+
+ /**
+ * Return a handle to WebResponse style object, for setting cookies,
+ * headers and other stuff, for Request being worked on.
+ */
+ public function response() {
+ /* Lazy initialization of response object for this request */
+ if ( !is_object( $this->_response ) ) {
+ $class = ( $this instanceof FauxRequest ) ? 'FauxResponse' : 'WebResponse';
+ $this->_response = new $class();
+ }
+ return $this->_response;
+ }
+
+ /**
+ * Get a request header, or false if it isn't set
+ * @param $name String: case-insensitive header name
+ */
+ public function getHeader( $name ) {
+ $name = strtoupper( $name );
+ if ( function_exists( 'apache_request_headers' ) ) {
+ if ( !$this->headers ) {
+ foreach ( apache_request_headers() as $tempName => $tempValue ) {
+ $this->headers[ strtoupper( $tempName ) ] = $tempValue;
+ }
+ }
+ if ( isset( $this->headers[$name] ) ) {
+ return $this->headers[$name];
+ } else {
+ return false;
+ }
+ } else {
+ $name = 'HTTP_' . str_replace( '-', '_', $name );
+ if ( isset( $_SERVER[$name] ) ) {
+ return $_SERVER[$name];
+ } else {
+ return false;
+ }
+ }
+ }
+
+ /*
+ * Get data from $_SESSION
+ * @param $key String Name of key in $_SESSION
+ * @return mixed
+ */
+ public function getSessionData( $key ) {
+ if( !isset( $_SESSION[$key] ) )
+ return null;
+ return $_SESSION[$key];
+ }
+
+ /**
+ * Set session data
+ * @param $key String Name of key in $_SESSION
+ * @param $data mixed
+ */
+ public function setSessionData( $key, $data ) {
+ $_SESSION[$key] = $data;
+ }
+
+ /**
+ * Returns true if the PATH_INFO ends with an extension other than a script
+ * extension. This could confuse IE for scripts that send arbitrary data which
+ * is not HTML but may be detected as such.
+ *
+ * Various past attempts to use the URL to make this check have generally
+ * run up against the fact that CGI does not provide a standard method to
+ * determine the URL. PATH_INFO may be mangled (e.g. if cgi.fix_pathinfo=0),
+ * but only by prefixing it with the script name and maybe some other stuff,
+ * the extension is not mangled. So this should be a reasonably portable
+ * way to perform this security check.
+ */
+ public function isPathInfoBad() {
+ global $wgScriptExtension;
+
+ if ( !isset( $_SERVER['PATH_INFO'] ) ) {
+ return false;
+ }
+ $pi = $_SERVER['PATH_INFO'];
+ $dotPos = strrpos( $pi, '.' );
+ if ( $dotPos === false ) {
+ return false;
+ }
+ $ext = substr( $pi, $dotPos );
+ return !in_array( $ext, array( $wgScriptExtension, '.php', '.php5' ) );
+ }