master/php/WebResponse_8php_source.html

<?php

namespace MediaWiki\Request;


use LogicException;

use MediaWiki\HookContainer\HookRunner;

use MediaWiki\MainConfigNames;

use MediaWiki\MediaWikiServices;

use RuntimeException;

use Wikimedia\Http\HttpStatus;

use Wikimedia\LightweightObjectStore\ExpirationAwareness;

use Wikimedia\Timestamp\ConvertibleTimestamp;


class WebResponse {


    protected static $setCookies = [];


    protected $disableForPostSend = false;


    public function disableForPostSend() {

        $this->disableForPostSend = true;

    }


    public function header( $string, $replace = true, $http_response_code = null ) {

        if ( $this->disableForPostSend ) {

            wfDebugLog( 'header', 'ignored post-send header {header}', 'all', [

                'header' => $string,

                'replace' => $replace,

                'http_response_code' => $http_response_code,

                'exception' => new RuntimeException( 'Ignored post-send header' ),

            ] );

            return;

        }


        \MediaWiki\Request\HeaderCallback::warnIfHeadersSent();

        if ( $http_response_code ) {

            header( $string, $replace, $http_response_code );

        } else {

            header( $string, $replace );

        }

    }


    public function getStatusCode() {

        return http_response_code();

    }


    public function getHeader( $key ) {

        foreach ( headers_list() as $header ) {

            [ $name, $val ] = explode( ':', $header, 2 );

            if ( !strcasecmp( $name, $key ) ) {

                return trim( $val );

            }

        }

        return null;

    }


    public function statusHeader( $code ) {

        if ( $this->disableForPostSend ) {

            wfDebugLog( 'header', 'ignored post-send status header {code}', 'all', [

                'code' => $code,

                'exception' => new RuntimeException( 'Ignored post-send status header' ),

            ] );

            return;

        }


        HttpStatus::header( $code );

    }


    public function headersSent() {

        return headers_sent();

    }


    public function setCookie( $name, $value, $expire = 0, $options = [] ) {

        $services = MediaWikiServices::getInstance();

        $mainConfig = $services->getMainConfig();

        $cookiePath = $mainConfig->get( MainConfigNames::CookiePath );

        $cookiePrefix = $mainConfig->get( MainConfigNames::CookiePrefix );

        $cookieDomain = $mainConfig->get( MainConfigNames::CookieDomain );

        $cookieSecure = $mainConfig->get( MainConfigNames::CookieSecure );

        $cookieExpiration = $mainConfig->get( MainConfigNames::CookieExpiration );

        $cookieHttpOnly = $mainConfig->get( MainConfigNames::CookieHttpOnly );

        $options = array_filter( $options, static fn ( $a ) => $a !== null ) + [

            'prefix' => $cookiePrefix,

            'domain' => $cookieDomain,

            'path' => $cookiePath,

            'secure' => $cookieSecure,

            'httpOnly' => $cookieHttpOnly,

            'raw' => false,

            'sameSite' => '',

        ];


        if ( $expire === null ) {

            $expire = 0; // Session cookie

        } elseif ( $expire == 0 && $cookieExpiration != 0 ) {

            $expire = ConvertibleTimestamp::time() + $cookieExpiration;

        }


        if ( $this->disableForPostSend ) {

            $prefixedName = $options['prefix'] . $name;

            wfDebugLog( 'cookie', 'ignored post-send cookie {cookie}', 'all', [

                'cookie' => $prefixedName,

                'data' => [

                    'name' => $prefixedName,

                    'value' => (string)$value,

                    'expire' => (int)$expire,

                    'path' => (string)$options['path'],

                    'domain' => (string)$options['domain'],

                    'secure' => (bool)$options['secure'],

                    'httpOnly' => (bool)$options['httpOnly'],

                    'sameSite' => (string)$options['sameSite']

                ],

                'exception' => new RuntimeException( 'Ignored post-send cookie' ),

            ] );

            return;

        }


        $hookRunner = new HookRunner( $services->getHookContainer() );

        if ( !$hookRunner->onWebResponseSetCookie( $name, $value, $expire, $options ) ) {

            return;

        }


        // Note: Don't try to move this earlier to reuse it for $this->disableForPostSend,

        // we need to use the altered values from the hook here. (T198525)

        $prefixedName = $options['prefix'] . $name;

        $value = (string)$value;

        $func = $options['raw'] ? 'setrawcookie' : 'setcookie';

        $setOptions = [

            'expires' => (int)$expire,

            'path' => (string)$options['path'],

            'domain' => (string)$options['domain'],

            'secure' => (bool)$options['secure'],

            'httponly' => (bool)$options['httpOnly'],

            'samesite' => (string)$options['sameSite'],

        ];


        // Per RFC 6265, key is name + domain + path

        $key = "{$prefixedName}\n{$setOptions['domain']}\n{$setOptions['path']}";


        // If this cookie name was in the request, fake an entry in

        // self::$setCookies for it so the deleting check works right.

        if ( isset( $_COOKIE[$prefixedName] ) && !array_key_exists( $key, self::$setCookies ) ) {

            self::$setCookies[$key] = [];

        }


        // PHP deletes if value is the empty string; also, a past expiry is deleting

        $deleting = ( $value === ''

            || ( $setOptions['expires'] > 0

                 && $setOptions['expires'] <= ConvertibleTimestamp::time()

            )

        );


        $logDesc = "$func: \"$prefixedName\", \"$value\", \"" .

            implode( '", "', array_map( 'strval', $setOptions ) ) . '"';

        $optionsForDeduplication = [ $func, $prefixedName, $value, $setOptions ];


        if ( $deleting && !isset( self::$setCookies[$key] ) ) { // isset( null ) is false

            wfDebugLog( 'cookie', "already deleted $logDesc" );

            return;

        } elseif ( !$deleting && isset( self::$setCookies[$key] ) &&

            self::$setCookies[$key] === $optionsForDeduplication

        ) {

            wfDebugLog( 'cookie', "already set $logDesc" );

            return;

        }


        wfDebugLog( 'cookie', $logDesc );

        $this->actuallySetCookie( $func, $prefixedName, $value, $setOptions );

        self::$setCookies[$key] = $deleting ? null : $optionsForDeduplication;

    }


    public function clearCookie( $name, $options = [] ) {

        $this->setCookie( $name, '', ConvertibleTimestamp::time() - ExpirationAwareness::TTL_YEAR, $options );

    }


    public function hasCookies() {

        return (bool)self::$setCookies;

    }


    protected function actuallySetCookie( string $func, string $prefixedName, string $value, array $setOptions ): void {

        if ( $func === 'setrawcookie' ) {

            setrawcookie( $prefixedName, $value, $setOptions );

        } else {

            setcookie( $prefixedName, $value, $setOptions );

        }

    }


    public static function resetCookieCache(): void {

        if ( !defined( 'MW_PHPUNIT_TEST' ) ) {

            throw new LogicException( __METHOD__ . ' should not be called outside tests' );

        }

        self::$setCookies = [];

    }


}


wfDebugLog
wfDebugLog( $logGroup, $text, $dest='all', array $context=[])
Send a line to a supplementary debug log file, if configured, or main debug log if not.
Definition GlobalFunctions.php:664

if
if(!defined('MW_SETUP_CALLBACK'))
Definition WebStart.php:69

MediaWiki\HookContainer\HookRunner
This class provides an implementation of the core hook interfaces, forwarding hook calls to HookConta...
Definition HookRunner.php:591

MediaWiki\MainConfigNames
A class containing constants representing the names of configuration variables.
Definition MainConfigNames.php:22

MediaWiki\MainConfigNames\CookieExpiration
const CookieExpiration
Name constant for the CookieExpiration setting, for use with Config::get()
Definition MainConfigNames.php:3177

MediaWiki\MainConfigNames\CookieDomain
const CookieDomain
Name constant for the CookieDomain setting, for use with Config::get()
Definition MainConfigNames.php:3195

MediaWiki\MainConfigNames\CookiePath
const CookiePath
Name constant for the CookiePath setting, for use with Config::get()
Definition MainConfigNames.php:3201

MediaWiki\MainConfigNames\CookieSecure
const CookieSecure
Name constant for the CookieSecure setting, for use with Config::get()
Definition MainConfigNames.php:3207

MediaWiki\MainConfigNames\CookiePrefix
const CookiePrefix
Name constant for the CookiePrefix setting, for use with Config::get()
Definition MainConfigNames.php:3213

MediaWiki\MainConfigNames\CookieHttpOnly
const CookieHttpOnly
Name constant for the CookieHttpOnly setting, for use with Config::get()
Definition MainConfigNames.php:3219

MediaWiki\MediaWikiServices
Service locator for MediaWiki core services.
Definition MediaWikiServices.php:258

MediaWiki\MediaWikiServices\getInstance
static getInstance()
Returns the global default instance of the top level service locator.
Definition MediaWikiServices.php:346

MediaWiki\Request\WebResponse
Allow programs to request this object from WebRequest::response() and handle all outputting (or lack ...
Definition WebResponse.php:25

MediaWiki\Request\WebResponse\resetCookieCache
static resetCookieCache()
Definition WebResponse.php:276

MediaWiki\Request\WebResponse\header
header( $string, $replace=true, $http_response_code=null)
Output an HTTP header, wrapper for PHP's header()
Definition WebResponse.php:54

MediaWiki\Request\WebResponse\headersSent
headersSent()
Test if headers have been sent.
Definition WebResponse.php:120

MediaWiki\Request\WebResponse\setCookie
setCookie( $name, $value, $expire=0, $options=[])
Set the browser cookie.
Definition WebResponse.php:144

MediaWiki\Request\WebResponse\disableForPostSend
disableForPostSend()
Disable setters for post-send processing.
Definition WebResponse.php:44

MediaWiki\Request\WebResponse\getHeader
getHeader( $key)
Get a response header.
Definition WebResponse.php:88

MediaWiki\Request\WebResponse\getStatusCode
getStatusCode()
Definition WebResponse.php:78

MediaWiki\Request\WebResponse\statusHeader
statusHeader( $code)
Output an HTTP status code header.
Definition WebResponse.php:103

MediaWiki\Request\WebResponse\hasCookies
hasCookies()
Checks whether this request is performing cookie operations.
Definition WebResponse.php:261

MediaWiki\Request\WebResponse\$setCookies
static array $setCookies
Used to record set cookies, because PHP's setcookie() will happily send an identical Set-Cookie to th...
Definition WebResponse.php:30

MediaWiki\Request\WebResponse\clearCookie
clearCookie( $name, $options=[])
Unset a browser cookie.
Definition WebResponse.php:251

MediaWiki\Request\WebResponse\actuallySetCookie
actuallySetCookie(string $func, string $prefixedName, string $value, array $setOptions)
Definition WebResponse.php:265

MediaWiki\Request\WebResponse\$disableForPostSend
bool $disableForPostSend
Used to disable setters before running jobs post-request (T191537)
Definition WebResponse.php:33

Wikimedia\Http\HttpStatus
Definition HttpStatus.php:16

Wikimedia\LightweightObjectStore\ExpirationAwareness
Generic interface providing Time-To-Live constants for expirable object storage.
Definition ExpirationAwareness.php:16

MediaWiki\Request
Definition ContentSecurityPolicy.php:7