<?php
/**
* Deal with importing all those nasssty globals and things
- * @package MediaWiki
*/
# Copyright (C) 2003 Brion Vibber <brion@pobox.com>
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# http://www.gnu.org/copyleft/gpl.html
+
+/**
+ * Some entry points may use this file without first enabling the
+ * autoloader.
+ */
+if ( !function_exists( '__autoload' ) ) {
+ require_once( dirname(__FILE__) . '/normal/UtfNormal.php' );
+}
+
/**
* The WebRequest class encapsulates getting at data passed in the
* URL or via a POSTed form, handling remove of "magic quotes" slashes,
* you want to pass arbitrary data to some function in place of the web
* input.
*
- * @package MediaWiki
*/
class WebRequest {
- function WebRequest() {
+ function __construct() {
$this->checkMagicQuotes();
+ }
+
+ /**
+ * Check for title, action, and/or variant data in the URL
+ * and interpolate it into the GET variables.
+ * This should only be run after $wgContLang is available,
+ * as we may need the list of language variants to determine
+ * available variant URLs.
+ */
+ function interpolateTitle() {
global $wgUsePathInfo;
- if( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != '') && $wgUsePathInfo ) {
- # Stuff it!
- $_GET['title'] = $_REQUEST['title'] =
- substr( $_SERVER['PATH_INFO'], 1 );
+ if ( $wgUsePathInfo ) {
+ // PATH_INFO is mangled due to http://bugs.php.net/bug.php?id=31892
+ // And also by Apache 2.x, double slashes are converted to single slashes.
+ // So we will use REQUEST_URI if possible.
+ $matches = array();
+ if ( !empty( $_SERVER['REQUEST_URI'] ) ) {
+ // Slurp out the path portion to examine...
+ $url = $_SERVER['REQUEST_URI'];
+ if ( !preg_match( '!^https?://!', $url ) ) {
+ $url = 'http://unused' . $url;
+ }
+ $a = parse_url( $url );
+ if( $a ) {
+ $path = $a['path'];
+
+ global $wgScript;
+ if( $path == $wgScript ) {
+ // Script inside a rewrite path?
+ // Abort to keep from breaking...
+ return;
+ }
+ // Raw PATH_INFO style
+ $matches = $this->extractTitle( $path, "$wgScript/$1" );
+
+ global $wgArticlePath;
+ if( !$matches && $wgArticlePath ) {
+ $matches = $this->extractTitle( $path, $wgArticlePath );
+ }
+
+ global $wgActionPaths;
+ if( !$matches && $wgActionPaths ) {
+ $matches = $this->extractTitle( $path, $wgActionPaths, 'action' );
+ }
+
+ global $wgVariantArticlePath, $wgContLang;
+ if( !$matches && $wgVariantArticlePath ) {
+ $variantPaths = array();
+ foreach( $wgContLang->getVariants() as $variant ) {
+ $variantPaths[$variant] =
+ str_replace( '$2', $variant, $wgVariantArticlePath );
+ }
+ $matches = $this->extractTitle( $path, $variantPaths, 'variant' );
+ }
+ }
+ } elseif ( isset( $_SERVER['ORIG_PATH_INFO'] ) && $_SERVER['ORIG_PATH_INFO'] != '' ) {
+ // Mangled PATH_INFO
+ // http://bugs.php.net/bug.php?id=31892
+ // Also reported when ini_get('cgi.fix_pathinfo')==false
+ $matches['title'] = substr( $_SERVER['ORIG_PATH_INFO'], 1 );
+
+ } elseif ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != '') ) {
+ // Regular old PATH_INFO yay
+ $matches['title'] = substr( $_SERVER['PATH_INFO'], 1 );
+ }
+ foreach( $matches as $key => $val) {
+ $_GET[$key] = $_REQUEST[$key] = $val;
+ }
}
}
+
+ /**
+ * Internal URL rewriting function; tries to extract page title and,
+ * optionally, one other fixed parameter value from a URL path.
+ *
+ * @param string $path the URL path given from the client
+ * @param array $bases one or more URLs, optionally with $1 at the end
+ * @param string $key if provided, the matching key in $bases will be
+ * passed on as the value of this URL parameter
+ * @return array of URL variables to interpolate; empty if no match
+ */
+ private function extractTitle( $path, $bases, $key=false ) {
+ foreach( (array)$bases as $keyValue => $base ) {
+ // Find the part after $wgArticlePath
+ $base = str_replace( '$1', '', $base );
+ $baseLen = strlen( $base );
+ if( substr( $path, 0, $baseLen ) == $base ) {
+ $raw = substr( $path, $baseLen );
+ if( $raw !== '' ) {
+ $matches = array( 'title' => rawurldecode( $raw ) );
+ if( $key ) {
+ $matches[$key] = $keyValue;
+ }
+ return $matches;
+ }
+ }
+ }
+ return array();
+ }
+
+ private $_response;
/**
* Recursively strips slashes from the given array;
* used for undoing the evil that is magic_quotes_gpc.
* @param array &$arr will be modified
* @return array the original array
- * @access private
+ * @private
*/
function &fix_magic_quotes( &$arr ) {
foreach( $arr as $key => $val ) {
* through fix_magic_quotes to strip out the stupid slashes.
* WARNING: This should only be done once! Running a second
* time could damage the values.
- * @access private
+ * @private
*/
function checkMagicQuotes() {
if ( get_magic_quotes_gpc() ) {
* Recursively normalizes UTF-8 strings in the given array.
* @param array $data string or array
* @return cleaned-up version of the given
- * @access private
+ * @private
*/
function normalizeUnicode( $data ) {
if( is_array( $data ) ) {
* @param string $name
* @param mixed $default
* @return mixed
- * @access private
+ * @private
*/
function getGPCVal( $arr, $name, $default ) {
if( isset( $arr[$name] ) ) {
$data = $wgContLang->checkTitleEncoding( $data );
}
}
- require_once( 'normal/UtfNormal.php' );
$data = $this->normalizeUnicode( $data );
return $data;
} else {
/**
* Fetch a scalar from the input or return $default if it's not set.
- * Returns a string. Arrays are discarded.
+ * Returns a string. Arrays are discarded. Useful for
+ * non-freeform text inputs (e.g. predefined internal text keys
+ * selected by a drop-down menu). For freeform input, see getText().
*
* @param string $name
* @param string $default optional default (or NULL)
* Fetch a text string from the given array or return $default if it's not
* set. \r is stripped from the text, and with some language modules there
* is an input transliteration applied. This should generally be used for
- * form <textarea> and <input> fields.
+ * form <textarea> and <input> fields. Used for user-supplied freeform text
+ * input (for which input transformations may be required - e.g. Esperanto
+ * x-coding).
*
* @param string $name
* @param string $default optional
* Returns true if there is a session cookie set.
* This does not necessarily mean that the user is logged in!
*
+ * If you want to check for an open session, use session_id()
+ * instead; that will also tell you if the session was opened
+ * during the current request (in which case the cookie will
+ * be sent back to the client at the end of the script run).
+ *
* @return bool
*/
function checkSessionCookie() {
- return isset( $_COOKIE[ini_get('session.name')] );
+ return isset( $_COOKIE[session_name()] );
}
/**
* @return string
*/
function getRequestURL() {
- $base = $_SERVER['REQUEST_URI'];
+ if( isset( $_SERVER['REQUEST_URI'] ) ) {
+ $base = $_SERVER['REQUEST_URI'];
+ } elseif( isset( $_SERVER['SCRIPT_NAME'] ) ) {
+ // Probably IIS; doesn't set REQUEST_URI
+ $base = $_SERVER['SCRIPT_NAME'];
+ if( isset( $_SERVER['QUERY_STRING'] ) && $_SERVER['QUERY_STRING'] != '' ) {
+ $base .= '?' . $_SERVER['QUERY_STRING'];
+ }
+ } else {
+ // This shouldn't happen!
+ throw new MWException( "Web server doesn't provide either " .
+ "REQUEST_URI or SCRIPT_NAME. Report details of your " .
+ "web server configuration to http://bugzilla.wikimedia.org/" );
+ }
+ // User-agents should not send a fragment with the URI, but
+ // if they do, and the web server passes it on to us, we
+ // need to strip it or we get false-positive redirect loops
+ // or weird output URLs
+ $hash = strpos( $base, '#' );
+ if( $hash !== false ) {
+ $base = substr( $base, 0, $hash );
+ }
if( $base{0} == '/' ) {
return $base;
} else {
/**
* Take an arbitrary query and rewrite the present URL to include it
- * @param string $query Query string fragment; do not include initial '?'
+ * @param $query String: query string fragment; do not include initial '?'
* @return string
*/
function appendQuery( $query ) {
global $wgTitle;
$basequery = '';
foreach( $_GET as $var => $val ) {
- if( $var == 'title' ) continue;
+ if ( $var == 'title' )
+ continue;
+ if ( is_array( $val ) )
+ /* This will happen given a request like
+ * http://en.wikipedia.org/w/index.php?title[]=Special:Userlogin&returnto[]=Main_Page
+ */
+ continue;
$basequery .= '&' . urlencode( $var ) . '=' . urlencode( $val );
}
$basequery .= '&' . $query;
/**
* HTML-safe version of appendQuery().
- * @param string $query Query string fragment; do not include initial '?'
+ * @param $query String: query string fragment; do not include initial '?'
* @return string
*/
function escapeAppendQuery( $query ) {
* defaults if not given. The limit must be positive and is capped at 5000.
* Offset must be positive but is not capped.
*
- * @param int $deflimit Limit to use if no input and the user hasn't set the option.
- * @param string $optionname To specify an option other than rclimit to pull from.
+ * @param $deflimit Integer: limit to use if no input and the user hasn't set the option.
+ * @param $optionname String: to specify an option other than rclimit to pull from.
* @return array first element is limit, second is offset
*/
function getLimitOffset( $deflimit = 50, $optionname = 'rclimit' ) {
/**
* Return the path to the temporary file where PHP has stored the upload.
- * @param string $key
+ * @param $key String:
* @return string or NULL if no such file.
*/
function getFileTempname( $key ) {
/**
* Return the size of the upload, or 0.
- * @param string $key
+ * @param $key String:
* @return integer
*/
function getFileSize( $key ) {
/**
* Return the upload error or 0
- * @param string $key
+ * @param $key String:
* @return integer
*/
function getUploadError( $key ) {
*
* Other than this the name is not verified for being a safe filename.
*
- * @param string $key
+ * @param $key String:
* @return string or NULL if no such file.
*/
function getFileName( $key ) {
wfDebug( "WebRequest::getFileName() '" . $_FILES[$key]['name'] . "' normalized to '$name'\n" );
return $name;
}
+
+ /**
+ * Return a handle to WebResponse style object, for setting cookies,
+ * headers and other stuff, for Request being worked on.
+ */
+ function response() {
+ /* Lazy initialization of response object for this request */
+ if (!is_object($this->_response)) {
+ $this->_response = new WebResponse;
+ }
+ return $this->_response;
+ }
+
}
/**
* WebRequest clone which takes values from a provided array.
*
- * @package MediaWiki
*/
class FauxRequest extends WebRequest {
var $data = null;
var $wasPosted = false;
+ /**
+ * @param array $data Array of *non*-urlencoded key => value pairs, the
+ * fake GET/POST values
+ * @param bool $wasPosted Whether to treat the data as POST
+ */
function FauxRequest( $data, $wasPosted = false ) {
if( is_array( $data ) ) {
$this->data = $data;
} else {
- wfDebugDieBacktrace( "FauxRequest() got bogus data" );
+ throw new MWException( "FauxRequest() got bogus data" );
}
$this->wasPosted = $wasPosted;
}
}
function getRequestURL() {
- wfDebugDieBacktrace( 'FauxRequest::getRequestURL() not implemented' );
+ throw new MWException( 'FauxRequest::getRequestURL() not implemented' );
}
function appendQuery( $query ) {
- wfDebugDieBacktrace( 'FauxRequest::appendQuery() not implemented' );
+ throw new MWException( 'FauxRequest::appendQuery() not implemented' );
}
}
-?>
+