REL1_37/php/OutputHandler_8php_source.html

<?php

namespace MediaWiki;


use MediaWiki\Logger\LoggerFactory;


class OutputHandler {


    public static function handle( $s, $phase ) {

        global $wgDisableOutputCompression, $wgMangleFlashPolicy;


        // Don't send headers if output is being discarded (T278579)

        if ( ( $phase & PHP_OUTPUT_HANDLER_CLEAN ) === PHP_OUTPUT_HANDLER_CLEAN ) {

            $logger = LoggerFactory::getInstance( 'output' );

            $logger->debug( __METHOD__ . " entrypoint={entry}; size={size}; phase=$phase", [

                'entry' => MW_ENTRY_POINT,

                'size' => strlen( $s ),

            ] );


            return $s;

        }


        if ( $wgMangleFlashPolicy ) {

            $s = self::mangleFlashPolicy( $s );

        }


        // Sanity check if a compression output buffer is already enabled via php.ini. Such

        // buffers exists at the start of the request and are reflected by ob_get_level().

        $phpHandlesCompression = (

            ini_get( 'output_handler' ) === 'ob_gzhandler' ||

            ini_get( 'zlib.output_handler' ) === 'ob_gzhandler' ||

            !in_array(

                strtolower( ini_get( 'zlib.output_compression' ) ),

                [ '', 'off', '0' ]

            )

        );


        if (

            // Compression is not already handled by an internal PHP buffer

            !$phpHandlesCompression &&

            // Compression is not disabled by the application entry point

            !defined( 'MW_NO_OUTPUT_COMPRESSION' ) &&

            // Compression is not disabled by site configuration

            !$wgDisableOutputCompression

        ) {

            $s = self::handleGzip( $s );

        }


        if (

            // Response body length does not depend on internal PHP compression buffer

            !$phpHandlesCompression &&

            // Response body length does not depend on mangling by a custom buffer

            !ini_get( 'output_handler' ) &&

            !ini_get( 'zlib.output_handler' )

        ) {

            self::emitContentLength( strlen( $s ) );

        }


        return $s;

    }


    private static function findUriExtension() {

        // @todo FIXME: this sort of dupes some code in WebRequest::getRequestUrl()

        if ( isset( $_SERVER['REQUEST_URI'] ) ) {

            // Strip the query string...

            $path = explode( '?', $_SERVER['REQUEST_URI'], 2 )[0];

        } elseif ( isset( $_SERVER['SCRIPT_NAME'] ) ) {

            // Probably IIS. QUERY_STRING appears separately.

            $path = $_SERVER['SCRIPT_NAME'];

        } else {

            // Can't get the path from the server? :(

            return '';

        }


        $period = strrpos( $path, '.' );

        if ( $period !== false ) {

            return strtolower( substr( $path, $period ) );

        }

        return '';

    }


    private static function handleGzip( $s ) {

        if ( !function_exists( 'gzencode' ) ) {

            wfDebug( __METHOD__ . "() skipping compression (gzencode unavailable)" );

            return $s;

        }

        if ( headers_sent() ) {

            wfDebug( __METHOD__ . "() skipping compression (headers already sent)" );

            return $s;

        }


        $ext = self::findUriExtension();

        if ( $ext == '.gz' || $ext == '.tgz' ) {

            // Don't do gzip compression if the URL path ends in .gz or .tgz

            // This confuses Safari and triggers a download of the page,

            // even though it's pretty clearly labeled as viewable HTML.

            // Bad Safari! Bad!

            return $s;

        }


        if ( $s === '' ) {

            // Do not gzip empty HTTP responses since that would not only bloat the body

            // length, but it would result in invalid HTTP responses when the HTTP status code

            // is one that must not be accompanied by a body (e.g. "204 No Content").

            return $s;

        }


        if ( wfClientAcceptsGzip() ) {

            wfDebug( __METHOD__ . "() is compressing output" );

            header( 'Content-Encoding: gzip' );

            $s = gzencode( $s, 6 );

        }


        // Set vary header if it hasn't been set already

        $headers = headers_list();

        $foundVary = false;

        foreach ( $headers as $header ) {

            $headerName = strtolower( substr( $header, 0, 5 ) );

            if ( $headerName == 'vary:' ) {

                $foundVary = true;

                break;

            }

        }

        if ( !$foundVary ) {

            header( 'Vary: Accept-Encoding' );

        }

        return $s;

    }


    private static function mangleFlashPolicy( $s ) {

        # Avoid weird excessive memory usage in PCRE on big articles

        if ( preg_match( '/<\s*cross-domain-policy(?=\s|>)/i', $s ) ) {

            return preg_replace( '/<(\s*)(cross-domain-policy(?=\s|>))/i', '<$1NOT-$2', $s );

        } else {

            return $s;

        }

    }


    private static function emitContentLength( $length ) {

        if ( headers_sent() ) {

            wfDebug( __METHOD__ . "() headers already sent" );

            return;

        }


        if (

            in_array( http_response_code(), [ 200, 404 ], true ) ||

            ( $_SERVER['SERVER_PROTOCOL'] ?? null ) === 'HTTP/1.0'

        ) {

            header( "Content-Length: $length" );

        }

    }


}


$wgDisableOutputCompression
$wgDisableOutputCompression
Disable output compression (enabled by default if zlib is available)
Definition DefaultSettings.php:3851

$wgMangleFlashPolicy
$wgMangleFlashPolicy
When OutputHandler is used, mangle any output that contains <cross-domain-policy>.
Definition DefaultSettings.php:3992

wfDebug
wfDebug( $text, $dest='all', array $context=[])
Sends a line to the debug log if enabled or, optionally, to a comment in output.
Definition GlobalFunctions.php:894

wfClientAcceptsGzip
wfClientAcceptsGzip( $force=false)
Whether the client accept gzip encoding.
Definition GlobalFunctions.php:1421

$path
$path
Definition NoLocalSettings.php:25

MW_ENTRY_POINT
const MW_ENTRY_POINT
Definition api.php:41

MediaWiki\Logger\LoggerFactory
PSR-3 logger instance factory.
Definition LoggerFactory.php:45

MediaWiki\OutputHandler
Definition OutputHandler.php:30

MediaWiki\OutputHandler\handle
static handle( $s, $phase)
Standard output handler for use with ob_start.
Definition OutputHandler.php:41

MediaWiki\OutputHandler\handleGzip
static handleGzip( $s)
Handler that compresses data with gzip if allowed by the Accept header.
Definition OutputHandler.php:134

MediaWiki\OutputHandler\emitContentLength
static emitContentLength( $length)
Set the Content-Length header if possible.
Definition OutputHandler.php:212

MediaWiki\OutputHandler\mangleFlashPolicy
static mangleFlashPolicy( $s)
Mangle flash policy tags which open up the site to XSS attacks.
Definition OutputHandler.php:188

MediaWiki\OutputHandler\findUriExtension
static findUriExtension()
Get the "file extension" that some client apps will estimate from the currently-requested URL.
Definition OutputHandler.php:104

$s
foreach( $mmfl['setupFiles'] as $fileName) if($queue) if(empty( $mmfl['quiet'])) $s
Definition mergeMessageFileList.php:206

MediaWiki
A helper class for throttling authentication attempts.

$ext
if(!is_readable( $file)) $ext
Definition router.php:48

$header
$header
Definition updateCredits.php:37