dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
ApiFormatBase: Encode filenames in Content-Disposition
[lhc/web/wiklou.git] / includes / api / ApiFormatBase.php
1 <?php
2 /**
3 * Copyright © 2006 Yuri Astrakhan "<Firstname><Lastname>@gmail.com"
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 */
22
23 /**
24 * This is the abstract base class for API formatters.
25 *
26 * @ingroup API
27 */
28 abstract class ApiFormatBase extends ApiBase {
29 private $mIsHtml, $mFormat;
30 private $mBuffer, $mDisabled = false;
31 private $mIsWrappedHtml = false;
32 private $mHttpStatus = false;
33 protected $mForceDefaultParams = false;
34
35 /**
36 * If $format ends with 'fm', pretty-print the output in HTML.
37 * @param ApiMain $main
38 * @param string $format Format name
39 */
40 public function __construct( ApiMain $main, $format ) {
41 parent::__construct( $main, $format );
42
43 $this->mIsHtml = ( substr( $format, -2, 2 ) === 'fm' ); // ends with 'fm'
44 if ( $this->mIsHtml ) {
45 $this->mFormat = substr( $format, 0, -2 ); // remove ending 'fm'
46 $this->mIsWrappedHtml = $this->getMain()->getCheck( 'wrappedhtml' );
47 } else {
48 $this->mFormat = $format;
49 }
50 $this->mFormat = strtoupper( $this->mFormat );
51 }
52
53 /**
54 * Overriding class returns the MIME type that should be sent to the client.
55 *
56 * When getIsHtml() returns true, the return value here is used for syntax
57 * highlighting but the client sees text/html.
58 *
59 * @return string
60 */
61 abstract public function getMimeType();
62
63 /**
64 * Return a filename for this module's output.
65 * @note If $this->getIsWrappedHtml() || $this->getIsHtml(), you'll very
66 * likely want to fall back to this class's version.
67 * @since 1.27
68 * @return string Generally this should be "api-result.$ext"
69 */
70 public function getFilename() {
71 if ( $this->getIsWrappedHtml() ) {
72 return 'api-result-wrapped.json';
73 } elseif ( $this->getIsHtml() ) {
74 return 'api-result.html';
75 } else {
76 $exts = MediaWiki\MediaWikiServices::getInstance()->getMimeAnalyzer()
77 ->getExtensionsForType( $this->getMimeType() );
78 $ext = $exts ? strtok( $exts, ' ' ) : strtolower( $this->mFormat );
79 return "api-result.$ext";
80 }
81 }
82
83 /**
84 * Get the internal format name
85 * @return string
86 */
87 public function getFormat() {
88 return $this->mFormat;
89 }
90
91 /**
92 * Returns true when the HTML pretty-printer should be used.
93 * The default implementation assumes that formats ending with 'fm'
94 * should be formatted in HTML.
95 * @return bool
96 */
97 public function getIsHtml() {
98 return $this->mIsHtml;
99 }
100
101 /**
102 * Returns true when the special wrapped mode is enabled.
103 * @since 1.27
104 * @return bool
105 */
106 protected function getIsWrappedHtml() {
107 return $this->mIsWrappedHtml;
108 }
109
110 /**
111 * Disable the formatter.
112 *
113 * This causes calls to initPrinter() and closePrinter() to be ignored.
114 */
115 public function disable() {
116 $this->mDisabled = true;
117 }
118
119 /**
120 * Whether the printer is disabled
121 * @return bool
122 */
123 public function isDisabled() {
124 return $this->mDisabled;
125 }
126
127 /**
128 * Whether this formatter can handle printing API errors.
129 *
130 * If this returns false, then on API errors the default printer will be
131 * instantiated.
132 * @since 1.23
133 * @return bool
134 */
135 public function canPrintErrors() {
136 return true;
137 }
138
139 /**
140 * Ignore request parameters, force a default.
141 *
142 * Used as a fallback if errors are being thrown.
143 * @since 1.26
144 */
145 public function forceDefaultParams() {
146 $this->mForceDefaultParams = true;
147 }
148
149 /**
150 * Overridden to honor $this->forceDefaultParams(), if applicable
151 * @inheritDoc
152 * @since 1.26
153 */
154 protected function getParameterFromSettings( $paramName, $paramSettings, $parseLimit ) {
155 if ( !$this->mForceDefaultParams ) {
156 return parent::getParameterFromSettings( $paramName, $paramSettings, $parseLimit );
157 }
158
159 if ( !is_array( $paramSettings ) ) {
160 return $paramSettings;
161 } elseif ( isset( $paramSettings[self::PARAM_DFLT] ) ) {
162 return $paramSettings[self::PARAM_DFLT];
163 } else {
164 return null;
165 }
166 }
167
168 /**
169 * Set the HTTP status code to be used for the response
170 * @since 1.29
171 * @param int $code
172 */
173 public function setHttpStatus( $code ) {
174 if ( $this->mDisabled ) {
175 return;
176 }
177
178 if ( $this->getIsHtml() ) {
179 $this->mHttpStatus = $code;
180 } else {
181 $this->getMain()->getRequest()->response()->statusHeader( $code );
182 }
183 }
184
185 /**
186 * Initialize the printer function and prepare the output headers.
187 * @param bool $unused Always false since 1.25
188 */
189 public function initPrinter( $unused = false ) {
190 if ( $this->mDisabled ) {
191 return;
192 }
193
194 $mime = $this->getIsWrappedHtml()
195 ? 'text/mediawiki-api-prettyprint-wrapped'
196 : ( $this->getIsHtml() ? 'text/html' : $this->getMimeType() );
197
198 // Some printers (ex. Feed) do their own header settings,
199 // in which case $mime will be set to null
200 if ( $mime === null ) {
201 return; // skip any initialization
202 }
203
204 $this->getMain()->getRequest()->response()->header( "Content-Type: $mime; charset=utf-8" );
205
206 // Set X-Frame-Options API results (T41180)
207 $apiFrameOptions = $this->getConfig()->get( 'ApiFrameOptions' );
208 if ( $apiFrameOptions ) {
209 $this->getMain()->getRequest()->response()->header( "X-Frame-Options: $apiFrameOptions" );
210 }
211
212 // Set a Content-Disposition header so something downloading an API
213 // response uses a halfway-sensible filename (T128209).
214 $header = 'Content-Disposition: inline';
215 $filename = $this->getFilename();
216 $compatFilename = mb_convert_encoding( $filename, 'ISO-8859-1' );
217 if ( preg_match( '/^[0-9a-zA-Z!#$%&\'*+\-.^_`|~]+$/', $compatFilename ) ) {
218 $header .= '; filename=' . $compatFilename;
219 } else {
220 $header .= '; filename="'
221 . preg_replace( '/([\0-\x1f"\x5c\x7f])/', '\\\\$1', $compatFilename ) . '"';
222 }
223 if ( $compatFilename !== $filename ) {
224 $value = "UTF-8''" . rawurlencode( $filename );
225 // rawurlencode() encodes more characters than RFC 5987 specifies. Unescape the ones it allows.
226 $value = strtr( $value, [
227 '%21' => '!', '%23' => '#', '%24' => '$', '%26' => '&', '%2B' => '+', '%5E' => '^',
228 '%60' => '`', '%7C' => '|',
229 ] );
230 $header .= '; filename*=' . $value;
231 }
232 $this->getMain()->getRequest()->response()->header( $header );
233 }
234
235 /**
236 * Finish printing and output buffered data.
237 */
238 public function closePrinter() {
239 if ( $this->mDisabled ) {
240 return;
241 }
242
243 $mime = $this->getMimeType();
244 if ( $this->getIsHtml() && $mime !== null ) {
245 $format = $this->getFormat();
246 $lcformat = strtolower( $format );
247 $result = $this->getBuffer();
248
249 $context = new DerivativeContext( $this->getMain() );
250 $context->setSkin( SkinFactory::getDefaultInstance()->makeSkin( 'apioutput' ) );
251 $context->setTitle( SpecialPage::getTitleFor( 'ApiHelp' ) );
252 $out = new OutputPage( $context );
253 $context->setOutput( $out );
254
255 $out->addModuleStyles( 'mediawiki.apipretty' );
256 $out->setPageTitle( $context->msg( 'api-format-title' ) );
257
258 if ( !$this->getIsWrappedHtml() ) {
259 // When the format without suffix 'fm' is defined, there is a non-html version
260 if ( $this->getMain()->getModuleManager()->isDefined( $lcformat, 'format' ) ) {
261 if ( !$this->getRequest()->wasPosted() ) {
262 $nonHtmlUrl = strtok( $this->getRequest()->getFullRequestURL(), '?' )
263 . '?' . $this->getRequest()->appendQueryValue( 'format', $lcformat );
264 $msg = $context->msg( 'api-format-prettyprint-header-hyperlinked' )
265 ->params( $format, $lcformat, $nonHtmlUrl );
266 } else {
267 $msg = $context->msg( 'api-format-prettyprint-header' )->params( $format, $lcformat );
268 }
269 } else {
270 $msg = $context->msg( 'api-format-prettyprint-header-only-html' )->params( $format );
271 }
272
273 $header = $msg->parseAsBlock();
274 $out->addHTML(
275 Html::rawElement( 'div', [ 'class' => 'api-pretty-header' ],
276 ApiHelp::fixHelpLinks( $header )
277 )
278 );
279
280 if ( $this->mHttpStatus && $this->mHttpStatus !== 200 ) {
281 $out->addHTML(
282 Html::rawElement( 'div', [ 'class' => 'api-pretty-header api-pretty-status' ],
283 $this->msg(
284 'api-format-prettyprint-status',
285 $this->mHttpStatus,
286 HttpStatus::getMessage( $this->mHttpStatus )
287 )->parse()
288 )
289 );
290 }
291 }
292
293 if ( Hooks::run( 'ApiFormatHighlight', [ $context, $result, $mime, $format ] ) ) {
294 $out->addHTML(
295 Html::element( 'pre', [ 'class' => 'api-pretty-content' ], $result )
296 );
297 }
298
299 if ( $this->getIsWrappedHtml() ) {
300 // This is a special output mode mainly intended for ApiSandbox use
301 $time = microtime( true ) - $this->getConfig()->get( 'RequestTime' );
302 $json = FormatJson::encode(
303 [
304 'status' => (int)( $this->mHttpStatus ?: 200 ),
305 'statustext' => HttpStatus::getMessage( $this->mHttpStatus ?: 200 ),
306 'html' => $out->getHTML(),
307 'modules' => array_values( array_unique( array_merge(
308 $out->getModules(),
309 $out->getModuleScripts(),
310 $out->getModuleStyles()
311 ) ) ),
312 'continue' => $this->getResult()->getResultData( 'continue' ),
313 'time' => round( $time * 1000 ),
314 ],
315 false, FormatJson::ALL_OK
316 );
317
318 // T68776: wfMangleFlashPolicy() is needed to avoid a nasty bug in
319 // Flash, but what it does isn't friendly for the API, so we need to
320 // work around it.
321 if ( preg_match( '/\<\s*cross-domain-policy\s*\>/i', $json ) ) {
322 $json = preg_replace(
323 '/\<(\s*cross-domain-policy\s*)\>/i', '\\u003C$1\\u003E', $json
324 );
325 }
326
327 echo $json;
328 } else {
329 // API handles its own clickjacking protection.
330 // Note, that $wgBreakFrames will still override $wgApiFrameOptions for format mode.
331 $out->allowClickjacking();
332 $out->output();
333 }
334 } else {
335 // For non-HTML output, clear all errors that might have been
336 // displayed if display_errors=On
337 ob_clean();
338
339 echo $this->getBuffer();
340 }
341 }
342
343 /**
344 * Append text to the output buffer.
345 * @param string $text
346 */
347 public function printText( $text ) {
348 $this->mBuffer .= $text;
349 }
350
351 /**
352 * Get the contents of the buffer.
353 * @return string
354 */
355 public function getBuffer() {
356 return $this->mBuffer;
357 }
358
359 public function getAllowedParams() {
360 $ret = [];
361 if ( $this->getIsHtml() ) {
362 $ret['wrappedhtml'] = [
363 ApiBase::PARAM_DFLT => false,
364 ApiBase::PARAM_HELP_MSG => 'apihelp-format-param-wrappedhtml',
365
366 ];
367 }
368 return $ret;
369 }
370
371 protected function getExamplesMessages() {
372 return [
373 'action=query&meta=siteinfo&siprop=namespaces&format=' . $this->getModuleName()
374 => [ 'apihelp-format-example-generic', $this->getFormat() ]
375 ];
376 }
377
378 public function getHelpUrls() {
379 return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Data_formats';
380 }
381
382 }
383
384 /**
385 * For really cool vim folding this needs to be at the end:
386 * vim: foldmarker=@{,@} foldmethod=marker
387 */
Wiklou, le Wiki du Wiklou