) {

            wfDebug( __METHOD__ . "() skipping compression (headers already sent)" );

            return $s;

        }


        $ext = self::findUriExtension();

        if ( $ext == '.gz' || $ext == '.tgz' ) {

            // Don't do gzip compression if the URL path ends in .gz or .tgz

            // This confuses Safari and triggers a download of the page,

            // even though it's pretty clearly labeled as viewable HTML.

            // Bad Safari! Bad!

            return $s;

        }


        if ( wfClientAcceptsGzip() ) {

            wfDebug( __METHOD__ . "() is compressing output" );

            header( 'Content-Encoding: gzip' );

            $s = gzencode( $s, 6 );

        }


        // Set vary header if it hasn't been set already

        $headers = headers_list();

        $foundVary = false;

        foreach ( $headers as $header ) {

            $headerName = strtolower( substr( $header, 0, 5 ) );

            if ( $headerName == 'vary:' ) {

                $foundVary = true;

                break;

            }

        }

        if ( !$foundVary ) {

            header( 'Vary: Accept-Encoding' );

        }

        return $s;

    }


    private static function mangleFlashPolicy( $s ) {

        # Avoid weird excessive memory usage in PCRE on big articles

        if ( preg_match( '/<\s*cross-domain-policy(?=\s|>)/i', $s ) ) {

            return preg_replace( '/<(\s*)(cross-domain-policy(?=\s|>))/i', '<$1NOT-$2', $s );

        } else {

            return $s;

        }

    }


    private static function emitContentLength( $length ) {

        if ( !headers_sent()

            && isset( $_SERVER['SERVER_PROTOCOL'] )

            && $_SERVER['SERVER_PROTOCOL'] == 'HTTP/1.0'

        ) {

            header( "Content-Length: $length" );

        }

    }


}


$wgDisableOutputCompression
$wgDisableOutputCompression
Disable output compression (enabled by default if zlib is available)
Definition DefaultSettings.php:3575

$wgMangleFlashPolicy
$wgMangleFlashPolicy
When OutputHandler is used, mangle any output that contains <cross-domain-policy>.
Definition DefaultSettings.php:3716

wfDebug
wfDebug( $text, $dest='all', array $context=[])
Sends a line to the debug log if enabled or, optionally, to a comment in output.
Definition GlobalFunctions.php:910

wfClientAcceptsGzip
wfClientAcceptsGzip( $force=false)
Whether the client accept gzip encoding.
Definition GlobalFunctions.php:1453

$path
$path
Definition NoLocalSettings.php:25

MediaWiki\OutputHandler
Definition OutputHandler.php:28

MediaWiki\OutputHandler\handle
static handle( $s, $phase)
Standard output handler for use with ob_start.
Definition OutputHandler.php:36

MediaWiki\OutputHandler\handleGzip
static handleGzip( $s)
Handler that compresses data with gzip if allowed by the Accept header.
Definition OutputHandler.php:94

MediaWiki\OutputHandler\emitContentLength
static emitContentLength( $length)
Add a Content-Length header if possible.
Definition OutputHandler.php:155

MediaWiki\OutputHandler\mangleFlashPolicy
static mangleFlashPolicy( $s)
Mangle flash policy tags which open up the site to XSS attacks.
Definition OutputHandler.php:141

MediaWiki\OutputHandler\findUriExtension
static findUriExtension()
Get the "file extension" that some client apps will estimate from the currently-requested URL.
Definition OutputHandler.php:66

$s
$s
Definition mergeMessageFileList.php:185

MediaWiki
A helper class for throttling authentication attempts.

$ext
if(!is_readable( $file)) $ext
Definition router.php:48

$header
$header
Definition updateCredits.php:41