dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
SECURITY: API: Avoid some silliness with browser-guessed filenames
[lhc/web/wiklou.git] / includes / Feed.php
1 <?php
2 /**
3 * Basic support for outputting syndication feeds in RSS, other formats.
4 *
5 * Contain a feed class as well as classes to build rss / atom ... feeds
6 * Available feeds are defined in Defines.php
7 *
8 * Copyright © 2004 Brion Vibber <brion@pobox.com>
9 * https://www.mediawiki.org/
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
24 * http://www.gnu.org/copyleft/gpl.html
25 *
26 * @file
27 */
28
29 /**
30 * @defgroup Feed Feed
31 */
32
33 /**
34 * A base class for basic support for outputting syndication feeds in RSS and other formats.
35 *
36 * @ingroup Feed
37 */
38 class FeedItem {
39 /** @var Title */
40 public $title;
41
42 public $description;
43
44 public $url;
45
46 public $date;
47
48 public $author;
49
50 public $uniqueId;
51
52 public $comments;
53
54 public $rssIsPermalink = false;
55
56 /**
57 * @param string|Title $title Item's title
58 * @param string $description
59 * @param string $url URL uniquely designating the item.
60 * @param string $date Item's date
61 * @param string $author Author's user name
62 * @param string $comments
63 */
64 function __construct( $title, $description, $url, $date = '', $author = '', $comments = '' ) {
65 $this->title = $title;
66 $this->description = $description;
67 $this->url = $url;
68 $this->uniqueId = $url;
69 $this->date = $date;
70 $this->author = $author;
71 $this->comments = $comments;
72 }
73
74 /**
75 * Encode $string so that it can be safely embedded in a XML document
76 *
77 * @param string $string String to encode
78 * @return string
79 */
80 public function xmlEncode( $string ) {
81 $string = str_replace( "\r\n", "\n", $string );
82 $string = preg_replace( '/[\x00-\x08\x0b\x0c\x0e-\x1f]/', '', $string );
83 return htmlspecialchars( $string );
84 }
85
86 /**
87 * Get the unique id of this item
88 *
89 * @return string
90 */
91 public function getUniqueId() {
92 if ( $this->uniqueId ) {
93 return $this->xmlEncode( wfExpandUrl( $this->uniqueId, PROTO_CURRENT ) );
94 }
95 }
96
97 /**
98 * Set the unique id of an item
99 *
100 * @param string $uniqueId Unique id for the item
101 * @param bool $rssIsPermalink Set to true if the guid (unique id) is a permalink (RSS feeds only)
102 */
103 public function setUniqueId( $uniqueId, $rssIsPermalink = false ) {
104 $this->uniqueId = $uniqueId;
105 $this->rssIsPermalink = $rssIsPermalink;
106 }
107
108 /**
109 * Get the title of this item; already xml-encoded
110 *
111 * @return string
112 */
113 public function getTitle() {
114 return $this->xmlEncode( $this->title );
115 }
116
117 /**
118 * Get the URL of this item; already xml-encoded
119 *
120 * @return string
121 */
122 public function getUrl() {
123 return $this->xmlEncode( $this->url );
124 }
125
126 /**
127 * Get the description of this item; already xml-encoded
128 *
129 * @return string
130 */
131 public function getDescription() {
132 return $this->xmlEncode( $this->description );
133 }
134
135 /**
136 * Get the language of this item
137 *
138 * @return string
139 */
140 public function getLanguage() {
141 global $wgLanguageCode;
142 return LanguageCode::bcp47( $wgLanguageCode );
143 }
144
145 /**
146 * Get the date of this item
147 *
148 * @return string
149 */
150 public function getDate() {
151 return $this->date;
152 }
153
154 /**
155 * Get the author of this item; already xml-encoded
156 *
157 * @return string
158 */
159 public function getAuthor() {
160 return $this->xmlEncode( $this->author );
161 }
162
163 /**
164 * Get the comment of this item; already xml-encoded
165 *
166 * @return string
167 */
168 public function getComments() {
169 return $this->xmlEncode( $this->comments );
170 }
171
172 /**
173 * Quickie hack... strip out wikilinks to more legible form from the comment.
174 *
175 * @param string $text Wikitext
176 * @return string
177 */
178 public static function stripComment( $text ) {
179 return preg_replace( '/\[\[([^]]*\|)?([^]]+)\]\]/', '\2', $text );
180 }
181 /**#@-*/
182 }
183
184 /**
185 * Class to support the outputting of syndication feeds in Atom and RSS format.
186 *
187 * @ingroup Feed
188 */
189 abstract class ChannelFeed extends FeedItem {
190 /**
191 * Generate Header of the feed
192 * @par Example:
193 * @code
194 * print "<feed>";
195 * @endcode
196 */
197 abstract public function outHeader();
198
199 /**
200 * Generate an item
201 * @par Example:
202 * @code
203 * print "<item>...</item>";
204 * @endcode
205 * @param FeedItem $item
206 */
207 abstract public function outItem( $item );
208
209 /**
210 * Generate Footer of the feed
211 * @par Example:
212 * @code
213 * print "</feed>";
214 * @endcode
215 */
216 abstract public function outFooter();
217
218 /**
219 * Setup and send HTTP headers. Don't send any content;
220 * content might end up being cached and re-sent with
221 * these same headers later.
222 *
223 * This should be called from the outHeader() method,
224 * but can also be called separately.
225 */
226 public function httpHeaders() {
227 global $wgOut, $wgVaryOnXFP;
228
229 # We take over from $wgOut, excepting its cache header info
230 $wgOut->disable();
231 $mimetype = $this->contentType();
232 header( "Content-type: $mimetype; charset=UTF-8" );
233
234 // Set a sane filename
235 $exts = MimeMagic::singleton()->getExtensionsForType( $mimetype );
236 $ext = $exts ? strtok( $exts, ' ' ) : 'xml';
237 header( "Content-Disposition: inline; filename=\"feed.{$ext}\"" );
238
239 if ( $wgVaryOnXFP ) {
240 $wgOut->addVaryHeader( 'X-Forwarded-Proto' );
241 }
242 $wgOut->sendCacheControl();
243 }
244
245 /**
246 * Return an internet media type to be sent in the headers.
247 *
248 * @return string
249 */
250 private function contentType() {
251 global $wgRequest;
252
253 $ctype = $wgRequest->getVal( 'ctype', 'application/xml' );
254 $allowedctypes = [
255 'application/xml',
256 'text/xml',
257 'application/rss+xml',
258 'application/atom+xml'
259 ];
260
261 return ( in_array( $ctype, $allowedctypes ) ? $ctype : 'application/xml' );
262 }
263
264 /**
265 * Output the initial XML headers.
266 */
267 protected function outXmlHeader() {
268 $this->httpHeaders();
269 echo '<?xml version="1.0"?>' . "\n";
270 }
271 }
272
273 /**
274 * Generate a RSS feed
275 *
276 * @ingroup Feed
277 */
278 class RSSFeed extends ChannelFeed {
279
280 /**
281 * Format a date given a timestamp
282 *
283 * @param int $ts Timestamp
284 * @return string Date string
285 */
286 function formatTime( $ts ) {
287 return gmdate( 'D, d M Y H:i:s \G\M\T', wfTimestamp( TS_UNIX, $ts ) );
288 }
289
290 /**
291 * Output an RSS 2.0 header
292 */
293 function outHeader() {
294 global $wgVersion;
295
296 $this->outXmlHeader();
297 ?><rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/">
298 <channel>
299 <title><?php print $this->getTitle() ?></title>
300 <link><?php print wfExpandUrl( $this->getUrl(), PROTO_CURRENT ) ?></link>
301 <description><?php print $this->getDescription() ?></description>
302 <language><?php print $this->getLanguage() ?></language>
303 <generator>MediaWiki <?php print $wgVersion ?></generator>
304 <lastBuildDate><?php print $this->formatTime( wfTimestampNow() ) ?></lastBuildDate>
305 <?php
306 }
307
308 /**
309 * Output an RSS 2.0 item
310 * @param FeedItem $item Item to be output
311 */
312 function outItem( $item ) {
313 // @codingStandardsIgnoreStart Ignore long lines and formatting issues.
314 ?>
315 <item>
316 <title><?php print $item->getTitle(); ?></title>
317 <link><?php print wfExpandUrl( $item->getUrl(), PROTO_CURRENT ); ?></link>
318 <guid<?php if ( !$item->rssIsPermalink ) { print ' isPermaLink="false"'; } ?>><?php print $item->getUniqueId(); ?></guid>
319 <description><?php print $item->getDescription() ?></description>
320 <?php if ( $item->getDate() ) { ?><pubDate><?php print $this->formatTime( $item->getDate() ); ?></pubDate><?php } ?>
321 <?php if ( $item->getAuthor() ) { ?><dc:creator><?php print $item->getAuthor(); ?></dc:creator><?php }?>
322 <?php if ( $item->getComments() ) { ?><comments><?php print wfExpandUrl( $item->getComments(), PROTO_CURRENT ); ?></comments><?php }?>
323 </item>
324 <?php
325 // @codingStandardsIgnoreEnd
326 }
327
328 /**
329 * Output an RSS 2.0 footer
330 */
331 function outFooter() {
332 ?>
333 </channel>
334 </rss><?php
335 }
336 }
337
338 /**
339 * Generate an Atom feed
340 *
341 * @ingroup Feed
342 */
343 class AtomFeed extends ChannelFeed {
344 /**
345 * Format a date given timestamp.
346 *
347 * @param string|int $timestamp
348 * @return string
349 */
350 function formatTime( $timestamp ) {
351 // need to use RFC 822 time format at least for rss2.0
352 return gmdate( 'Y-m-d\TH:i:s', wfTimestamp( TS_UNIX, $timestamp ) );
353 }
354
355 /**
356 * Outputs a basic header for Atom 1.0 feeds.
357 */
358 function outHeader() {
359 global $wgVersion;
360
361 $this->outXmlHeader();
362 // @codingStandardsIgnoreStart Ignore long lines and formatting issues.
363 ?><feed xmlns="http://www.w3.org/2005/Atom" xml:lang="<?php print $this->getLanguage() ?>">
364 <id><?php print $this->getFeedId() ?></id>
365 <title><?php print $this->getTitle() ?></title>
366 <link rel="self" type="application/atom+xml" href="<?php print wfExpandUrl( $this->getSelfUrl(), PROTO_CURRENT ) ?>"/>
367 <link rel="alternate" type="text/html" href="<?php print wfExpandUrl( $this->getUrl(), PROTO_CURRENT ) ?>"/>
368 <updated><?php print $this->formatTime( wfTimestampNow() ) ?>Z</updated>
369 <subtitle><?php print $this->getDescription() ?></subtitle>
370 <generator>MediaWiki <?php print $wgVersion ?></generator>
371
372 <?php
373 // @codingStandardsIgnoreEnd
374 }
375
376 /**
377 * Atom 1.0 requires a unique, opaque IRI as a unique identifier
378 * for every feed we create. For now just use the URL, but who
379 * can tell if that's right? If we put options on the feed, do we
380 * have to change the id? Maybe? Maybe not.
381 *
382 * @return string
383 */
384 private function getFeedId() {
385 return $this->getSelfUrl();
386 }
387
388 /**
389 * Atom 1.0 requests a self-reference to the feed.
390 * @return string
391 */
392 private function getSelfUrl() {
393 global $wgRequest;
394 return htmlspecialchars( $wgRequest->getFullRequestURL() );
395 }
396
397 /**
398 * Output a given item.
399 * @param FeedItem $item
400 */
401 function outItem( $item ) {
402 global $wgMimeType;
403 // @codingStandardsIgnoreStart Ignore long lines and formatting issues.
404 ?>
405 <entry>
406 <id><?php print $item->getUniqueId(); ?></id>
407 <title><?php print $item->getTitle(); ?></title>
408 <link rel="alternate" type="<?php print $wgMimeType ?>" href="<?php print wfExpandUrl( $item->getUrl(), PROTO_CURRENT ); ?>"/>
409 <?php if ( $item->getDate() ) { ?>
410 <updated><?php print $this->formatTime( $item->getDate() ); ?>Z</updated>
411 <?php } ?>
412
413 <summary type="html"><?php print $item->getDescription() ?></summary>
414 <?php if ( $item->getAuthor() ) { ?><author><name><?php print $item->getAuthor(); ?></name></author><?php }?>
415 </entry>
416
417 <?php /* @todo FIXME: Need to add comments
418 <?php if( $item->getComments() ) { ?><dc:comment><?php print $item->getComments() ?></dc:comment><?php }?>
419 */
420 }
421
422 /**
423 * Outputs the footer for Atom 1.0 feed (basically '\</feed\>').
424 */
425 function outFooter() {?>
426 </feed><?php
427 // @codingStandardsIgnoreEnd
428 }
429 }
Wiklou, le Wiki du Wiklou