master/php/WebRequest_8php_source.html

 <?php
 use MediaWiki\MediaWikiServices;
 use MediaWiki\Session\Session;
 use MediaWiki\Session\SessionId;
 use MediaWiki\Session\SessionManager;

 // The point of this class is to be a wrapper around super globals
 // phpcs:disable MediaWiki.Usage.SuperGlobalsUsage.SuperGlobals

 class WebRequest {
     protected $data, $headers = [];

     const GETHEADER_LIST = 1;

     private static $reqId;

     private $response;

     private $ip;

     protected $requestTime;

     protected $protocol;

     protected $sessionId = null;

     protected $markedAsSafe = false;

     public function __construct() {
         $this->requestTime = $_SERVER['REQUEST_TIME_FLOAT'];

         // POST overrides GET data
         // We don't use $_REQUEST here to avoid interference from cookies...
         $this->data = $_POST + $_GET;
     }

     public static function getPathInfo( $want = 'all' ) {
         global $wgUsePathInfo;
         // PATH_INFO is mangled due to https://bugs.php.net/bug.php?id=31892
         // And also by Apache 2.x, double slashes are converted to single slashes.
         // So we will use REQUEST_URI if possible.
         $matches = [];
         if ( !empty( $_SERVER['REQUEST_URI'] ) ) {
             // Slurp out the path portion to examine...
             $url = $_SERVER['REQUEST_URI'];
             if ( !preg_match( '!^https?://!', $url ) ) {
                 $url = 'http://unused' . $url;
             }
             Wikimedia\suppressWarnings();
             $a = parse_url( $url );
             Wikimedia\restoreWarnings();
             if ( $a ) {
                 $path = $a['path'] ?? '';

                 global $wgScript;
                 if ( $path == $wgScript && $want !== 'all' ) {
                     // Script inside a rewrite path?
                     // Abort to keep from breaking...
                     return $matches;
                 }

                 $router = new PathRouter;

                 // Raw PATH_INFO style
                 $router->add( "$wgScript/$1" );

                 if ( isset( $_SERVER['SCRIPT_NAME'] )
                     && preg_match( '/\.php/', $_SERVER['SCRIPT_NAME'] )
                 ) {
                     # Check for SCRIPT_NAME, we handle index.php explicitly
                     # But we do have some other .php files such as img_auth.php
                     # Don't let root article paths clober the parsing for them
                     $router->add( $_SERVER['SCRIPT_NAME'] . "/$1" );
                 }

                 global $wgArticlePath;
                 if ( $wgArticlePath ) {
                     $router->add( $wgArticlePath );
                 }

                 global $wgActionPaths;
                 if ( $wgActionPaths ) {
                     $router->add( $wgActionPaths, [ 'action' => '$key' ] );
                 }

                 global $wgVariantArticlePath;
                 if ( $wgVariantArticlePath ) {
                     $router->add( $wgVariantArticlePath,
                         [ 'variant' => '$2' ],
                         [ '$2' => MediaWikiServices::getInstance()->getContentLanguage()->
                         getVariants() ]
                     );
                 }

                 Hooks::run( 'WebRequestPathInfoRouter', [ $router ] );

                 $matches = $router->parse( $path );
             }
         } elseif ( $wgUsePathInfo ) {
             if ( isset( $_SERVER['ORIG_PATH_INFO'] ) && $_SERVER['ORIG_PATH_INFO'] != '' ) {
                 // Mangled PATH_INFO
                 // https://bugs.php.net/bug.php?id=31892
                 // Also reported when ini_get('cgi.fix_pathinfo')==false
                 $matches['title'] = substr( $_SERVER['ORIG_PATH_INFO'], 1 );

             } elseif ( isset( $_SERVER['PATH_INFO'] ) && $_SERVER['PATH_INFO'] != '' ) {
                 // Regular old PATH_INFO yay
                 $matches['title'] = substr( $_SERVER['PATH_INFO'], 1 );
             }
         }

         return $matches;
     }

     public static function detectServer() {
         global $wgAssumeProxiesUseDefaultProtocolPorts;

         $proto = self::detectProtocol();
         $stdPort = $proto === 'https' ? 443 : 80;

         $varNames = [ 'HTTP_HOST', 'SERVER_NAME', 'HOSTNAME', 'SERVER_ADDR' ];
         $host = 'localhost';
         $port = $stdPort;
         foreach ( $varNames as $varName ) {
             if ( !isset( $_SERVER[$varName] ) ) {
                 continue;
             }

             $parts = IP::splitHostAndPort( $_SERVER[$varName] );
             if ( !$parts ) {
                 // Invalid, do not use
                 continue;
             }

             $host = $parts[0];
             if ( $wgAssumeProxiesUseDefaultProtocolPorts && isset( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) ) {
                 // T72021: Assume that upstream proxy is running on the default
                 // port based on the protocol. We have no reliable way to determine
                 // the actual port in use upstream.
                 $port = $stdPort;
             } elseif ( $parts[1] === false ) {
                 if ( isset( $_SERVER['SERVER_PORT'] ) ) {
                     $port = $_SERVER['SERVER_PORT'];
                 } // else leave it as $stdPort
             } else {
                 $port = $parts[1];
             }
             break;
         }

         return $proto . '://' . IP::combineHostAndPort( $host, $port, $stdPort );
     }

     public static function detectProtocol() {
         if ( ( !empty( $_SERVER['HTTPS'] ) && $_SERVER['HTTPS'] !== 'off' ) ||
             ( isset( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) &&
             $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https' ) ) {
             return 'https';
         } else {
             return 'http';
         }
     }

     public function getElapsedTime() {
         return microtime( true ) - $this->requestTime;
     }

     public static function getRequestId() {
         // This method is called from various error handlers and should be kept simple.

         if ( self::$reqId ) {
             return self::$reqId;
         }

         global $wgAllowExternalReqID;

         self::$reqId = $_SERVER['UNIQUE_ID'] ?? wfRandomString( 24 );
         if ( $wgAllowExternalReqID ) {
             $id = RequestContext::getMain()->getRequest()->getHeader( 'X-Request-Id' );
             if ( $id ) {
                 self::$reqId = $id;
             }
         }

         return self::$reqId;
     }

     public static function overrideRequestId( $id ) {
         self::$reqId = $id;
     }

     public function getProtocol() {
         if ( $this->protocol === null ) {
             $this->protocol = self::detectProtocol();
         }
         return $this->protocol;
     }

     public function interpolateTitle() {
         // T18019: title interpolation on API queries is useless and sometimes harmful
         if ( defined( 'MW_API' ) ) {
             return;
         }

         $matches = self::getPathInfo( 'title' );
         foreach ( $matches as $key => $val ) {
             $this->data[$key] = $_GET[$key] = $_REQUEST[$key] = $val;
         }
     }

     static function extractTitle( $path, $bases, $key = false ) {
         foreach ( (array)$bases as $keyValue => $base ) {
             // Find the part after $wgArticlePath
             $base = str_replace( '$1', '', $base );
             $baseLen = strlen( $base );
             if ( substr( $path, 0, $baseLen ) == $base ) {
                 $raw = substr( $path, $baseLen );
                 if ( $raw !== '' ) {
                     $matches = [ 'title' => rawurldecode( $raw ) ];
                     if ( $key ) {
                         $matches[$key] = $keyValue;
                     }
                     return $matches;
                 }
             }
         }
         return [];
     }

     public function normalizeUnicode( $data ) {
         if ( is_array( $data ) ) {
             foreach ( $data as $key => $val ) {
                 $data[$key] = $this->normalizeUnicode( $val );
             }
         } else {
             $contLang = MediaWikiServices::getInstance()->getContentLanguage();
             $data = $contLang ? $contLang->normalize( $data ) :
                 UtfNormal\Validator::cleanUp( $data );
         }
         return $data;
     }

     private function getGPCVal( $arr, $name, $default ) {
         # PHP is so nice to not touch input data, except sometimes:
         # https://www.php.net/variables.external#language.variables.external.dot-in-names
         # Work around PHP *feature* to avoid *bugs* elsewhere.
         $name = strtr( $name, '.', '_' );
         if ( isset( $arr[$name] ) ) {
             $data = $arr[$name];
             if ( isset( $_GET[$name] ) && is_string( $data ) ) {
                 # Check for alternate/legacy character encoding.
                 $contLang = MediaWikiServices::getInstance()->getContentLanguage();
                 $data = $contLang->checkTitleEncoding( $data );
             }
             $data = $this->normalizeUnicode( $data );
             return $data;
         } else {
             return $default;
         }
     }

     public function getRawVal( $name, $default = null ) {
         $name = strtr( $name, '.', '_' ); // See comment in self::getGPCVal()
         if ( isset( $this->data[$name] ) && !is_array( $this->data[$name] ) ) {
             $val = $this->data[$name];
         } else {
             $val = $default;
         }
         if ( is_null( $val ) ) {
             return $val;
         } else {
             return (string)$val;
         }
     }

     public function getVal( $name, $default = null ) {
         $val = $this->getGPCVal( $this->data, $name, $default );
         if ( is_array( $val ) ) {
             $val = $default;
         }
         if ( is_null( $val ) ) {
             return $val;
         } else {
             return (string)$val;
         }
     }

     public function setVal( $key, $value ) {
         $ret = $this->data[$key] ?? null;
         $this->data[$key] = $value;
         return $ret;
     }

     public function unsetVal( $key ) {
         if ( !isset( $this->data[$key] ) ) {
             $ret = null;
         } else {
             $ret = $this->data[$key];
             unset( $this->data[$key] );
         }
         return $ret;
     }

     public function getArray( $name, $default = null ) {
         $val = $this->getGPCVal( $this->data, $name, $default );
         if ( is_null( $val ) ) {
             return null;
         } else {
             return (array)$val;
         }
     }

     public function getIntArray( $name, $default = null ) {
         $val = $this->getArray( $name, $default );
         if ( is_array( $val ) ) {
             $val = array_map( 'intval', $val );
         }
         return $val;
     }

     public function getInt( $name, $default = 0 ) {
         return intval( $this->getRawVal( $name, $default ) );
     }

     public function getIntOrNull( $name ) {
         $val = $this->getRawVal( $name );
         return is_numeric( $val )
             ? intval( $val )
             : null;
     }

     public function getFloat( $name, $default = 0.0 ) {
         return floatval( $this->getRawVal( $name, $default ) );
     }

     public function getBool( $name, $default = false ) {
         return (bool)$this->getRawVal( $name, $default );
     }

     public function getFuzzyBool( $name, $default = false ) {
         return $this->getBool( $name, $default )
             && strcasecmp( $this->getRawVal( $name ), 'false' ) !== 0;
     }

     public function getCheck( $name ) {
         # Checkboxes and buttons are only present when clicked
         # Presence connotes truth, absence false
         return $this->getRawVal( $name, null ) !== null;
     }

     public function getText( $name, $default = '' ) {
         $val = $this->getVal( $name, $default );
         return str_replace( "\r\n", "\n", $val );
     }

     public function getValues() {
         $names = func_get_args();
         if ( count( $names ) == 0 ) {
             $names = array_keys( $this->data );
         }

         $retVal = [];
         foreach ( $names as $name ) {
             $value = $this->getGPCVal( $this->data, $name, null );
             if ( !is_null( $value ) ) {
                 $retVal[$name] = $value;
             }
         }
         return $retVal;
     }

     public function getValueNames( $exclude = [] ) {
         return array_diff( array_keys( $this->getValues() ), $exclude );
     }

     public function getQueryValues() {
         return $_GET;
     }

     public function getPostValues() {
         return $_POST;
     }

     public function getRawQueryString() {
         return $_SERVER['QUERY_STRING'];
     }

     public function getRawPostString() {
         if ( !$this->wasPosted() ) {
             return '';
         }
         return $this->getRawInput();
     }

     public function getRawInput() {
         static $input = null;
         if ( $input === null ) {
             $input = file_get_contents( 'php://input' );
         }
         return $input;
     }

     public function getMethod() {
         return $_SERVER['REQUEST_METHOD'] ?? 'GET';
     }

     public function wasPosted() {
         return $this->getMethod() == 'POST';
     }

     public function getSession() {
         if ( $this->sessionId !== null ) {
             $session = SessionManager::singleton()->getSessionById( (string)$this->sessionId, true, $this );
             if ( $session ) {
                 return $session;
             }
         }

         $session = SessionManager::singleton()->getSessionForRequest( $this );
         $this->sessionId = $session->getSessionId();
         return $session;
     }

     public function setSessionId( SessionId $sessionId ) {
         $this->sessionId = $sessionId;
     }

     public function getSessionId() {
         return $this->sessionId;
     }

     public function getCookie( $key, $prefix = null, $default = null ) {
         if ( $prefix === null ) {
             global $wgCookiePrefix;
             $prefix = $wgCookiePrefix;
         }
         return $this->getGPCVal( $_COOKIE, $prefix . $key, $default );
     }

     public static function getGlobalRequestURL() {
         // This method is called on fatal errors; it should not depend on anything complex.

         if ( isset( $_SERVER['REQUEST_URI'] ) && strlen( $_SERVER['REQUEST_URI'] ) ) {
             $base = $_SERVER['REQUEST_URI'];
         } elseif ( isset( $_SERVER['HTTP_X_ORIGINAL_URL'] )
             && strlen( $_SERVER['HTTP_X_ORIGINAL_URL'] )
         ) {
             // Probably IIS; doesn't set REQUEST_URI
             $base = $_SERVER['HTTP_X_ORIGINAL_URL'];
         } elseif ( isset( $_SERVER['SCRIPT_NAME'] ) ) {
             $base = $_SERVER['SCRIPT_NAME'];
             if ( isset( $_SERVER['QUERY_STRING'] ) && $_SERVER['QUERY_STRING'] != '' ) {
                 $base .= '?' . $_SERVER['QUERY_STRING'];
             }
         } else {
             // This shouldn't happen!
             throw new MWException( "Web server doesn't provide either " .
                 "REQUEST_URI, HTTP_X_ORIGINAL_URL or SCRIPT_NAME. Report details " .
                 "of your web server configuration to https://phabricator.wikimedia.org/" );
         }
         // User-agents should not send a fragment with the URI, but
         // if they do, and the web server passes it on to us, we
         // need to strip it or we get false-positive redirect loops
         // or weird output URLs
         $hash = strpos( $base, '#' );
         if ( $hash !== false ) {
             $base = substr( $base, 0, $hash );
         }

         if ( $base[0] == '/' ) {
             // More than one slash will look like it is protocol relative
             return preg_replace( '!^/+!', '/', $base );
         } else {
             // We may get paths with a host prepended; strip it.
             return preg_replace( '!^[^:]+://[^/]+/+!', '/', $base );
         }
     }

     public function getRequestURL() {
         return self::getGlobalRequestURL();
     }

     public function getFullRequestURL() {
         // Pass an explicit PROTO constant instead of PROTO_CURRENT so that we
         // do not rely on state from the global $wgRequest object (which it would,
         // via wfGetServerUrl/wfExpandUrl/$wgRequest->protocol).
         if ( $this->getProtocol() === 'http' ) {
             return wfGetServerUrl( PROTO_HTTP ) . $this->getRequestURL();
         } else {
             return wfGetServerUrl( PROTO_HTTPS ) . $this->getRequestURL();
         }
     }

     public function appendQueryValue( $key, $value ) {
         return $this->appendQueryArray( [ $key => $value ] );
     }

     public function appendQueryArray( $array ) {
         $newquery = $this->getQueryValues();
         unset( $newquery['title'] );
         $newquery = array_merge( $newquery, $array );

         return wfArrayToCgi( $newquery );
     }

     public function getLimitOffset( $deflimit = 50, $optionname = 'rclimit' ) {
         global $wgUser;

         $limit = $this->getInt( 'limit', 0 );
         if ( $limit < 0 ) {
             $limit = 0;
         }
         if ( ( $limit == 0 ) && ( $optionname != '' ) ) {
             $limit = $wgUser->getIntOption( $optionname );
         }
         if ( $limit <= 0 ) {
             $limit = $deflimit;
         }
         if ( $limit > 5000 ) {
             $limit = 5000; # We have *some* limits...
         }

         $offset = $this->getInt( 'offset', 0 );
         if ( $offset < 0 ) {
             $offset = 0;
         }

         return [ $limit, $offset ];
     }

     public function getFileTempname( $key ) {
         $file = new WebRequestUpload( $this, $key );
         return $file->getTempName();
     }

     public function getUploadError( $key ) {
         $file = new WebRequestUpload( $this, $key );
         return $file->getError();
     }

     public function getFileName( $key ) {
         $file = new WebRequestUpload( $this, $key );
         return $file->getName();
     }

     public function getUpload( $key ) {
         return new WebRequestUpload( $this, $key );
     }

     public function response() {
         /* Lazy initialization of response object for this request */
         if ( !is_object( $this->response ) ) {
             $class = ( $this instanceof FauxRequest ) ? FauxResponse::class : WebResponse::class;
             $this->response = new $class();
         }
         return $this->response;
     }

     protected function initHeaders() {
         if ( count( $this->headers ) ) {
             return;
         }

         $apacheHeaders = function_exists( 'apache_request_headers' ) ? apache_request_headers() : false;
         if ( $apacheHeaders ) {
             foreach ( $apacheHeaders as $tempName => $tempValue ) {
                 $this->headers[strtoupper( $tempName )] = $tempValue;
             }
         } else {
             foreach ( $_SERVER as $name => $value ) {
                 if ( substr( $name, 0, 5 ) === 'HTTP_' ) {
                     $name = str_replace( '_', '-', substr( $name, 5 ) );
                     $this->headers[$name] = $value;
                 } elseif ( $name === 'CONTENT_LENGTH' ) {
                     $this->headers['CONTENT-LENGTH'] = $value;
                 }
             }
         }
     }

     public function getAllHeaders() {
         $this->initHeaders();
         return $this->headers;
     }

     public function getHeader( $name, $flags = 0 ) {
         $this->initHeaders();
         $name = strtoupper( $name );
         if ( !isset( $this->headers[$name] ) ) {
             return false;
         }
         $value = $this->headers[$name];
         if ( $flags & self::GETHEADER_LIST ) {
             $value = array_map( 'trim', explode( ',', $value ) );
         }
         return $value;
     }

     public function getSessionData( $key ) {
         return $this->getSession()->get( $key );
     }

     public function setSessionData( $key, $data ) {
         $this->getSession()->set( $key, $data );
     }

     public function checkUrlExtension( $extWhitelist = [] ) {
         $extWhitelist[] = 'php';
         if ( IEUrlExtension::areServerVarsBad( $_SERVER, $extWhitelist ) ) {
             if ( !$this->wasPosted() ) {
                 $newUrl = IEUrlExtension::fixUrlForIE6(
                     $this->getFullRequestURL(), $extWhitelist );
                 if ( $newUrl !== false ) {
                     $this->doSecurityRedirect( $newUrl );
                     return false;
                 }
             }
             throw new HttpError( 403,
                 'Invalid file extension found in the path info or query string.' );
         }
         return true;
     }

     protected function doSecurityRedirect( $url ) {
         header( 'Location: ' . $url );
         header( 'Content-Type: text/html' );
         $encUrl = htmlspecialchars( $url );
         echo <<<HTML
 <!DOCTYPE html>
 <html>
 <head>
 <title>Security redirect</title>
 </head>
 <body>
 <h1>Security redirect</h1>
 <p>
 We can't serve non-HTML content from the URL you have requested, because
 Internet Explorer would interpret it as an incorrect and potentially dangerous
 content type.</p>
 <p>Instead, please use <a href="$encUrl">this URL</a>, which is the same as the
 URL you have requested, except that "&amp;*" is appended. This prevents Internet
 Explorer from seeing a bogus file extension.
 </p>
 </body>
 </html>
 HTML;
         echo "\n";
         return true;
     }

     public function getAcceptLang() {
         // Modified version of code found at
         // http://www.thefutureoftheweb.com/blog/use-accept-language-header
         $acceptLang = $this->getHeader( 'Accept-Language' );
         if ( !$acceptLang ) {
             return [];
         }

         // Return the language codes in lower case
         $acceptLang = strtolower( $acceptLang );

         // Break up string into pieces (languages and q factors)
         $lang_parse = null;
         preg_match_all(
             '/([a-z]{1,8}(-[a-z]{1,8})*|\*)\s*(;\s*q\s*=\s*(1(\.0{0,3})?|0(\.[0-9]{0,3})?)?)?/',
             $acceptLang,
             $lang_parse
         );

         if ( !count( $lang_parse[1] ) ) {
             return [];
         }

         $langcodes = $lang_parse[1];
         $qvalues = $lang_parse[4];
         $indices = range( 0, count( $lang_parse[1] ) - 1 );

         // Set default q factor to 1
         foreach ( $indices as $index ) {
             if ( $qvalues[$index] === '' ) {
                 $qvalues[$index] = 1;
             } elseif ( $qvalues[$index] == 0 ) {
                 unset( $langcodes[$index], $qvalues[$index], $indices[$index] );
             }
         }

         // Sort list. First by $qvalues, then by order. Reorder $langcodes the same way
         array_multisort( $qvalues, SORT_DESC, SORT_NUMERIC, $indices, $langcodes );

         // Create a list like "en" => 0.8
         $langs = array_combine( $langcodes, $qvalues );

         return $langs;
     }

     protected function getRawIP() {
         if ( !isset( $_SERVER['REMOTE_ADDR'] ) ) {
             return null;
         }

         if ( is_array( $_SERVER['REMOTE_ADDR'] ) || strpos( $_SERVER['REMOTE_ADDR'], ',' ) !== false ) {
             throw new MWException( __METHOD__
                 . " : Could not determine the remote IP address due to multiple values." );
         } else {
             $ipchain = $_SERVER['REMOTE_ADDR'];
         }

         return IP::canonicalize( $ipchain );
     }

     public function getIP() {
         global $wgUsePrivateIPs;

         # Return cached result
         if ( $this->ip !== null ) {
             return $this->ip;
         }

         # collect the originating ips
         $ip = $this->getRawIP();
         if ( !$ip ) {
             throw new MWException( 'Unable to determine IP.' );
         }

         # Append XFF
         $forwardedFor = $this->getHeader( 'X-Forwarded-For' );
         if ( $forwardedFor !== false ) {
             $proxyLookup = MediaWikiServices::getInstance()->getProxyLookup();
             $isConfigured = $proxyLookup->isConfiguredProxy( $ip );
             $ipchain = array_map( 'trim', explode( ',', $forwardedFor ) );
             $ipchain = array_reverse( $ipchain );
             array_unshift( $ipchain, $ip );

             # Step through XFF list and find the last address in the list which is a
             # trusted server. Set $ip to the IP address given by that trusted server,
             # unless the address is not sensible (e.g. private). However, prefer private
             # IP addresses over proxy servers controlled by this site (more sensible).
             # Note that some XFF values might be "unknown" with Squid/Varnish.
             foreach ( $ipchain as $i => $curIP ) {
                 $curIP = IP::sanitizeIP( IP::canonicalize( $curIP ) );
                 if ( !$curIP || !isset( $ipchain[$i + 1] ) || $ipchain[$i + 1] === 'unknown'
                     || !$proxyLookup->isTrustedProxy( $curIP )
                 ) {
                     break; // IP is not valid/trusted or does not point to anything
                 }
                 if (
                     IP::isPublic( $ipchain[$i + 1] ) ||
                     $wgUsePrivateIPs ||
                     $proxyLookup->isConfiguredProxy( $curIP ) // T50919; treat IP as sane
                 ) {
                     // Follow the next IP according to the proxy
                     $nextIP = IP::canonicalize( $ipchain[$i + 1] );
                     if ( !$nextIP && $isConfigured ) {
                         // We have not yet made it past CDN/proxy servers of this site,
                         // so either they are misconfigured or there is some IP spoofing.
                         throw new MWException( "Invalid IP given in XFF '$forwardedFor'." );
                     }
                     $ip = $nextIP;
                     // keep traversing the chain
                     continue;
                 }
                 break;
             }
         }

         # Allow extensions to improve our guess
         Hooks::run( 'GetIP', [ &$ip ] );

         if ( !$ip ) {
             throw new MWException( "Unable to determine IP." );
         }

         wfDebug( "IP: $ip\n" );
         $this->ip = $ip;
         return $ip;
     }

     public function setIP( $ip ) {
         $this->ip = $ip;
     }

     public function hasSafeMethod() {
         if ( !isset( $_SERVER['REQUEST_METHOD'] ) ) {
             return false; // CLI mode
         }

         return in_array( $_SERVER['REQUEST_METHOD'], [ 'GET', 'HEAD', 'OPTIONS', 'TRACE' ] );
     }

     public function isSafeRequest() {
         if ( $this->markedAsSafe && $this->wasPosted() ) {
             return true; // marked as a "safe" POST
         }

         return $this->hasSafeMethod();
     }

     public function markAsSafeRequest() {
         $this->markedAsSafe = true;
     }
 }
WebRequest\getRawVal
getRawVal( $name, $default=null)
Fetch a scalar from the input without normalization, or return $default if it&#39;s not set...
Definition: WebRequest.php:424

WebRequest\checkUrlExtension
checkUrlExtension( $extWhitelist=[])
Check if Internet Explorer will detect an incorrect cache extension in PATH_INFO or QUERY_STRING...
Definition: WebRequest.php:1089

data
and how to run hooks for an and one after Each event has a preferably in CamelCase For ArticleDelete hook A clump of code and data that should be run when an event happens This can be either a function and a chunk of data
Definition: hooks.txt:6

WebRequest\getPostValues
getPostValues()
Get the values passed via POST.
Definition: WebRequest.php:675

WebRequest\$requestTime
float $requestTime
The timestamp of the start of the request, with microsecond precision.
Definition: WebRequest.php:72

WebRequest\getInt
getInt( $name, $default=0)
Fetch an integer value from the input or return $default if not set.
Definition: WebRequest.php:534

WebRequest\getRawPostString
getRawPostString()
Return the contents of the POST with no decoding.
Definition: WebRequest.php:696

$wgScript
$wgScript
The URL path to index.php.
Definition: DefaultSettings.php:186

WebRequest\getRequestId
static getRequestId()
Get the unique request ID.
Definition: WebRequest.php:275

IP

WebRequest\getHeader
getHeader( $name, $flags=0)
Get a request header, or false if it isn&#39;t set.
Definition: WebRequest.php:1044

$input
if(is_array( $mode)) switch( $mode) $input
Definition: postprocess-phan.php:142

WebRequest\setSessionData
setSessionData( $key, $data)
Set session data.
Definition: WebRequest.php:1075

WebRequest

SessionManager

WebRequest\getFullRequestURL
getFullRequestURL()
Return the request URI with the canonical service and hostname, path, and query string.
Definition: WebRequest.php:866

$ret
null means default in associative array with keys and values unescaped Should be merged with default with a value of false meaning to suppress the attribute in associative array with keys and values unescaped noclasses & $ret
Definition: hooks.txt:1972

use
Apache License January AND DISTRIBUTION Definitions License shall mean the terms and conditions for use
Definition: APACHE-LICENSE-2.0.txt:3

WebRequest\getVal
getVal( $name, $default=null)
Fetch a scalar from the input or return $default if it&#39;s not set.
Definition: WebRequest.php:448

$file
if(PHP_SAPI !='cli-server') if(!isset( $_SERVER['SCRIPT_FILENAME'])) $file
Definition: router.php:42

$wgCookiePrefix
$wgCookiePrefix
Cookies generated by MediaWiki have names starting with this prefix.
Definition: DefaultSettings.php:6048

$wgActionPaths
$wgActionPaths
Definition: img_auth.php:47

WebRequest\setVal
setVal( $key, $value)
Set an arbitrary value into our get/post data.
Definition: WebRequest.php:467

WebRequest\response
response()
Return a handle to WebResponse style object, for setting cookies, headers and other stuff...
Definition: WebRequest.php:988

WebRequest\unsetVal
unsetVal( $key)
Unset an arbitrary value from our get/post data.
Definition: WebRequest.php:479

WebRequest\$protocol
string $protocol
Cached URL protocol.
Definition: WebRequest.php:78

SessionId

IP\combineHostAndPort
static combineHostAndPort( $host, $port, $defaultPort=false)
Given a host name and a port, combine them into host/port string like you might find in a URL...
Definition: IP.php:302

$value
$value
Definition: styleTest.css.php:46

WebRequest\$data
$data
Definition: WebRequest.php:42

MediaWikiServices
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency MediaWikiServices
Definition: injection.txt:23

$wgAllowExternalReqID
$wgAllowExternalReqID
Whether to respect/honour the request ID provided by the incoming request via the X-Request-Id header...
Definition: DefaultSettings.php:8438

WebRequest\getFileName
getFileName( $key)
Return the original filename of the uploaded file, as reported by the submitting user agent...
Definition: WebRequest.php:967

WebRequest\GETHEADER_LIST
const GETHEADER_LIST
Flag to make WebRequest::getHeader return an array of values.
Definition: WebRequest.php:48

WebRequest\getSession
getSession()
Return the session for this request.
Definition: WebRequest.php:750

WebRequest\getFloat
getFloat( $name, $default=0.0)
Fetch a floating point value from the input or return $default if not set.
Definition: WebRequest.php:563

wfGetServerUrl
wfGetServerUrl( $proto)
Get the wiki&#39;s "server", i.e.
Definition: GlobalFunctions.php:568

$wgArticlePath
$wgArticlePath
Definition: img_auth.php:46

WebRequest\initHeaders
initHeaders()
Initialise the header list.
Definition: WebRequest.php:1000

title
title
Definition: parserTests.txt:245

WebRequest\$ip
string $ip
Cached client IP address.
Definition: WebRequest.php:66

WebRequest\normalizeUnicode
normalizeUnicode( $data)
Recursively normalizes UTF-8 strings in the given array.
Definition: WebRequest.php:372

MediaWiki\Session\Session

WebRequest\getBool
getBool( $name, $default=false)
Fetch a boolean value from the input or return $default if not set.
Definition: WebRequest.php:576

WebRequest\getCheck
getCheck( $name)
Return true if the named value is set in the input, whatever that value is (even "0").
Definition: WebRequest.php:602

wfArrayToCgi
wfArrayToCgi( $array1, $array2=null, $prefix='')
This function takes one or two arrays as input, and returns a CGI-style string, e.g.
Definition: GlobalFunctions.php:346

HttpError
Show an error that looks like an HTTP server error.
Definition: HttpError.php:30

WebRequest\getAllHeaders
getAllHeaders()
Get an array containing all request headers.
Definition: WebRequest.php:1027

WebRequest\extractTitle
static extractTitle( $path, $bases, $key=false)
URL rewriting function; tries to extract page title and, optionally, one other fixed parameter value ...
Definition: WebRequest.php:346

WebRequest\detectServer
static detectServer()
Work out an appropriate URL prefix containing scheme and host, based on information detected from $_S...
Definition: WebRequest.php:200

WebRequest\getLimitOffset
getLimitOffset( $deflimit=50, $optionname='rclimit')
Check for limit and offset parameters on the input, and return sensible defaults if not given...
Definition: WebRequest.php:909

PROTO_HTTPS
const PROTO_HTTPS
Definition: Defines.php:200

RequestContext\getMain
static getMain()
Get the RequestContext object associated with the main request.
Definition: RequestContext.php:427

WebRequest\getSessionData
getSessionData( $key)
Get data from the session.
Definition: WebRequest.php:1064

Language

WebRequest\getProtocol
getProtocol()
Get the current URL protocol (http or https)
Definition: WebRequest.php:310

wfRandomString
wfRandomString( $length=32)
Get a random string containing a number of pseudo-random hex characters.
Definition: GlobalFunctions.php:273

WebRequest\wasPosted
wasPosted()
Returns true if the present request was reached by a POST operation, false otherwise (GET...
Definition: WebRequest.php:736

WebRequest\getRequestURL
getRequestURL()
Return the path and query string portion of the request URI.
Definition: WebRequest.php:852

PathRouter
PathRouter class.
Definition: PathRouter.php:73

WebRequest\$headers
$headers
Definition: WebRequest.php:42

WebRequest\getQueryValues
getQueryValues()
Get the values passed in the query string.
Definition: WebRequest.php:663

WebRequest\appendQueryArray
appendQueryArray( $array)
Appends or replaces value of query variables.
Definition: WebRequest.php:892

IEUrlExtension\areServerVarsBad
static areServerVarsBad( $vars, $extWhitelist=[])
Check a subset of $_SERVER (or the whole of $_SERVER if you like) to see if it indicates that the req...
Definition: IEUrlExtension.php:62

$wgUsePathInfo
$wgUsePathInfo
Whether to support URLs like index.php/Page_title These often break when PHP is set up in CGI mode...
Definition: DefaultSettings.php:157

$wgAssumeProxiesUseDefaultProtocolPorts
bool $wgAssumeProxiesUseDefaultProtocolPorts
When the wiki is running behind a proxy and this is set to true, assumes that the proxy exposes the w...
Definition: DefaultSettings.php:88

null
this hook is for auditing only or null if authentication failed before getting that far or null if we can t even determine that When $user is not null
Definition: hooks.txt:767

IP\splitHostAndPort
static splitHostAndPort( $both)
Given a host/port string, like one might find in the host part of a URL per RFC 2732, split the hostname part and the port part and return an array with an element for each.
Definition: IP.php:253

WebRequest\getFuzzyBool
getFuzzyBool( $name, $default=false)
Fetch a boolean value from the input or return $default if not set.
Definition: WebRequest.php:589

WebRequest\doSecurityRedirect
doSecurityRedirect( $url)
Attempt to redirect to a URL with a QUERY_STRING that&#39;s not dangerous in IE 6.
Definition: WebRequest.php:1113

WebRequest\detectProtocol
static detectProtocol()
Detect the protocol from $_SERVER.
Definition: WebRequest.php:246

WebRequest\getGPCVal
getGPCVal( $arr, $name, $default)
Fetch a value from the given array or return $default if it&#39;s not set.
Definition: WebRequest.php:393

FauxRequest

WebRequest\getSessionId
getSessionId()
Get the session id for this request, if any.
Definition: WebRequest.php:779

as
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such as
Definition: distributors.txt:9

WebRequest\getUpload
getUpload( $key)
Return a WebRequestUpload object corresponding to the key.
Definition: WebRequest.php:978

PROTO_HTTP
const PROTO_HTTP
Definition: Defines.php:199

WebRequest\getValues
getValues()
Extracts the given named values into an array.
Definition: WebRequest.php:630

WebRequest\setSessionId
setSessionId(SessionId $sessionId)
Set the session for this request.
Definition: WebRequest.php:769

WebRequest\$response
WebResponse $response
Lazy-init response object.
Definition: WebRequest.php:60

IEUrlExtension\fixUrlForIE6
static fixUrlForIE6( $url, $extWhitelist=[])
Returns a variant of $url which will pass isUrlExtensionBad() but has the same GET parameters...
Definition: IEUrlExtension.php:140

WebRequest\$sessionId
SessionId null $sessionId
Session ID to use for this request.
Definition: WebRequest.php:85

WebRequest\__construct
__construct()
Definition: WebRequest.php:93

WebRequest\getGlobalRequestURL
static getGlobalRequestURL()
Return the path and query string portion of the main request URI.
Definition: WebRequest.php:806

php
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition: injection.txt:35

WebRequest\getText
getText( $name, $default='')
Fetch a text string from the given array or return $default if it&#39;s not set.
Definition: WebRequest.php:618

WebRequest\getValueNames
getValueNames( $exclude=[])
Returns the names of all input values excluding those in $exclude.
Definition: WebRequest.php:652

class
you have access to all of the normal MediaWiki so you can get a DB use the etc For full docs on the Maintenance class
Definition: maintenance.txt:52

WebRequest\getMethod
getMethod()
Get the HTTP method used for this request.
Definition: WebRequest.php:723

WebRequest\overrideRequestId
static overrideRequestId( $id)
Override the unique request ID.
Definition: WebRequest.php:302

MediaWiki\Session\SessionId
Value object holding the session ID in a manner that can be globally updated.
Definition: SessionId.php:38

$base
$base
Definition: generateLocalAutoload.php:11

WebRequest\getRawInput
getRawInput()
Return the raw request body, with no processing.
Definition: WebRequest.php:710

WebRequest\interpolateTitle
interpolateTitle()
Check for title, action, and/or variant data in the URL and interpolate it into the GET variables...
Definition: WebRequest.php:324

redirect
This list may contain false positives That usually means there is additional text with links below the first Each row contains links to the first and second redirect
Definition: All_system_messages.txt:1267

$name
Allows to change the fields on the form that will be generated $name
Definition: hooks.txt:271

WebRequest\getArray
getArray( $name, $default=null)
Fetch an array from the input or return $default if it&#39;s not set.
Definition: WebRequest.php:498

WebRequest\getIntOrNull
getIntOrNull( $name)
Fetch an integer value from the input or return null if empty.
Definition: WebRequest.php:546

WebRequest\getCookie
getCookie( $key, $prefix=null, $default=null)
Get a cookie from the $_COOKIE jar.
Definition: WebRequest.php:791

$path
$path
Definition: NoLocalSettings.php:25

WebRequest\$reqId
static string $reqId
The unique request ID.
Definition: WebRequest.php:54

WebRequest\getUploadError
getUploadError( $key)
Return the upload error or 0.
Definition: WebRequest.php:951

WebRequest\getPathInfo
static getPathInfo( $want='all')
Extract relevant query arguments from the http request uri&#39;s path to be merged with the normal php pr...
Definition: WebRequest.php:116

WebRequest\getIntArray
getIntArray( $name, $default=null)
Fetch an array of integers, or return $default if it&#39;s not set.
Definition: WebRequest.php:517

WebRequest\getElapsedTime
getElapsedTime()
Get the number of seconds to have elapsed since request start, in fractional seconds, with microsecond resolution.
Definition: WebRequest.php:263

PathRouter\add
add( $path, $params=[], $options=[])
Add a new path pattern to the path router.
Definition: PathRouter.php:158

$wgVariantArticlePath
$wgVariantArticlePath
Like $wgArticlePath, but on multi-variant wikis, this provides a path format that describes which par...
Definition: DefaultSettings.php:3167

MWException

WebRequestUpload
Object to access the $_FILES array.
Definition: WebRequestUpload.php:30

Hooks\run
static run( $event, array $args=[], $deprecatedVersion=null)
Call hook functions defined in Hooks::register and $wgHooks.
Definition: Hooks.php:200

WebRequest\getRawQueryString
getRawQueryString()
Return the contents of the Query with no decoding.
Definition: WebRequest.php:686

WebRequest\getFileTempname
getFileTempname( $key)
Return the path to the temporary file where PHP has stored the upload.
Definition: WebRequest.php:940

$matches
$matches
Definition: NoLocalSettings.php:24

WebRequest\appendQueryValue
appendQueryValue( $key, $value)
Definition: WebRequest.php:882