X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FWebResponse.php;h=3a4faf0faa1f6846521198c03bfa57a8f982a0aa;hb=bc7f55fcf489dd07b0d320e23021133a7f6fc133;hp=022a49e1227b9e729ff7c506e772569cf1abcf3a;hpb=be443601ad5dcb87ec6d1b009decb8451bfe544c;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/WebResponse.php b/includes/WebResponse.php
index 022a49e122..3a4faf0faa 100644
--- a/includes/WebResponse.php
+++ b/includes/WebResponse.php
@@ -32,6 +32,22 @@ class WebResponse {
 	 */
 	protected static $setCookies = [];
 
+	/** @var bool Used to disable setters before running jobs post-request (T191537) */
+	protected static $disableForPostSend = false;
+
+	/**
+	 * Disable setters for post-send processing
+	 *
+	 * After this call, self::setCookie(), self::header(), and
+	 * self::statusHeader() will log a warning and return without
+	 * setting cookies or headers.
+	 *
+	 * @since 1.32
+	 */
+	public static function disableForPostSend() {
+		self::$disableForPostSend = true;
+	}
+
 	/**
 	 * Output an HTTP header, wrapper for PHP's header()
 	 * @param string $string Header to output
@@ -39,6 +55,16 @@ class WebResponse {
 	 * @param null|int $http_response_code Forces the HTTP response code to the specified value.
 	 */
 	public function header( $string, $replace = true, $http_response_code = null ) {
+		if ( self::$disableForPostSend ) {
+			wfDebugLog( 'header', 'ignored post-send header {header}', 'all', [
+				'header' => $string,
+				'replace' => $replace,
+				'http_response_code' => $http_response_code,
+				'exception' => new RuntimeException( 'Ignored post-send header' ),
+			] );
+			return;
+		}
+
 		\MediaWiki\HeaderCallback::warnIfHeadersSent();
 		if ( $http_response_code ) {
 			header( $string, $replace, $http_response_code );
@@ -69,6 +95,14 @@ class WebResponse {
 	 * @param int $code Status code
 	 */
 	public function statusHeader( $code ) {
+		if ( self::$disableForPostSend ) {
+			wfDebugLog( 'header', 'ignored post-send status header {code}', 'all', [
+				'code' => $code,
+				'exception' => new RuntimeException( 'Ignored post-send status header' ),
+			] );
+			return;
+		}
+
 		HttpStatus::header( $code );
 	}
 
@@ -117,9 +151,29 @@ class WebResponse {
 			$expire = time() + $wgCookieExpiration;
 		}
 
+		if ( self::$disableForPostSend ) {
+			$cookie = $options['prefix'] . $name;
+			wfDebugLog( 'cookie', 'ignored post-send cookie {cookie}', 'all', [
+				'cookie' => $cookie,
+				'data' => [
+					'name' => (string)$cookie,
+					'value' => (string)$value,
+					'expire' => (int)$expire,
+					'path' => (string)$options['path'],
+					'domain' => (string)$options['domain'],
+					'secure' => (bool)$options['secure'],
+					'httpOnly' => (bool)$options['httpOnly'],
+				],
+				'exception' => new RuntimeException( 'Ignored post-send cookie' ),
+			] );
+			return;
+		}
+
 		$func = $options['raw'] ? 'setrawcookie' : 'setcookie';
 
 		if ( Hooks::run( 'WebResponseSetCookie', [ &$name, &$value, &$expire, &$options ] ) ) {
+			// Note: Don't try to move this earlier to reuse it for self::$disableForPostSend,
+			// we need to use the altered values from the hook here. (T198525)
 			$cookie = $options['prefix'] . $name;
 			$data = [
 				'name' => (string)$cookie,