X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FOutputHandler.php;h=4112f8a27c0d578e69b9b990439bc4b3dcb3b485;hb=67fd9d64b7c16e17bb91918af1ff18fdc9d40061;hp=dd3649804a077e66e3d06a795202fbc409e7456b;hpb=455feda3ac49e84675ad6f88c444d51dcbdbd43e;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/OutputHandler.php b/includes/OutputHandler.php
index dd3649804a..4112f8a27c 100644
--- a/includes/OutputHandler.php
+++ b/includes/OutputHandler.php
@@ -1,11 +1,33 @@
 <?php
+/**
+ * Functions to be used with PHP's output buffer
+ *
+ * @file
+ */
 
 /**
  * Standard output handler for use with ob_start
+ * 
+ * @param $s string
+ * 
+ * @return string
  */
 function wfOutputHandler( $s ) {
-	global $wgDisableOutputCompression;
+	global $wgDisableOutputCompression, $wgValidateAllHtml;
 	$s = wfMangleFlashPolicy( $s );
+	if ( $wgValidateAllHtml ) {
+		$headers = apache_response_headers();
+		$isHTML = true;
+		foreach ( $headers as $name => $value ) {
+			if ( strtolower( $name ) == 'content-type' && strpos( $value, 'text/html' ) === false && strpos( $value, 'application/xhtml+xml' ) === false ) {
+				$isHTML = false;
+				break;
+			}
+		}
+		if ( $isHTML ) {
+			$s = wfHtmlValidationHandler( $s );
+		}
+	}
 	if ( !$wgDisableOutputCompression && !ini_get( 'zlib.output_compression' ) ) {
 		if ( !defined( 'MW_NO_OUTPUT_COMPRESSION' ) ) {
 			$s = wfGzipHandler( $s );
@@ -22,9 +44,11 @@ function wfOutputHandler( $s ) {
  * the currently-requested URL.
  * This isn't on WebRequest because we need it when things aren't initialized
  * @private
+ *
+ * @return string
  */
 function wfRequestExtension() {
-	/// @fixme -- this sort of dupes some code in WebRequest::getRequestUrl()
+	/// @todo FIXME: this sort of dupes some code in WebRequest::getRequestUrl()
 	if( isset( $_SERVER['REQUEST_URI'] ) ) {
 		// Strip the query string...
 		list( $path ) = explode( '?', $_SERVER['REQUEST_URI'], 2 );
@@ -35,7 +59,7 @@ function wfRequestExtension() {
 		// Can't get the path from the server? :(
 		return '';
 	}
-	
+
 	$period = strrpos( $path, '.' );
 	if( $period !== false ) {
 		return strtolower( substr( $path, $period ) );
@@ -46,12 +70,16 @@ function wfRequestExtension() {
 /**
  * Handler that compresses data with gzip if allowed by the Accept header.
  * Unlike ob_gzhandler, it works for HEAD requests too.
+ * 
+ * @param $s string
+ *
+ * @return string
  */
 function wfGzipHandler( $s ) {
 	if( !function_exists( 'gzencode' ) || headers_sent() ) {
 		return $s;
 	}
-	
+
 	$ext = wfRequestExtension();
 	if( $ext == '.gz' || $ext == '.tgz' ) {
 		// Don't do gzip compression if the URL path ends in .gz or .tgz
@@ -60,15 +88,12 @@ function wfGzipHandler( $s ) {
 		// Bad Safari! Bad!
 		return $s;
 	}
-	
-	if( isset( $_SERVER['HTTP_ACCEPT_ENCODING'] ) ) {
-		$tokens = preg_split( '/[,; ]/', $_SERVER['HTTP_ACCEPT_ENCODING'] );
-		if ( in_array( 'gzip', $tokens ) ) {
-			header( 'Content-Encoding: gzip' );
-			$s = gzencode( $s, 3 );
-		}
+
+	if( wfClientAcceptsGzip() ) {
+		header( 'Content-Encoding: gzip' );
+		$s = gzencode( $s, 6 );
 	}
-	
+
 	// Set vary header if it hasn't been set already
 	$headers = headers_list();
 	$foundVary = false;
@@ -80,19 +105,34 @@ function wfGzipHandler( $s ) {
 	}
 	if ( !$foundVary ) {
 		header( 'Vary: Accept-Encoding' );
+		global $wgUseXVO;
+		if ( $wgUseXVO ) {
+			header( 'X-Vary-Options: Accept-Encoding;list-contains=gzip' );
+		}
 	}
 	return $s;
 }
 
 /**
  * Mangle flash policy tags which open up the site to XSS attacks.
+ *
+ * @param $s string
+ *
+ * @return string
  */
 function wfMangleFlashPolicy( $s ) {
-	return preg_replace( '/\<\s*cross-domain-policy\s*\>/i', '<NOT-cross-domain-policy>', $s );
+	# Avoid weird excessive memory usage in PCRE on big articles
+	if ( preg_match( '/\<\s*cross-domain-policy\s*\>/i', $s ) ) {
+		return preg_replace( '/\<\s*cross-domain-policy\s*\>/i', '<NOT-cross-domain-policy>', $s );
+	} else {
+		return $s;
+	}
 }
 
 /**
  * Add a Content-Length header if possible. This makes it cooperate with squid better.
+ *
+ * @param $length int
  */
 function wfDoContentLength( $length ) {
 	if ( !headers_sent() && $_SERVER['SERVER_PROTOCOL'] == 'HTTP/1.0' ) {
@@ -100,4 +140,63 @@ function wfDoContentLength( $length ) {
 	}
 }
 
+/**
+ * Replace the output with an error if the HTML is not valid
+ *
+ * @param $s string
+ *
+ * @return string
+ */
+function wfHtmlValidationHandler( $s ) {
+
+	$errors = '';
+	if ( MWTidy::checkErrors( $s, $errors ) ) {
+		return $s;
+	}
+
+	header( 'Cache-Control: no-cache' );
+
+	$out = <<<EOT
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" dir="ltr">
+<head>
+<title>HTML validation error</title>
+<style>
+.highlight { background-color: #ffc }
+li { white-space: pre }
+</style>
+</head>
+<body>
+<h1>HTML validation error</h1>
+<ul>
+EOT;
 
+	$error = strtok( $errors, "\n" );
+	$badLines = array();
+	while ( $error !== false ) {
+		if ( preg_match( '/^line (\d+)/', $error, $m ) ) {
+			$lineNum = intval( $m[1] );
+			$badLines[$lineNum] = true;
+			$out .= "<li><a href=\"#line-{$lineNum}\">" . htmlspecialchars( $error ) . "</a></li>\n";
+		}
+		$error = strtok( "\n" );
+	}
+
+	$out .= '</ul>';
+	$out .= '<pre>' . htmlspecialchars( $errors ) . '</pre>';
+	$out .= "<ol>\n";
+	$line = strtok( $s, "\n" );
+	$i = 1;
+	while ( $line !== false ) {
+		if ( isset( $badLines[$i] ) ) {
+			$out .= "<li class=\"highlight\" id=\"line-$i\">";
+		} else {
+			$out .= '<li>';
+		}
+		$out .= htmlspecialchars( $line ) . "</li>\n";
+		$line = strtok( "\n" );
+		$i++;
+	}
+	$out .= '</ol></body></html>';
+	return $out;
+}