dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
fix xss
[lhc/web/wiklou.git] / includes / actions / RawAction.php
1 <?php
2 /**
3 * Raw page text accessor
4 *
5 * Copyright © 2004 Gabriel Wicke <wicke@wikidev.net>
6 * http://wikidev.net/
7 *
8 * Based on HistoryPage and SpecialExport
9 *
10 * License: GPL (http://www.gnu.org/copyleft/gpl.html)
11 *
12 * @author Gabriel Wicke <wicke@wikidev.net>
13 * @file
14 */
15
16 /**
17 * A simple method to retrieve the plain source of an article,
18 * using "action=raw" in the GET request string.
19 */
20 class RawAction extends FormlessAction {
21 private $mGen;
22
23 public function getName() {
24 return 'raw';
25 }
26
27 public function requiresWrite() {
28 return false;
29 }
30
31 public function requiresUnblock() {
32 return false;
33 }
34
35 function onView() {
36 global $wgGroupPermissions, $wgSquidMaxage, $wgForcedRawSMaxage, $wgJsMimeType;
37
38 $this->getOutput()->disable();
39 $request = $this->getRequest();
40
41 if ( !$request->checkUrlExtension() ) {
42 return;
43 }
44
45 if ( $this->getOutput()->checkLastModified( $this->page->getTouched() ) ) {
46 return; // Client cache fresh and headers sent, nothing more to do.
47 }
48
49 # special case for 'generated' raw things: user css/js
50 # This is deprecated and will only return empty content
51 $gen = $request->getVal( 'gen' );
52 $smaxage = $request->getIntOrNull( 'smaxage' );
53
54 if ( $gen == 'css' || $gen == 'js' ) {
55 $this->mGen = $gen;
56 if ( $smaxage === null ) {
57 $smaxage = $wgSquidMaxage;
58 }
59 } else {
60 $this->mGen = false;
61 }
62
63 $contentType = $this->getContentType();
64
65 # Force caching for CSS and JS raw content, default: 5 minutes
66 if ( $smaxage === null ) {
67 if ( $contentType == 'text/css' || $contentType == $wgJsMimeType ) {
68 $smaxage = intval( $wgForcedRawSMaxage );
69 } else {
70 $smaxage = 0;
71 }
72 }
73
74 $maxage = $request->getInt( 'maxage', $wgSquidMaxage );
75
76 $response = $request->response();
77
78 $response->header( 'Content-type: ' . $contentType . '; charset=UTF-8' );
79 # Output may contain user-specific data;
80 # vary generated content for open sessions on private wikis
81 $privateCache = !$wgGroupPermissions['*']['read'] && ( $smaxage == 0 || session_id() != '' );
82 # allow the client to cache this for 24 hours
83 $mode = $privateCache ? 'private' : 'public';
84 $response->header( 'Cache-Control: ' . $mode . ', s-maxage=' . $smaxage . ', max-age=' . $maxage );
85
86 $text = $this->getRawText();
87
88 if ( $text === false && $contentType == 'text/x-wiki' ) {
89 # Don't return a 404 response for CSS or JavaScript;
90 # 404s aren't generally cached and it would create
91 # extra hits when user CSS/JS are on and the user doesn't
92 # have the pages.
93 $response->header( 'HTTP/1.x 404 Not Found' );
94 }
95
96 if ( !wfRunHooks( 'RawPageViewBeforeOutput', array( &$this, &$text ) ) ) {
97 wfDebug( __METHOD__ . ": RawPageViewBeforeOutput hook broke raw page output.\n" );
98 }
99
100 echo $text;
101 }
102
103 /**
104 * Get the text that should be returned, or false if the page or revision
105 * was not found.
106 *
107 * @return String|Bool
108 */
109 public function getRawText() {
110 global $wgParser;
111
112 # No longer used
113 if( $this->mGen ) {
114 return '';
115 }
116
117 $text = false;
118 $title = $this->getTitle();
119 $request = $this->getRequest();
120
121 // If it's a MediaWiki message we can just hit the message cache
122 if ( $request->getBool( 'usemsgcache' ) && $title->getNamespace() == NS_MEDIAWIKI ) {
123 $key = $title->getDBkey();
124 $msg = wfMessage( $key )->inContentLanguage();
125 # If the message doesn't exist, return a blank
126 $text = !$msg->exists() ? '' : $msg->plain();
127 } else {
128 // Get it from the DB
129 $rev = Revision::newFromTitle( $title, $this->getOldId() );
130 if ( $rev ) {
131 $lastmod = wfTimestamp( TS_RFC2822, $rev->getTimestamp() );
132 $request->response()->header( "Last-modified: $lastmod" );
133
134 // Public-only due to cache headers
135 $text = $rev->getText();
136 $section = $request->getIntOrNull( 'section' );
137 if ( $section !== null ) {
138 $text = $wgParser->getSection( $text, $section );
139 }
140 }
141 }
142
143 if ( $text !== false && $text !== '' && $request->getVal( 'templates' ) === 'expand' ) {
144 $text = $wgParser->preprocess( $text, $title, ParserOptions::newFromContext( $this->getContext() ) );
145 }
146
147 return $text;
148 }
149
150 /**
151 * Get the ID of the revision that should used to get the text.
152 *
153 * @return Integer
154 */
155 public function getOldId() {
156 $oldid = $this->getRequest()->getInt( 'oldid' );
157 switch ( $this->getRequest()->getText( 'direction' ) ) {
158 case 'next':
159 # output next revision, or nothing if there isn't one
160 if( $oldid ) {
161 $oldid = $this->getTitle()->getNextRevisionId( $oldid );
162 }
163 $oldid = $oldid ? $oldid : -1;
164 break;
165 case 'prev':
166 # output previous revision, or nothing if there isn't one
167 if( !$oldid ) {
168 # get the current revision so we can get the penultimate one
169 $oldid = $this->getTitle()->getLatestRevID();
170 }
171 $prev = $this->getTitle()->getPreviousRevisionId( $oldid );
172 $oldid = $prev ? $prev : -1 ;
173 break;
174 case 'cur':
175 $oldid = 0;
176 break;
177 }
178 return $oldid;
179 }
180
181 /**
182 * Get the content type to use for the response
183 *
184 * @return String
185 */
186 public function getContentType() {
187 global $wgJsMimeType;
188
189 $ctype = $this->getRequest()->getVal( 'ctype' );
190
191 if ( $ctype == '' ) {
192 $gen = $this->getRequest()->getVal( 'gen' );
193 if ( $gen == 'js' ) {
194 $ctype = $wgJsMimeType;
195 } elseif ( $gen == 'css' ) {
196 $ctype = 'text/css';
197 }
198 }
199
200 $allowedCTypes = array( 'text/x-wiki', $wgJsMimeType, 'text/css', 'application/x-zope-edit' );
201 if ( $ctype == '' || !in_array( $ctype, $allowedCTypes ) ) {
202 $ctype = 'text/x-wiki';
203 }
204
205 return $ctype;
206 }
207 }
208
209 /**
210 * Backward compatibility for extensions
211 *
212 * @deprecated in 1.19
213 */
214 class RawPage extends RawAction {
215 public $mOldId;
216
217 function __construct( Page $page, $request = false ) {
218 wfDeprecated( __CLASS__, '1.19' );
219 parent::__construct( $page );
220
221 if ( $request !== false ) {
222 $context = new DerivativeContext( $this->getContext() );
223 $context->setRequest( $request );
224 $this->context = $context;
225 }
226 }
227
228 public function view() {
229 $this->onView();
230 }
231
232 public function getOldId() {
233 # Some extensions like to set $mOldId
234 if ( $this->mOldId !== null ) {
235 return $this->mOldId;
236 }
237 return parent::getOldId();
238 }
239 }
Wiklou, le Wiki du Wiklou