X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FOutputHandler.php;h=1f4798b7cc237dfdf3fc9de1c45b405585c5ac84;hb=42fe290d16f66ba3d719bc6149cc79570e55a6b3;hp=65b1c8ff4591906972990de7aebc318ec2c4352e;hpb=55bd3a027996903110bcc0ee6ddd435a6b3a9a7f;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/OutputHandler.php b/includes/OutputHandler.php index 65b1c8ff45..1f4798b7cc 100644 --- a/includes/OutputHandler.php +++ b/includes/OutputHandler.php @@ -4,8 +4,21 @@ * Standard output handler for use with ob_start */ function wfOutputHandler( $s ) { - global $wgDisableOutputCompression; - $s = wfMangleFlashPolicy( $s ); + global $wgDisableOutputCompression, $wgValidateAllHtml; + $s = wfMangleFlashPolicy( $s ); + if ( $wgValidateAllHtml ) { + $headers = apache_response_headers(); + $isHTML = true; + foreach ( $headers as $name => $value ) { + if ( strtolower( $name ) == 'content-type' && strpos( $value, 'text/html' ) === false && strpos( $value, 'application/xhtml+xml' ) === false ) { + $isHTML = false; + break; + } + } + if ( $isHTML ) { + $s = wfHtmlValidationHandler( $s ); + } + } if ( !$wgDisableOutputCompression && !ini_get( 'zlib.output_compression' ) ) { if ( !defined( 'MW_NO_OUTPUT_COMPRESSION' ) ) { $s = wfGzipHandler( $s ); @@ -35,7 +48,7 @@ function wfRequestExtension() { // Can't get the path from the server? :( return ''; } - + $period = strrpos( $path, '.' ); if( $period !== false ) { return strtolower( substr( $path, $period ) ); @@ -51,7 +64,7 @@ function wfGzipHandler( $s ) { if( !function_exists( 'gzencode' ) || headers_sent() ) { return $s; } - + $ext = wfRequestExtension(); if( $ext == '.gz' || $ext == '.tgz' ) { // Don't do gzip compression if the URL path ends in .gz or .tgz @@ -60,7 +73,7 @@ function wfGzipHandler( $s ) { // Bad Safari! Bad! return $s; } - + if( isset( $_SERVER['HTTP_ACCEPT_ENCODING'] ) ) { $tokens = preg_split( '/[,; ]/', $_SERVER['HTTP_ACCEPT_ENCODING'] ); if ( in_array( 'gzip', $tokens ) ) { @@ -68,7 +81,7 @@ function wfGzipHandler( $s ) { $s = gzencode( $s, 3 ); } } - + // Set vary header if it hasn't been set already $headers = headers_list(); $foundVary = false; @@ -89,7 +102,12 @@ function wfGzipHandler( $s ) { * Mangle flash policy tags which open up the site to XSS attacks. */ function wfMangleFlashPolicy( $s ) { - return preg_replace( '/\<\s*cross-domain-policy\s*\>/i', '', $s ); + # Avoid weird excessive memory usage in PCRE on big articles + if ( preg_match( '/\<\s*cross-domain-policy\s*\>/i', $s ) ) { + return preg_replace( '/\<\s*cross-domain-policy\s*\>/i', '', $s ); + } else { + return $s; + } } /** @@ -101,4 +119,59 @@ function wfDoContentLength( $length ) { } } +/** + * Replace the output with an error if the HTML is not valid + */ +function wfHtmlValidationHandler( $s ) { + $errors = ''; + if ( MWTidy::checkErrors( $s, $errors ) ) { + return $s; + } + + header( 'Cache-Control: no-cache' ); + + $out = << + + +HTML validation error + + + +

HTML validation error

+
    +EOT; + + $error = strtok( $errors, "\n" ); + $badLines = array(); + while ( $error !== false ) { + if ( preg_match( '/^line (\d+)/', $error, $m ) ) { + $lineNum = intval( $m[1] ); + $badLines[$lineNum] = true; + $out .= "
  • " . htmlspecialchars( $error ) . "
    • \n"; + } + $error = strtok( "\n" ); + } + + $out .= '
'; + $out .= '
' . htmlspecialchars( $errors ) . '
'; + $out .= "
    \n"; + $line = strtok( $s, "\n" ); + $i = 1; + while ( $line !== false ) { + if ( isset( $badLines[$i] ) ) { + $out .= "
  1. "; + } else { + $out .= '
  2. '; + } + $out .= htmlspecialchars( $line ) . "
    3. \n"; + $line = strtok( "\n" ); + $i++; + } + $out .= '
'; + return $out; +}