REL1_35/php/WebResponse_8php_source.html

<?php

use Wikimedia\Http\SetCookieCompat;


class WebResponse {


    protected static $setCookies = [];


    protected static $disableForPostSend = false;


    public static function disableForPostSend() {

        self::$disableForPostSend = true;

    }


    public function header( $string, $replace = true, $http_response_code = null ) {

        if ( self::$disableForPostSend ) {

            wfDebugLog( 'header', 'ignored post-send header {header}', 'all', [

                'header' => $string,

                'replace' => $replace,

                'http_response_code' => $http_response_code,

                'exception' => new RuntimeException( 'Ignored post-send header' ),

            ] );

            return;

        }


        \MediaWiki\HeaderCallback::warnIfHeadersSent();

        if ( $http_response_code ) {

            header( $string, $replace, $http_response_code );

        } else {

            header( $string, $replace );

        }

    }


    public function getHeader( $key ) {

        foreach ( headers_list() as $header ) {

            list( $name, $val ) = explode( ':', $header, 2 );

            if ( !strcasecmp( $name, $key ) ) {

                return trim( $val );

            }

        }

        return null;

    }


    public function statusHeader( $code ) {

        if ( self::$disableForPostSend ) {

            wfDebugLog( 'header', 'ignored post-send status header {code}', 'all', [

                'code' => $code,

                'exception' => new RuntimeException( 'Ignored post-send status header' ),

            ] );

            return;

        }


        HttpStatus::header( $code );

    }


    public function headersSent() {

        return headers_sent();

    }


    public function setCookie( $name, $value, $expire = 0, $options = [] ) {

        global $wgCookiePath, $wgCookiePrefix, $wgCookieDomain;

        global $wgCookieSecure, $wgCookieExpiration, $wgCookieHttpOnly;

        global $wgUseSameSiteLegacyCookies;


        $options = array_filter( $options, function ( $a ) {

            return $a !== null;

        } ) + [

            'prefix' => $wgCookiePrefix,

            'domain' => $wgCookieDomain,

            'path' => $wgCookiePath,

            'secure' => $wgCookieSecure,

            'httpOnly' => $wgCookieHttpOnly,

            'raw' => false,

            'sameSite' => '',

            'sameSiteLegacy' => $wgUseSameSiteLegacyCookies

        ];


        if ( strcasecmp( $options['sameSite'], 'none' ) === 0

            && !empty( $options['sameSiteLegacy'] )

        ) {

            $legacyOptions = $options;

            $legacyOptions['sameSiteLegacy'] = false;

            $legacyOptions['sameSite'] = '';

            $this->setCookie( "ss0-$name",  $value, $expire, $legacyOptions );

        }


        if ( $expire === null ) {

            $expire = 0; // Session cookie

        } elseif ( $expire == 0 && $wgCookieExpiration != 0 ) {

            $expire = time() + $wgCookieExpiration;

        }


        if ( self::$disableForPostSend ) {

            $prefixedName = $options['prefix'] . $name;

            wfDebugLog( 'cookie', 'ignored post-send cookie {cookie}', 'all', [

                'cookie' => $prefixedName,

                'data' => [

                    'name' => $prefixedName,

                    'value' => (string)$value,

                    'expire' => (int)$expire,

                    'path' => (string)$options['path'],

                    'domain' => (string)$options['domain'],

                    'secure' => (bool)$options['secure'],

                    'httpOnly' => (bool)$options['httpOnly'],

                    'sameSite' => (string)$options['sameSite']

                ],

                'exception' => new RuntimeException( 'Ignored post-send cookie' ),

            ] );

            return;

        }


        if ( !Hooks::runner()->onWebResponseSetCookie( $name, $value, $expire, $options ) ) {

            return;

        }


        // Note: Don't try to move this earlier to reuse it for self::$disableForPostSend,

        // we need to use the altered values from the hook here. (T198525)

        $prefixedName = $options['prefix'] . $name;

        $value = (string)$value;

        $func = $options['raw'] ? 'setrawcookie' : 'setcookie';

        $setOptions = [

            'expires' => (int)$expire,

            'path' => (string)$options['path'],

            'domain' => (string)$options['domain'],

            'secure' => (bool)$options['secure'],

            'httponly' => (bool)$options['httpOnly'],

            'samesite' => (string)$options['sameSite'],

        ];


        // Per RFC 6265, key is name + domain + path

        $key = "{$prefixedName}\n{$setOptions['domain']}\n{$setOptions['path']}";


        // If this cookie name was in the request, fake an entry in

        // self::$setCookies for it so the deleting check works right.

        if ( isset( $_COOKIE[$prefixedName] ) && !array_key_exists( $key, self::$setCookies ) ) {

            self::$setCookies[$key] = [];

        }


        // PHP deletes if value is the empty string; also, a past expiry is deleting

        $deleting = ( $value === '' || $setOptions['expires'] > 0 && $setOptions['expires'] <= time() );


        $logDesc = "$func: \"$prefixedName\", \"$value\", \"" .

            implode( '", "', $setOptions ) . '"';

        $optionsForDeduplication = [ $func, $prefixedName, $value, $setOptions ];


        if ( $deleting && !isset( self::$setCookies[$key] ) ) { // isset( null ) is false

            wfDebugLog( 'cookie', "already deleted $logDesc" );

            return;

        } elseif ( !$deleting && isset( self::$setCookies[$key] ) &&

            self::$setCookies[$key] === $optionsForDeduplication

        ) {

            wfDebugLog( 'cookie', "already set $logDesc" );

            return;

        }


        wfDebugLog( 'cookie', $logDesc );

        if ( $func === 'setrawcookie' ) {

            SetCookieCompat::setrawcookie( $prefixedName, $value, $setOptions );

        } else {

            SetCookieCompat::setcookie( $prefixedName, $value, $setOptions );

        }

        self::$setCookies[$key] = $deleting ? null : $optionsForDeduplication;

    }


    public function clearCookie( $name, $options = [] ) {

        $this->setCookie( $name, '', time() - 31536000 /* 1 year */, $options );

    }


    public function hasCookies() {

        return (bool)self::$setCookies;

    }


}


$wgCookieExpiration
$wgCookieExpiration
Default cookie lifetime, in seconds.
Definition DefaultSettings.php:6479

$wgUseSameSiteLegacyCookies
bool $wgUseSameSiteLegacyCookies
If true, when a cross-site cookie with SameSite=None is sent, a legacy cookie with an "ss0" prefix wi...
Definition DefaultSettings.php:6555

$wgCookieHttpOnly
$wgCookieHttpOnly
Set authentication cookies to HttpOnly to prevent access by JavaScript, in browsers that support this...
Definition DefaultSettings.php:6533

$wgCookiePath
$wgCookiePath
Set this variable if you want to restrict cookies to a certain path within the domain specified by $w...
Definition DefaultSettings.php:6499

$wgCookieDomain
$wgCookieDomain
Set to set an explicit domain on the login cookies eg, "justthis.domain.org" or "....
Definition DefaultSettings.php:6493

$wgCookieSecure
$wgCookieSecure
Whether the "secure" flag should be set on the cookie.
Definition DefaultSettings.php:6511

$wgCookiePrefix
$wgCookiePrefix
Cookies generated by MediaWiki have names starting with this prefix.
Definition DefaultSettings.php:6526

wfDebugLog
wfDebugLog( $logGroup, $text, $dest='all', array $context=[])
Send a line to a supplementary debug log file, if configured, or main debug log if not.
Definition GlobalFunctions.php:989

WebResponse
Allow programs to request this object from WebRequest::response() and handle all outputting (or lack ...
Definition WebResponse.php:30

WebResponse\setCookie
setCookie( $name, $value, $expire=0, $options=[])
Set the browser cookie.
Definition WebResponse.php:141

WebResponse\hasCookies
hasCookies()
Checks whether this request is performing cookie operations.
Definition WebResponse.php:265

WebResponse\$disableForPostSend
static bool $disableForPostSend
Used to disable setters before running jobs post-request (T191537)
Definition WebResponse.php:38

WebResponse\getHeader
getHeader( $key)
Get a response header.
Definition WebResponse.php:84

WebResponse\statusHeader
statusHeader( $code)
Output an HTTP status code header.
Definition WebResponse.php:99

WebResponse\disableForPostSend
static disableForPostSend()
Disable setters for post-send processing.
Definition WebResponse.php:49

WebResponse\header
header( $string, $replace=true, $http_response_code=null)
Output an HTTP header, wrapper for PHP's header()
Definition WebResponse.php:59

WebResponse\clearCookie
clearCookie( $name, $options=[])
Unset a browser cookie.
Definition WebResponse.php:255

WebResponse\headersSent
headersSent()
Test if headers have been sent.
Definition WebResponse.php:116

WebResponse\$setCookies
static array $setCookies
Used to record set cookies, because PHP's setcookie() will happily send an identical Set-Cookie to th...
Definition WebResponse.php:35

Wikimedia\Http\SetCookieCompat
Definition SetCookieCompat.php:9

$header
$header
Definition updateCredits.php:41