X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FOutputPage.php;h=4f99f34a3d4cd70023a74bc4568a43d01ec701f3;hb=0e1c391d97418e646a58d6f6f2545a83271b07ff;hp=f680d456d24668c6f3e69a8712a009dc274a8935;hpb=638c4528259b71a5bc90439fad7cd8d110a86b06;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/OutputPage.php b/includes/OutputPage.php index f680d456d2..4f99f34a3d 100644 --- a/includes/OutputPage.php +++ b/includes/OutputPage.php @@ -236,6 +236,8 @@ class OutputPage extends ContextSource { /** @var int Cache stuff. Looks like mEnableClientCache */ protected $mSquidMaxage = 0; + /** @var int Upper limit on mSquidMaxage */ + protected $mCdnMaxageLimit = INF; /** * @var bool Controls if anti-clickjacking / frame-breaking headers will @@ -271,7 +273,7 @@ class OutputPage extends ContextSource { private $mIndexPolicy = 'index'; private $mFollowPolicy = 'follow'; private $mVaryHeader = array( - 'Accept-Encoding' => array( 'list-contains=gzip' ), + 'Accept-Encoding' => array( 'match=gzip' ), ); /** @@ -1945,7 +1947,18 @@ class OutputPage extends ContextSource { * @param int $maxage Maximum cache time on the Squid, in seconds. */ public function setSquidMaxage( $maxage ) { - $this->mSquidMaxage = $maxage; + $this->mSquidMaxage = min( $maxage, $this->mCdnMaxageLimit ); + } + + /** + * Lower the value of the "s-maxage" part of the "Cache-control" HTTP header + * + * @param int $maxage Maximum cache time on the Squid, in seconds + * @since 1.27 + */ + public function lowerCdnMaxage( $maxage ) { + $this->mCdnMaxageLimit = min( $maxage, $this->mCdnMaxageLimit ); + $this->setSquidMaxage( $this->mSquidMaxage ); } /** @@ -1989,14 +2002,9 @@ class OutputPage extends ContextSource { * @return bool */ function haveCacheVaryCookies() { - $cookieHeader = $this->getRequest()->getHeader( 'cookie' ); - if ( $cookieHeader === false ) { - return false; - } - $cvCookies = $this->getCacheVaryCookies(); - foreach ( $cvCookies as $cookieName ) { - # Check for a simple string match, like the way squid does it - if ( strpos( $cookieHeader, $cookieName ) !== false ) { + $request = $this->getRequest(); + foreach ( $this->getCacheVaryCookies() as $cookieName ) { + if ( $request->getCookie( $cookieName, '', '' ) !== '' ) { wfDebug( __METHOD__ . ": found $cookieName\n" ); return true; } @@ -2009,11 +2017,9 @@ class OutputPage extends ContextSource { * Add an HTTP header that will influence on the cache * * @param string $header Header name - * @param string[]|null $option Options for X-Vary-Options. Possible options are: - * - "string-contains=$XXX" varies on whether the header value as a string - * contains $XXX as a substring. - * - "list-contains=$XXX" varies on whether the header value as a - * comma-separated list contains $XXX as one of the list items. + * @param string[]|null $option Options for the Key header. See + * https://datatracker.ietf.org/doc/draft-fielding-http-key/ + * for the list of valid options. */ public function addVaryHeader( $header, array $option = null ) { if ( !array_key_exists( $header, $this->mVaryHeader ) ) { @@ -2036,16 +2042,16 @@ class OutputPage extends ContextSource { } /** - * Get a complete X-Vary-Options header + * Get a complete Key header * * @return string */ - public function getXVO() { + public function getKeyHeader() { $cvCookies = $this->getCacheVaryCookies(); $cookiesOption = array(); foreach ( $cvCookies as $cookieName ) { - $cookiesOption[] = 'string-contains=' . $cookieName; + $cookiesOption[] = 'param=' . $cookieName; } $this->addVaryHeader( 'Cookie', $cookiesOption ); @@ -2057,13 +2063,13 @@ class OutputPage extends ContextSource { } $headers[] = $newheader; } - $xvo = 'X-Vary-Options: ' . implode( ',', $headers ); + $key = 'Key: ' . implode( ',', $headers ); - return $xvo; + return $key; } /** - * bug 21672: Add Accept-Language to Vary and XVO headers + * T23672: Add Accept-Language to Vary and Key headers * if there's no 'variant' parameter existed in GET. * * For example: @@ -2084,14 +2090,14 @@ class OutputPage extends ContextSource { if ( $variant === $lang->getCode() ) { continue; } else { - $aloption[] = 'string-contains=' . $variant; + $aloption[] = 'substr=' . $variant; // IE and some other browsers use BCP 47 standards in // their Accept-Language header, like "zh-CN" or "zh-Hant". // We should handle these too. $variantBCP47 = wfBCP47( $variant ); if ( $variantBCP47 !== $variant ) { - $aloption[] = 'string-contains=' . $variantBCP47; + $aloption[] = 'substr=' . $variantBCP47; } } } @@ -2166,9 +2172,8 @@ class OutputPage extends ContextSource { # maintain different caches for logged-in users and non-logged in ones $response->header( $this->getVaryHeader() ); - if ( $config->get( 'UseXVO' ) ) { - # Add an X-Vary-Options header for Squid with Wikimedia patches - $response->header( $this->getXVO() ); + if ( $config->get( 'UseKeyHeader' ) ) { + $response->header( $this->getKeyHeader() ); } if ( $this->mEnableClientCache ) { @@ -3307,22 +3312,31 @@ class OutputPage extends ContextSource { * @return bool */ public function userCanPreview() { - if ( $this->getRequest()->getVal( 'action' ) != 'submit' - || !$this->getRequest()->wasPosted() - || !$this->getUser()->matchEditToken( - $this->getRequest()->getVal( 'wpEditToken' ) ) - ) { + $request = $this->getRequest(); + if ( $request->getVal( 'action' ) !== 'submit' || !$request->wasPosted() ) { return false; } - if ( !$this->getTitle()->isJsSubpage() && !$this->getTitle()->isCssSubpage() ) { + + $user = $this->getUser(); + if ( !$user->matchEditToken( $request->getVal( 'wpEditToken' ) ) ) { + return false; + } + + $title = $this->getTitle(); + if ( !$title->isJsSubpage() && !$title->isCssSubpage() ) { return false; } - if ( !$this->getTitle()->isSubpageOf( $this->getUser()->getUserPage() ) ) { + if ( !$title->isSubpageOf( $user->getUserPage() ) ) { // Don't execute another user's CSS or JS on preview (T85855) return false; } - return !count( $this->getTitle()->getUserPermissionsErrors( 'edit', $this->getUser() ) ); + $errors = $title->getUserPermissionsErrors( 'edit', $user ); + if ( count( $errors ) !== 0 ) { + return false; + } + + return true; } /**