master/php/OutputHandler_8php_source.html

 <?php

 namespace MediaWiki;


 use MediaWiki\Logger\LoggerFactory;


 class OutputHandler {

     public static function handle( $s, $phase ) {

         $config = MediaWikiServices::getInstance()->getMainConfig();

         $disableOutputCompression = $config->get( MainConfigNames::DisableOutputCompression );

         $mangleFlashPolicy = $config->get( MainConfigNames::MangleFlashPolicy );

         // Don't send headers if output is being discarded (T278579)

         if ( ( $phase & PHP_OUTPUT_HANDLER_CLEAN ) === PHP_OUTPUT_HANDLER_CLEAN ) {

             $logger = LoggerFactory::getInstance( 'output' );

             $logger->debug( __METHOD__ . " entrypoint={entry}; size={size}; phase=$phase", [

                 'entry' => MW_ENTRY_POINT,

                 'size' => strlen( $s ),

             ] );


             return $s;

         }


         if ( $mangleFlashPolicy ) {

             $s = self::mangleFlashPolicy( $s );

         }


         // Check if a compression output buffer is already enabled via php.ini. Such

         // buffers exists at the start of the request and are reflected by ob_get_level().

         $phpHandlesCompression = (

             ini_get( 'output_handler' ) === 'ob_gzhandler' ||

             ini_get( 'zlib.output_handler' ) === 'ob_gzhandler' ||

             !in_array(

                 strtolower( ini_get( 'zlib.output_compression' ) ),

                 [ '', 'off', '0' ]

             )

         );


         if (

             // Compression is not already handled by an internal PHP buffer

             !$phpHandlesCompression &&

             // Compression is not disabled by the application entry point

             !defined( 'MW_NO_OUTPUT_COMPRESSION' ) &&

             // Compression is not disabled by site configuration

             !$disableOutputCompression

         ) {

             $s = self::handleGzip( $s );

         }


         if (

             // Response body length does not depend on internal PHP compression buffer

             !$phpHandlesCompression &&

             // Response body length does not depend on mangling by a custom buffer

             !ini_get( 'output_handler' ) &&

             !ini_get( 'zlib.output_handler' )

         ) {

             self::emitContentLength( strlen( $s ) );

         }


         return $s;

     }


     private static function findUriExtension() {

         // @todo FIXME: this sort of dupes some code in WebRequest::getRequestUrl()

         if ( isset( $_SERVER['REQUEST_URI'] ) ) {

             // Strip the query string...

             $path = explode( '?', $_SERVER['REQUEST_URI'], 2 )[0];

         } elseif ( isset( $_SERVER['SCRIPT_NAME'] ) ) {

             // Probably IIS. QUERY_STRING appears separately.

             $path = $_SERVER['SCRIPT_NAME'];

         } else {

             // Can't get the path from the server? :(

             return '';

         }


         $period = strrpos( $path, '.' );

         if ( $period !== false ) {

             return strtolower( substr( $path, $period ) );

         }

         return '';

     }


     private static function handleGzip( $s ) {

         if ( !function_exists( 'gzencode' ) ) {

             wfDebug( __METHOD__ . "() skipping compression (gzencode unavailable)" );

             return $s;

         }

         if ( headers_sent() ) {

             wfDebug( __METHOD__ . "() skipping compression (headers already sent)" );

             return $s;

         }


         $ext = self::findUriExtension();

         if ( $ext == '.gz' || $ext == '.tgz' ) {

             // Don't do gzip compression if the URL path ends in .gz or .tgz

             // This confuses Safari and triggers a download of the page,

             // even though it's pretty clearly labeled as viewable HTML.

             // Bad Safari! Bad!

             return $s;

         }


         if ( $s === '' ) {

             // Do not gzip empty HTTP responses since that would not only bloat the body

             // length, but it would result in invalid HTTP responses when the HTTP status code

             // is one that must not be accompanied by a body (e.g. "204 No Content").

             return $s;

         }


         if ( wfClientAcceptsGzip() ) {

             wfDebug( __METHOD__ . "() is compressing output" );

             header( 'Content-Encoding: gzip' );

             $s = gzencode( $s, 6 );

         }


         // Set vary header if it hasn't been set already

         $headers = headers_list();

         $foundVary = false;

         foreach ( $headers as $header ) {

             $headerName = strtolower( substr( $header, 0, 5 ) );

             if ( $headerName == 'vary:' ) {

                 $foundVary = true;

                 break;

             }

         }

         if ( !$foundVary ) {

             header( 'Vary: Accept-Encoding' );

         }

         return $s;

     }


     private static function mangleFlashPolicy( $s ) {

         # Avoid weird excessive memory usage in PCRE on big articles

         if ( preg_match( '/<\s*cross-domain-policy(?=\s|>)/i', $s ) ) {

             return preg_replace( '/<(\s*)(cross-domain-policy(?=\s|>))/i', '<$1NOT-$2', $s );

         } else {

             return $s;

         }

     }


     private static function emitContentLength( $length ) {

         if ( headers_sent() ) {

             wfDebug( __METHOD__ . "() headers already sent" );

             return;

         }


         if (

             in_array( http_response_code(), [ 200, 404 ], true ) ||

             ( $_SERVER['SERVER_PROTOCOL'] ?? null ) === 'HTTP/1.0'

         ) {

             header( "Content-Length: $length" );

         }

     }

 }

wfDebug
wfDebug( $text, $dest='all', array $context=[])
Sends a line to the debug log if enabled or, optionally, to a comment in output.
Definition: GlobalFunctions.php:659

wfClientAcceptsGzip
wfClientAcceptsGzip( $force=false)
Whether the client accept gzip encoding.
Definition: GlobalFunctions.php:1181

$path
$path
Definition: NoLocalSettings.php:25

MW_ENTRY_POINT
const MW_ENTRY_POINT
Definition: api.php:41

MediaWiki\Logger\LoggerFactory
PSR-3 logger instance factory.
Definition: LoggerFactory.php:45

MediaWiki\OutputHandler
Definition: OutputHandler.php:30

MediaWiki\OutputHandler\handle
static handle( $s, $phase)
Standard output handler for use with ob_start.
Definition: OutputHandler.php:41

MediaWiki\OutputHandler\handleGzip
static handleGzip( $s)
Handler that compresses data with gzip if allowed by the Accept header.
Definition: OutputHandler.php:135

MediaWiki\OutputHandler\emitContentLength
static emitContentLength( $length)
Set the Content-Length header if possible.
Definition: OutputHandler.php:213

MediaWiki\OutputHandler\mangleFlashPolicy
static mangleFlashPolicy( $s)
Mangle flash policy tags which open up the site to XSS attacks.
Definition: OutputHandler.php:189

MediaWiki\OutputHandler\findUriExtension
static findUriExtension()
Get the "file extension" that some client apps will estimate from the currently-requested URL.
Definition: OutputHandler.php:105

MediaWiki
The MediaWiki class is the helper class for the index.php entry point.
Definition: MediaWiki.php:38

$s
foreach( $mmfl['setupFiles'] as $fileName) if( $queue) if(empty( $mmfl['quiet'])) $s
Definition: mergeMessageFileList.php:208

$ext
if(!is_readable( $file)) $ext
Definition: router.php:48

$header
$header
Definition: updateCredits.php:37