dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge "filebackend: rename and simplify header sanitizing methods in SwiftFileBackend"
[lhc/web/wiklou.git] / includes / resourceloader / ResourceLoader.php
1 <?php
2 /**
3 * Base class for resource loading system.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 * @author Roan Kattouw
22 * @author Trevor Parscal
23 */
24
25 use MediaWiki\MediaWikiServices;
26 use Psr\Log\LoggerAwareInterface;
27 use Psr\Log\LoggerInterface;
28 use Psr\Log\NullLogger;
29 use Wikimedia\Rdbms\DBConnectionError;
30 use Wikimedia\WrappedString;
31
32 /**
33 * Dynamic JavaScript and CSS resource loading system.
34 *
35 * Most of the documentation is on the MediaWiki documentation wiki starting at:
36 * https://www.mediawiki.org/wiki/ResourceLoader
37 */
38 class ResourceLoader implements LoggerAwareInterface {
39 /** @var Config $config */
40 protected $config;
41 /** @var MessageBlobStore */
42 protected $blobStore;
43
44 /** @var LoggerInterface */
45 private $logger;
46
47 /** @var ResourceLoaderModule[] Map of (module name => ResourceLoaderModule) */
48 protected $modules = [];
49 /** @var array[] Map of (module name => associative info array) */
50 protected $moduleInfos = [];
51 /**
52 * Associative array mapping framework ids to a list of names of test suite modules
53 * like [ 'qunit' => [ 'mediawiki.tests.qunit.suites', 'ext.foo.tests', ... ], ... ]
54 * @var array
55 */
56 protected $testModuleNames = [];
57 /** @var string[] List of module names that contain QUnit test suites */
58 protected $testSuiteModuleNames = [];
59
60 /** @var array Map of (source => path); E.g. [ 'source-id' => 'http://.../load.php' ] */
61 protected $sources = [];
62 /** @var array Errors accumulated during current respond() call */
63 protected $errors = [];
64 /** @var string[] Extra HTTP response headers from modules loaded in makeModuleResponse() */
65 protected $extraHeaders = [];
66
67 /** @var bool */
68 protected static $debugMode = null;
69
70 /** @var int */
71 const CACHE_VERSION = 8;
72
73 /** @var string JavaScript / CSS pragma to disable minification. * */
74 const FILTER_NOMIN = '/*@nomin*/';
75
76 /**
77 * Load information stored in the database about modules.
78 *
79 * This method grabs modules dependencies from the database and updates modules
80 * objects.
81 *
82 * This is not inside the module code because it is much faster to
83 * request all of the information at once than it is to have each module
84 * requests its own information. This sacrifice of modularity yields a substantial
85 * performance improvement.
86 *
87 * @param array $moduleNames List of module names to preload information for
88 * @param ResourceLoaderContext $context Context to load the information within
89 */
90 public function preloadModuleInfo( array $moduleNames, ResourceLoaderContext $context ) {
91 if ( !$moduleNames ) {
92 // Or else Database*::select() will explode, plus it's cheaper!
93 return;
94 }
95 $dbr = wfGetDB( DB_REPLICA );
96 $lang = $context->getLanguage();
97
98 // Batched version of ResourceLoaderModule::getFileDependencies
99 $vary = ResourceLoaderModule::getVary( $context );
100 $res = $dbr->select( 'module_deps', [ 'md_module', 'md_deps' ], [
101 'md_module' => $moduleNames,
102 'md_skin' => $vary,
103 ], __METHOD__
104 );
105
106 // Prime in-object cache for file dependencies
107 $modulesWithDeps = [];
108 foreach ( $res as $row ) {
109 $module = $this->getModule( $row->md_module );
110 if ( $module ) {
111 $module->setFileDependencies( $context, ResourceLoaderModule::expandRelativePaths(
112 json_decode( $row->md_deps, true )
113 ) );
114 $modulesWithDeps[] = $row->md_module;
115 }
116 }
117 // Register the absence of a dependency row too
118 foreach ( array_diff( $moduleNames, $modulesWithDeps ) as $name ) {
119 $module = $this->getModule( $name );
120 if ( $module ) {
121 $this->getModule( $name )->setFileDependencies( $context, [] );
122 }
123 }
124
125 // Batched version of ResourceLoaderWikiModule::getTitleInfo
126 ResourceLoaderWikiModule::preloadTitleInfo( $context, $dbr, $moduleNames );
127
128 // Prime in-object cache for message blobs for modules with messages
129 $modules = [];
130 foreach ( $moduleNames as $name ) {
131 $module = $this->getModule( $name );
132 if ( $module && $module->getMessages() ) {
133 $modules[$name] = $module;
134 }
135 }
136 $store = $this->getMessageBlobStore();
137 $blobs = $store->getBlobs( $modules, $lang );
138 foreach ( $blobs as $name => $blob ) {
139 $modules[$name]->setMessageBlob( $blob, $lang );
140 }
141 }
142
143 /**
144 * Run JavaScript or CSS data through a filter, caching the filtered result for future calls.
145 *
146 * Available filters are:
147 *
148 * - minify-js \see JavaScriptMinifier::minify
149 * - minify-css \see CSSMin::minify
150 *
151 * If $data is empty, only contains whitespace or the filter was unknown,
152 * $data is returned unmodified.
153 *
154 * @param string $filter Name of filter to run
155 * @param string $data Text to filter, such as JavaScript or CSS text
156 * @param array $options Keys:
157 * - (bool) cache: Whether to allow caching this data. Default: true.
158 * @return string Filtered data, or a comment containing an error message
159 */
160 public static function filter( $filter, $data, array $options = [] ) {
161 if ( strpos( $data, self::FILTER_NOMIN ) !== false ) {
162 return $data;
163 }
164
165 if ( isset( $options['cache'] ) && $options['cache'] === false ) {
166 return self::applyFilter( $filter, $data );
167 }
168
169 $stats = MediaWikiServices::getInstance()->getStatsdDataFactory();
170 $cache = ObjectCache::getLocalServerInstance( CACHE_ANYTHING );
171
172 $key = $cache->makeGlobalKey(
173 'resourceloader-filter',
174 $filter,
175 self::CACHE_VERSION,
176 md5( $data )
177 );
178
179 $result = $cache->get( $key );
180 if ( $result === false ) {
181 $stats->increment( "resourceloader_cache.$filter.miss" );
182 $result = self::applyFilter( $filter, $data );
183 $cache->set( $key, $result, 24 * 3600 );
184 } else {
185 $stats->increment( "resourceloader_cache.$filter.hit" );
186 }
187 if ( $result === null ) {
188 // Cached failure
189 $result = $data;
190 }
191
192 return $result;
193 }
194
195 private static function applyFilter( $filter, $data ) {
196 $data = trim( $data );
197 if ( $data ) {
198 try {
199 $data = ( $filter === 'minify-css' )
200 ? CSSMin::minify( $data )
201 : JavaScriptMinifier::minify( $data );
202 } catch ( Exception $e ) {
203 MWExceptionHandler::logException( $e );
204 return null;
205 }
206 }
207 return $data;
208 }
209
210 /**
211 * Register core modules and runs registration hooks.
212 * @param Config|null $config
213 * @param LoggerInterface|null $logger [optional]
214 */
215 public function __construct( Config $config = null, LoggerInterface $logger = null ) {
216 $this->logger = $logger ?: new NullLogger();
217
218 if ( !$config ) {
219 wfDeprecated( __METHOD__ . ' without a Config instance', '1.34' );
220 $config = MediaWikiServices::getInstance()->getMainConfig();
221 }
222 $this->config = $config;
223
224 // Add 'local' source first
225 $this->addSource( 'local', $config->get( 'LoadScript' ) );
226
227 // Special module that always exists
228 $this->register( 'startup', [ 'class' => ResourceLoaderStartUpModule::class ] );
229
230 $this->setMessageBlobStore( new MessageBlobStore( $this, $this->logger ) );
231 }
232
233 /**
234 * @return Config
235 */
236 public function getConfig() {
237 return $this->config;
238 }
239
240 /**
241 * @since 1.26
242 * @param LoggerInterface $logger
243 */
244 public function setLogger( LoggerInterface $logger ) {
245 $this->logger = $logger;
246 }
247
248 /**
249 * @since 1.27
250 * @return LoggerInterface
251 */
252 public function getLogger() {
253 return $this->logger;
254 }
255
256 /**
257 * @since 1.26
258 * @return MessageBlobStore
259 */
260 public function getMessageBlobStore() {
261 return $this->blobStore;
262 }
263
264 /**
265 * @since 1.25
266 * @param MessageBlobStore $blobStore
267 */
268 public function setMessageBlobStore( MessageBlobStore $blobStore ) {
269 $this->blobStore = $blobStore;
270 }
271
272 /**
273 * Register a module with the ResourceLoader system.
274 *
275 * @param string|array[] $name Module name as a string or, array of module info arrays
276 * keyed by name.
277 * @param array|null $info Module info array. When using the first parameter to register
278 * multiple modules at once, this parameter is optional.
279 * @throws MWException If a duplicate module registration is attempted
280 * @throws MWException If a module name contains illegal characters (pipes or commas)
281 * @throws InvalidArgumentException If the module info is not an array
282 */
283 public function register( $name, $info = null ) {
284 $moduleSkinStyles = $this->config->get( 'ResourceModuleSkinStyles' );
285
286 // Allow multiple modules to be registered in one call
287 $registrations = is_array( $name ) ? $name : [ $name => $info ];
288 foreach ( $registrations as $name => $info ) {
289 // Warn on duplicate registrations
290 if ( isset( $this->moduleInfos[$name] ) ) {
291 // A module has already been registered by this name
292 $this->logger->warning(
293 'ResourceLoader duplicate registration warning. ' .
294 'Another module has already been registered as ' . $name
295 );
296 }
297
298 // Check validity
299 if ( !self::isValidModuleName( $name ) ) {
300 throw new MWException( "ResourceLoader module name '$name' is invalid, "
301 . "see ResourceLoader::isValidModuleName()" );
302 }
303 if ( !is_array( $info ) ) {
304 throw new InvalidArgumentException(
305 'Invalid module info for "' . $name . '": expected array, got ' . gettype( $info )
306 );
307 }
308
309 // Attach module
310 $this->moduleInfos[$name] = $info;
311
312 // Last-minute changes
313 // Apply custom skin-defined styles to existing modules.
314 if ( $this->isFileModule( $name ) ) {
315 foreach ( $moduleSkinStyles as $skinName => $skinStyles ) {
316 // If this module already defines skinStyles for this skin, ignore $wgResourceModuleSkinStyles.
317 if ( isset( $this->moduleInfos[$name]['skinStyles'][$skinName] ) ) {
318 continue;
319 }
320
321 // If $name is preceded with a '+', the defined style files will be added to 'default'
322 // skinStyles, otherwise 'default' will be ignored as it normally would be.
323 if ( isset( $skinStyles[$name] ) ) {
324 $paths = (array)$skinStyles[$name];
325 $styleFiles = [];
326 } elseif ( isset( $skinStyles['+' . $name] ) ) {
327 $paths = (array)$skinStyles['+' . $name];
328 $styleFiles = isset( $this->moduleInfos[$name]['skinStyles']['default'] ) ?
329 (array)$this->moduleInfos[$name]['skinStyles']['default'] :
330 [];
331 } else {
332 continue;
333 }
334
335 // Add new file paths, remapping them to refer to our directories and not use settings
336 // from the module we're modifying, which come from the base definition.
337 list( $localBasePath, $remoteBasePath ) =
338 ResourceLoaderFileModule::extractBasePaths( $skinStyles );
339
340 foreach ( $paths as $path ) {
341 $styleFiles[] = new ResourceLoaderFilePath( $path, $localBasePath, $remoteBasePath );
342 }
343
344 $this->moduleInfos[$name]['skinStyles'][$skinName] = $styleFiles;
345 }
346 }
347 }
348 }
349
350 /**
351 * @internal For use by ServiceWiring only
352 * @codeCoverageIgnore
353 */
354 public function registerTestModules() {
355 global $IP;
356
357 if ( $this->config->get( 'EnableJavaScriptTest' ) !== true ) {
358 throw new MWException( 'Attempt to register JavaScript test modules '
359 . 'but <code>$wgEnableJavaScriptTest</code> is false. '
360 . 'Edit your <code>LocalSettings.php</code> to enable it.' );
361 }
362
363 // This has a 'qunit' key for compat with the below hook.
364 $testModulesMeta = [ 'qunit' => [] ];
365
366 // Get test suites from extensions
367 // Avoid PHP 7.1 warning from passing $this by reference
368 $rl = $this;
369 Hooks::run( 'ResourceLoaderTestModules', [ &$testModulesMeta, &$rl ] );
370 $extRegistry = ExtensionRegistry::getInstance();
371 // In case of conflict, the deprecated hook has precedence.
372 $testModules = $testModulesMeta['qunit'] + $extRegistry->getAttribute( 'QUnitTestModules' );
373
374 $testSuiteModuleNames = [];
375 foreach ( $testModules as $name => &$module ) {
376 // Turn any single-module dependency into an array
377 if ( isset( $module['dependencies'] ) && is_string( $module['dependencies'] ) ) {
378 $module['dependencies'] = [ $module['dependencies'] ];
379 }
380
381 // Ensure the testrunner loads before any test suites
382 $module['dependencies'][] = 'test.mediawiki.qunit.testrunner';
383
384 // Keep track of the test suites to load on SpecialJavaScriptTest
385 $testSuiteModuleNames[] = $name;
386 }
387
388 // Core test suites (their names have further precedence).
389 $testModules = ( include "$IP/tests/qunit/QUnitTestResources.php" ) + $testModules;
390 $testSuiteModuleNames[] = 'test.mediawiki.qunit.suites';
391
392 $this->register( $testModules );
393 $this->testSuiteModuleNames = $testSuiteModuleNames;
394 }
395
396 /**
397 * Add a foreign source of modules.
398 *
399 * Source IDs are typically the same as the Wiki ID or database name (e.g. lowercase a-z).
400 *
401 * @param array|string $id Source ID (string), or [ id1 => loadUrl, id2 => loadUrl, ... ]
402 * @param string|array|null $loadUrl load.php url (string), or array with loadUrl key for
403 * backwards-compatibility.
404 * @throws MWException
405 */
406 public function addSource( $id, $loadUrl = null ) {
407 // Allow multiple sources to be registered in one call
408 if ( is_array( $id ) ) {
409 foreach ( $id as $key => $value ) {
410 $this->addSource( $key, $value );
411 }
412 return;
413 }
414
415 // Disallow duplicates
416 if ( isset( $this->sources[$id] ) ) {
417 throw new MWException(
418 'ResourceLoader duplicate source addition error. ' .
419 'Another source has already been registered as ' . $id
420 );
421 }
422
423 // Pre 1.24 backwards-compatibility
424 if ( is_array( $loadUrl ) ) {
425 if ( !isset( $loadUrl['loadScript'] ) ) {
426 throw new MWException(
427 __METHOD__ . ' was passed an array with no "loadScript" key.'
428 );
429 }
430
431 $loadUrl = $loadUrl['loadScript'];
432 }
433
434 $this->sources[$id] = $loadUrl;
435 }
436
437 /**
438 * Get a list of module names.
439 *
440 * @return array List of module names
441 */
442 public function getModuleNames() {
443 return array_keys( $this->moduleInfos );
444 }
445
446 /**
447 * Get a list of module names with QUnit test suites.
448 *
449 * @internal For use by SpecialJavaScriptTest only
450 * @return array
451 * @codeCoverageIgnore
452 */
453 public function getTestSuiteModuleNames() {
454 return $this->testSuiteModuleNames;
455 }
456
457 /**
458 * Check whether a ResourceLoader module is registered
459 *
460 * @since 1.25
461 * @param string $name
462 * @return bool
463 */
464 public function isModuleRegistered( $name ) {
465 return isset( $this->moduleInfos[$name] );
466 }
467
468 /**
469 * Get the ResourceLoaderModule object for a given module name.
470 *
471 * If an array of module parameters exists but a ResourceLoaderModule object has not
472 * yet been instantiated, this method will instantiate and cache that object such that
473 * subsequent calls simply return the same object.
474 *
475 * @param string $name Module name
476 * @return ResourceLoaderModule|null If module has been registered, return a
477 * ResourceLoaderModule instance. Otherwise, return null.
478 */
479 public function getModule( $name ) {
480 if ( !isset( $this->modules[$name] ) ) {
481 if ( !isset( $this->moduleInfos[$name] ) ) {
482 // No such module
483 return null;
484 }
485 // Construct the requested module object
486 $info = $this->moduleInfos[$name];
487 if ( isset( $info['factory'] ) ) {
488 /** @var ResourceLoaderModule $object */
489 $object = call_user_func( $info['factory'], $info );
490 } else {
491 $class = $info['class'] ?? ResourceLoaderFileModule::class;
492 /** @var ResourceLoaderModule $object */
493 $object = new $class( $info );
494 }
495 $object->setConfig( $this->getConfig() );
496 $object->setLogger( $this->logger );
497 $object->setName( $name );
498 $this->modules[$name] = $object;
499 }
500
501 return $this->modules[$name];
502 }
503
504 /**
505 * Whether the module is a ResourceLoaderFileModule (including subclasses).
506 *
507 * @param string $name Module name
508 * @return bool
509 */
510 protected function isFileModule( $name ) {
511 if ( !isset( $this->moduleInfos[$name] ) ) {
512 return false;
513 }
514 $info = $this->moduleInfos[$name];
515 return !isset( $info['factory'] ) && (
516 // The implied default for 'class' is ResourceLoaderFileModule
517 !isset( $info['class'] ) ||
518 // Explicit default
519 $info['class'] === ResourceLoaderFileModule::class ||
520 is_subclass_of( $info['class'], ResourceLoaderFileModule::class )
521 );
522 }
523
524 /**
525 * Get the list of sources.
526 *
527 * @return array Like [ id => load.php url, ... ]
528 */
529 public function getSources() {
530 return $this->sources;
531 }
532
533 /**
534 * Get the URL to the load.php endpoint for the given
535 * ResourceLoader source
536 *
537 * @since 1.24
538 * @param string $source
539 * @throws MWException On an invalid $source name
540 * @return string
541 */
542 public function getLoadScript( $source ) {
543 if ( !isset( $this->sources[$source] ) ) {
544 throw new MWException( "The $source source was never registered in ResourceLoader." );
545 }
546 return $this->sources[$source];
547 }
548
549 /**
550 * @internal For use by ResourceLoaderStartUpModule only.
551 */
552 const HASH_LENGTH = 5;
553
554 /**
555 * Create a hash for module versioning purposes.
556 *
557 * This hash is used in three ways:
558 *
559 * - To differentiate between the current version and a past version
560 * of a module by the same name.
561 *
562 * In the cache key of localStorage in the browser (mw.loader.store).
563 * This store keeps only one version of any given module. As long as the
564 * next version the client encounters has a different hash from the last
565 * version it saw, it will correctly discard it in favour of a network fetch.
566 *
567 * A browser may evict a site's storage container for any reason (e.g. when
568 * the user hasn't visited a site for some time, and/or when the device is
569 * low on storage space). Anecdotally it seems devices rarely keep unused
570 * storage beyond 2 weeks on mobile devices and 4 weeks on desktop.
571 * But, there is no hard limit or expiration on localStorage.
572 * ResourceLoader's Client also clears localStorage when the user changes
573 * their language preference or when they (temporarily) use Debug Mode.
574 *
575 * The only hard factors that reduce the range of possible versions are
576 * 1) the name and existence of a given module, and
577 * 2) the TTL for mw.loader.store, and
578 * 3) the `$wgResourceLoaderStorageVersion` configuration variable.
579 *
580 * - To identify a batch response of modules from load.php in an HTTP cache.
581 *
582 * When fetching modules in a batch from load.php, a combined hash
583 * is created by the JS code, and appended as query parameter.
584 *
585 * In cache proxies (e.g. Varnish, Nginx) and in the browser's HTTP cache,
586 * these urls are used to identify other previously cached responses.
587 * The range of possible versions a given version has to be unique amongst
588 * is determined by the maximum duration each response is stored for, which
589 * is controlled by `$wgResourceLoaderMaxage['versioned']`.
590 *
591 * - To detect race conditions between multiple web servers in a MediaWiki
592 * deployment of which some have the newer version and some still the older
593 * version.
594 *
595 * An HTTP request from a browser for the Startup manifest may be responded
596 * to by a server with the newer version. The browser may then use that to
597 * request a given module, which may then be responded to by a server with
598 * the older version. To avoid caching this for too long (which would pollute
599 * all other users without repairing itself), the combined hash that the JS
600 * client adds to the url is verified by the server (in ::sendResponseHeaders).
601 * If they don't match, we instruct cache proxies and clients to not cache
602 * this response as long as they normally would. This is also the reason
603 * that the algorithm used here in PHP must match the one used in JS.
604 *
605 * The fnv132 digest creates a 32-bit integer, which goes upto 4 Giga and
606 * needs up to 7 chars in base 36.
607 * Within 7 characters, base 36 can count up to 78,364,164,096 (78 Giga),
608 * (but with fnv132 we'd use very little of this range, mostly padding).
609 * Within 6 characters, base 36 can count up to 2,176,782,336 (2 Giga).
610 * Within 5 characters, base 36 can count up to 60,466,176 (60 Mega).
611 *
612 * @since 1.26
613 * @param string $value
614 * @return string Hash
615 */
616 public static function makeHash( $value ) {
617 $hash = hash( 'fnv132', $value );
618 // The base_convert will pad it (if too short),
619 // then substr() will trim it (if too long).
620 return substr(
621 Wikimedia\base_convert( $hash, 16, 36, self::HASH_LENGTH ),
622 0,
623 self::HASH_LENGTH
624 );
625 }
626
627 /**
628 * Add an error to the 'errors' array and log it.
629 *
630 * @private For internal use by ResourceLoader and ResourceLoaderStartUpModule.
631 * @since 1.29
632 * @param Exception $e
633 * @param string $msg
634 * @param array $context
635 */
636 public function outputErrorAndLog( Exception $e, $msg, array $context = [] ) {
637 MWExceptionHandler::logException( $e );
638 $this->logger->warning(
639 $msg,
640 $context + [ 'exception' => $e ]
641 );
642 $this->errors[] = self::formatExceptionNoComment( $e );
643 }
644
645 /**
646 * Helper method to get and combine versions of multiple modules.
647 *
648 * @since 1.26
649 * @param ResourceLoaderContext $context
650 * @param string[] $moduleNames List of known module names
651 * @return string Hash
652 */
653 public function getCombinedVersion( ResourceLoaderContext $context, array $moduleNames ) {
654 if ( !$moduleNames ) {
655 return '';
656 }
657 $hashes = array_map( function ( $module ) use ( $context ) {
658 try {
659 return $this->getModule( $module )->getVersionHash( $context );
660 } catch ( Exception $e ) {
661 // If modules fail to compute a version, don't fail the request (T152266)
662 // and still compute versions of other modules.
663 $this->outputErrorAndLog( $e,
664 'Calculating version for "{module}" failed: {exception}',
665 [
666 'module' => $module,
667 ]
668 );
669 return '';
670 }
671 }, $moduleNames );
672 return self::makeHash( implode( '', $hashes ) );
673 }
674
675 /**
676 * Get the expected value of the 'version' query parameter.
677 *
678 * This is used by respond() to set a short Cache-Control header for requests with
679 * information newer than the current server has. This avoids pollution of edge caches.
680 * Typically during deployment. (T117587)
681 *
682 * This MUST match return value of `mw.loader#getCombinedVersion()` client-side.
683 *
684 * @since 1.28
685 * @param ResourceLoaderContext $context
686 * @return string Hash
687 */
688 public function makeVersionQuery( ResourceLoaderContext $context ) {
689 // As of MediaWiki 1.28, the server and client use the same algorithm for combining
690 // version hashes. There is no technical reason for this to be same, and for years the
691 // implementations differed. If getCombinedVersion in PHP (used for StartupModule and
692 // E-Tag headers) differs in the future from getCombinedVersion in JS (used for 'version'
693 // query parameter), then this method must continue to match the JS one.
694 $moduleNames = [];
695 foreach ( $context->getModules() as $name ) {
696 if ( !$this->getModule( $name ) ) {
697 // If a versioned request contains a missing module, the version is a mismatch
698 // as the client considered a module (and version) we don't have.
699 return '';
700 }
701 $moduleNames[] = $name;
702 }
703 return $this->getCombinedVersion( $context, $moduleNames );
704 }
705
706 /**
707 * Output a response to a load request, including the content-type header.
708 *
709 * @param ResourceLoaderContext $context Context in which a response should be formed
710 */
711 public function respond( ResourceLoaderContext $context ) {
712 // Buffer output to catch warnings. Normally we'd use ob_clean() on the
713 // top-level output buffer to clear warnings, but that breaks when ob_gzhandler
714 // is used: ob_clean() will clear the GZIP header in that case and it won't come
715 // back for subsequent output, resulting in invalid GZIP. So we have to wrap
716 // the whole thing in our own output buffer to be sure the active buffer
717 // doesn't use ob_gzhandler.
718 // See https://bugs.php.net/bug.php?id=36514
719 ob_start();
720
721 $this->measureResponseTime( RequestContext::getMain()->getTiming() );
722
723 // Find out which modules are missing and instantiate the others
724 $modules = [];
725 $missing = [];
726 foreach ( $context->getModules() as $name ) {
727 $module = $this->getModule( $name );
728 if ( $module ) {
729 // Do not allow private modules to be loaded from the web.
730 // This is a security issue, see T36907.
731 if ( $module->getGroup() === 'private' ) {
732 // Not a serious error, just means something is trying to access it (T101806)
733 $this->logger->debug( "Request for private module '$name' denied" );
734 $this->errors[] = "Cannot build private module \"$name\"";
735 continue;
736 }
737 $modules[$name] = $module;
738 } else {
739 $missing[] = $name;
740 }
741 }
742
743 try {
744 // Preload for getCombinedVersion() and for batch makeModuleResponse()
745 $this->preloadModuleInfo( array_keys( $modules ), $context );
746 } catch ( Exception $e ) {
747 $this->outputErrorAndLog( $e, 'Preloading module info failed: {exception}' );
748 }
749
750 // Combine versions to propagate cache invalidation
751 $versionHash = '';
752 try {
753 $versionHash = $this->getCombinedVersion( $context, array_keys( $modules ) );
754 } catch ( Exception $e ) {
755 $this->outputErrorAndLog( $e, 'Calculating version hash failed: {exception}' );
756 }
757
758 // See RFC 2616 § 3.11 Entity Tags
759 // https://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.11
760 $etag = 'W/"' . $versionHash . '"';
761
762 // Try the client-side cache first
763 if ( $this->tryRespondNotModified( $context, $etag ) ) {
764 return; // output handled (buffers cleared)
765 }
766
767 // Use file cache if enabled and available...
768 if ( $this->config->get( 'UseFileCache' ) ) {
769 $fileCache = ResourceFileCache::newFromContext( $context );
770 if ( $this->tryRespondFromFileCache( $fileCache, $context, $etag ) ) {
771 return; // output handled
772 }
773 } else {
774 $fileCache = null;
775 }
776
777 // Generate a response
778 $response = $this->makeModuleResponse( $context, $modules, $missing );
779
780 // Capture any PHP warnings from the output buffer and append them to the
781 // error list if we're in debug mode.
782 if ( $context->getDebug() ) {
783 $warnings = ob_get_contents();
784 if ( strlen( $warnings ) ) {
785 $this->errors[] = $warnings;
786 }
787 }
788
789 // Consider saving the response to file cache (unless there are errors).
790 if ( $fileCache &&
791 !$this->errors &&
792 $missing === [] &&
793 ResourceFileCache::useFileCache( $context )
794 ) {
795 if ( $fileCache->isCacheWorthy() ) {
796 // There were enough hits, save the response to the cache
797 $fileCache->saveText( $response );
798 } else {
799 $fileCache->incrMissesRecent( $context->getRequest() );
800 }
801 }
802
803 $this->sendResponseHeaders( $context, $etag, (bool)$this->errors, $this->extraHeaders );
804
805 // Remove the output buffer and output the response
806 ob_end_clean();
807
808 if ( $context->getImageObj() && $this->errors ) {
809 // We can't show both the error messages and the response when it's an image.
810 $response = implode( "\n\n", $this->errors );
811 } elseif ( $this->errors ) {
812 $errorText = implode( "\n\n", $this->errors );
813 $errorResponse = self::makeComment( $errorText );
814 if ( $context->shouldIncludeScripts() ) {
815 $errorResponse .= 'if (window.console && console.error) { console.error('
816 . self::encodeJsonForScript( $errorText )
817 . "); }\n";
818 }
819
820 // Prepend error info to the response
821 $response = $errorResponse . $response;
822 }
823
824 $this->errors = [];
825 echo $response;
826 }
827
828 protected function measureResponseTime( Timing $timing ) {
829 DeferredUpdates::addCallableUpdate( function () use ( $timing ) {
830 $measure = $timing->measure( 'responseTime', 'requestStart', 'requestShutdown' );
831 if ( $measure !== false ) {
832 $stats = MediaWikiServices::getInstance()->getStatsdDataFactory();
833 $stats->timing( 'resourceloader.responseTime', $measure['duration'] * 1000 );
834 }
835 } );
836 }
837
838 /**
839 * Send main response headers to the client.
840 *
841 * Deals with Content-Type, CORS (for stylesheets), and caching.
842 *
843 * @param ResourceLoaderContext $context
844 * @param string $etag ETag header value
845 * @param bool $errors Whether there are errors in the response
846 * @param string[] $extra Array of extra HTTP response headers
847 * @return void
848 */
849 protected function sendResponseHeaders(
850 ResourceLoaderContext $context, $etag, $errors, array $extra = []
851 ) {
852 \MediaWiki\HeaderCallback::warnIfHeadersSent();
853 $rlMaxage = $this->config->get( 'ResourceLoaderMaxage' );
854 // Use a short cache expiry so that updates propagate to clients quickly, if:
855 // - No version specified (shared resources, e.g. stylesheets)
856 // - There were errors (recover quickly)
857 // - Version mismatch (T117587, T47877)
858 if ( is_null( $context->getVersion() )
859 || $errors
860 || $context->getVersion() !== $this->makeVersionQuery( $context )
861 ) {
862 $maxage = $rlMaxage['unversioned']['client'];
863 $smaxage = $rlMaxage['unversioned']['server'];
864 // If a version was specified we can use a longer expiry time since changing
865 // version numbers causes cache misses
866 } else {
867 $maxage = $rlMaxage['versioned']['client'];
868 $smaxage = $rlMaxage['versioned']['server'];
869 }
870 if ( $context->getImageObj() ) {
871 // Output different headers if we're outputting textual errors.
872 if ( $errors ) {
873 header( 'Content-Type: text/plain; charset=utf-8' );
874 } else {
875 $context->getImageObj()->sendResponseHeaders( $context );
876 }
877 } elseif ( $context->getOnly() === 'styles' ) {
878 header( 'Content-Type: text/css; charset=utf-8' );
879 header( 'Access-Control-Allow-Origin: *' );
880 } else {
881 header( 'Content-Type: text/javascript; charset=utf-8' );
882 }
883 // See RFC 2616 § 14.19 ETag
884 // https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.19
885 header( 'ETag: ' . $etag );
886 if ( $context->getDebug() ) {
887 // Do not cache debug responses
888 header( 'Cache-Control: private, no-cache, must-revalidate' );
889 header( 'Pragma: no-cache' );
890 } else {
891 header( "Cache-Control: public, max-age=$maxage, s-maxage=$smaxage" );
892 $exp = min( $maxage, $smaxage );
893 header( 'Expires: ' . wfTimestamp( TS_RFC2822, $exp + time() ) );
894 }
895 foreach ( $extra as $header ) {
896 header( $header );
897 }
898 }
899
900 /**
901 * Respond with HTTP 304 Not Modified if appropiate.
902 *
903 * If there's an If-None-Match header, respond with a 304 appropriately
904 * and clear out the output buffer. If the client cache is too old then do nothing.
905 *
906 * @param ResourceLoaderContext $context
907 * @param string $etag ETag header value
908 * @return bool True if HTTP 304 was sent and output handled
909 */
910 protected function tryRespondNotModified( ResourceLoaderContext $context, $etag ) {
911 // See RFC 2616 § 14.26 If-None-Match
912 // https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.26
913 $clientKeys = $context->getRequest()->getHeader( 'If-None-Match', WebRequest::GETHEADER_LIST );
914 // Never send 304s in debug mode
915 if ( $clientKeys !== false && !$context->getDebug() && in_array( $etag, $clientKeys ) ) {
916 // There's another bug in ob_gzhandler (see also the comment at
917 // the top of this function) that causes it to gzip even empty
918 // responses, meaning it's impossible to produce a truly empty
919 // response (because the gzip header is always there). This is
920 // a problem because 304 responses have to be completely empty
921 // per the HTTP spec, and Firefox behaves buggily when they're not.
922 // See also https://bugs.php.net/bug.php?id=51579
923 // To work around this, we tear down all output buffering before
924 // sending the 304.
925 wfResetOutputBuffers( /* $resetGzipEncoding = */ true );
926
927 HttpStatus::header( 304 );
928
929 $this->sendResponseHeaders( $context, $etag, false );
930 return true;
931 }
932 return false;
933 }
934
935 /**
936 * Send out code for a response from file cache if possible.
937 *
938 * @param ResourceFileCache $fileCache Cache object for this request URL
939 * @param ResourceLoaderContext $context Context in which to generate a response
940 * @param string $etag ETag header value
941 * @return bool If this found a cache file and handled the response
942 */
943 protected function tryRespondFromFileCache(
944 ResourceFileCache $fileCache,
945 ResourceLoaderContext $context,
946 $etag
947 ) {
948 $rlMaxage = $this->config->get( 'ResourceLoaderMaxage' );
949 // Buffer output to catch warnings.
950 ob_start();
951 // Get the maximum age the cache can be
952 $maxage = is_null( $context->getVersion() )
953 ? $rlMaxage['unversioned']['server']
954 : $rlMaxage['versioned']['server'];
955 // Minimum timestamp the cache file must have
956 $good = $fileCache->isCacheGood( wfTimestamp( TS_MW, time() - $maxage ) );
957 if ( !$good ) {
958 try { // RL always hits the DB on file cache miss...
959 wfGetDB( DB_REPLICA );
960 } catch ( DBConnectionError $e ) { // ...check if we need to fallback to cache
961 $good = $fileCache->isCacheGood(); // cache existence check
962 }
963 }
964 if ( $good ) {
965 $ts = $fileCache->cacheTimestamp();
966 // Send content type and cache headers
967 $this->sendResponseHeaders( $context, $etag, false );
968 $response = $fileCache->fetchText();
969 // Capture any PHP warnings from the output buffer and append them to the
970 // response in a comment if we're in debug mode.
971 if ( $context->getDebug() ) {
972 $warnings = ob_get_contents();
973 if ( strlen( $warnings ) ) {
974 $response = self::makeComment( $warnings ) . $response;
975 }
976 }
977 // Remove the output buffer and output the response
978 ob_end_clean();
979 echo $response . "\n/* Cached {$ts} */";
980 return true; // cache hit
981 }
982 // Clear buffer
983 ob_end_clean();
984
985 return false; // cache miss
986 }
987
988 /**
989 * Generate a CSS or JS comment block.
990 *
991 * Only use this for public data, not error message details.
992 *
993 * @param string $text
994 * @return string
995 */
996 public static function makeComment( $text ) {
997 $encText = str_replace( '*/', '* /', $text );
998 return "/*\n$encText\n*/\n";
999 }
1000
1001 /**
1002 * Handle exception display.
1003 *
1004 * @param Exception $e Exception to be shown to the user
1005 * @return string Sanitized text in a CSS/JS comment that can be returned to the user
1006 */
1007 public static function formatException( $e ) {
1008 return self::makeComment( self::formatExceptionNoComment( $e ) );
1009 }
1010
1011 /**
1012 * Handle exception display.
1013 *
1014 * @since 1.25
1015 * @param Exception $e Exception to be shown to the user
1016 * @return string Sanitized text that can be returned to the user
1017 */
1018 protected static function formatExceptionNoComment( $e ) {
1019 global $wgShowExceptionDetails;
1020
1021 if ( !$wgShowExceptionDetails ) {
1022 return MWExceptionHandler::getPublicLogMessage( $e );
1023 }
1024
1025 return MWExceptionHandler::getLogMessage( $e ) .
1026 "\nBacktrace:\n" .
1027 MWExceptionHandler::getRedactedTraceAsString( $e );
1028 }
1029
1030 /**
1031 * Generate code for a response.
1032 *
1033 * Calling this method also populates the `errors` and `headers` members,
1034 * later used by respond().
1035 *
1036 * @param ResourceLoaderContext $context Context in which to generate a response
1037 * @param ResourceLoaderModule[] $modules List of module objects keyed by module name
1038 * @param string[] $missing List of requested module names that are unregistered (optional)
1039 * @return string Response data
1040 */
1041 public function makeModuleResponse( ResourceLoaderContext $context,
1042 array $modules, array $missing = []
1043 ) {
1044 $out = '';
1045 $states = [];
1046
1047 if ( $modules === [] && $missing === [] ) {
1048 return <<<MESSAGE
1049 /* This file is the Web entry point for MediaWiki's ResourceLoader:
1050 <https://www.mediawiki.org/wiki/ResourceLoader>. In this request,
1051 no modules were requested. Max made me put this here. */
1052 MESSAGE;
1053 }
1054
1055 $image = $context->getImageObj();
1056 if ( $image ) {
1057 $data = $image->getImageData( $context );
1058 if ( $data === false ) {
1059 $data = '';
1060 $this->errors[] = 'Image generation failed';
1061 }
1062 return $data;
1063 }
1064
1065 foreach ( $missing as $name ) {
1066 $states[$name] = 'missing';
1067 }
1068
1069 $filter = $context->getOnly() === 'styles' ? 'minify-css' : 'minify-js';
1070
1071 foreach ( $modules as $name => $module ) {
1072 try {
1073 $content = $module->getModuleContent( $context );
1074 $implementKey = $name . '@' . $module->getVersionHash( $context );
1075 $strContent = '';
1076
1077 if ( isset( $content['headers'] ) ) {
1078 $this->extraHeaders = array_merge( $this->extraHeaders, $content['headers'] );
1079 }
1080
1081 // Append output
1082 switch ( $context->getOnly() ) {
1083 case 'scripts':
1084 $scripts = $content['scripts'];
1085 if ( is_string( $scripts ) ) {
1086 // Load scripts raw...
1087 $strContent = $scripts;
1088 } elseif ( is_array( $scripts ) ) {
1089 // ...except when $scripts is an array of URLs or an associative array
1090 $strContent = self::makeLoaderImplementScript( $implementKey, $scripts, [], [], [] );
1091 }
1092 break;
1093 case 'styles':
1094 $styles = $content['styles'];
1095 // We no longer separate into media, they are all combined now with
1096 // custom media type groups into @media .. {} sections as part of the css string.
1097 // Module returns either an empty array or a numerical array with css strings.
1098 $strContent = isset( $styles['css'] ) ? implode( '', $styles['css'] ) : '';
1099 break;
1100 default:
1101 $scripts = $content['scripts'] ?? '';
1102 if ( is_string( $scripts ) ) {
1103 if ( $name === 'site' || $name === 'user' ) {
1104 // Legacy scripts that run in the global scope without a closure.
1105 // mw.loader.implement will use globalEval if scripts is a string.
1106 // Minify manually here, because general response minification is
1107 // not effective due it being a string literal, not a function.
1108 if ( !$context->getDebug() ) {
1109 $scripts = self::filter( 'minify-js', $scripts ); // T107377
1110 }
1111 } else {
1112 $scripts = new XmlJsCode( $scripts );
1113 }
1114 }
1115 $strContent = self::makeLoaderImplementScript(
1116 $implementKey,
1117 $scripts,
1118 $content['styles'] ?? [],
1119 isset( $content['messagesBlob'] ) ? new XmlJsCode( $content['messagesBlob'] ) : [],
1120 $content['templates'] ?? []
1121 );
1122 break;
1123 }
1124
1125 if ( !$context->getDebug() ) {
1126 $strContent = self::filter( $filter, $strContent );
1127 } else {
1128 // In debug mode, separate each response by a new line.
1129 // For example, between 'mw.loader.implement();' statements.
1130 $strContent = $this->ensureNewline( $strContent );
1131 }
1132
1133 if ( $context->getOnly() === 'scripts' ) {
1134 // Use a linebreak between module scripts (T162719)
1135 $out .= $this->ensureNewline( $strContent );
1136 } else {
1137 $out .= $strContent;
1138 }
1139
1140 } catch ( Exception $e ) {
1141 $this->outputErrorAndLog( $e, 'Generating module package failed: {exception}' );
1142
1143 // Respond to client with error-state instead of module implementation
1144 $states[$name] = 'error';
1145 unset( $modules[$name] );
1146 }
1147 }
1148
1149 // Update module states
1150 if ( $context->shouldIncludeScripts() && !$context->getRaw() ) {
1151 if ( $modules && $context->getOnly() === 'scripts' ) {
1152 // Set the state of modules loaded as only scripts to ready as
1153 // they don't have an mw.loader.implement wrapper that sets the state
1154 foreach ( $modules as $name => $module ) {
1155 $states[$name] = 'ready';
1156 }
1157 }
1158
1159 // Set the state of modules we didn't respond to with mw.loader.implement
1160 if ( $states ) {
1161 $stateScript = self::makeLoaderStateScript( $states );
1162 if ( !$context->getDebug() ) {
1163 $stateScript = self::filter( 'minify-js', $stateScript );
1164 }
1165 // Use a linebreak between module script and state script (T162719)
1166 $out = $this->ensureNewline( $out ) . $stateScript;
1167 }
1168 } elseif ( $states ) {
1169 $this->errors[] = 'Problematic modules: '
1170 . self::encodeJsonForScript( $states );
1171 }
1172
1173 return $out;
1174 }
1175
1176 /**
1177 * Ensure the string is either empty or ends in a line break
1178 * @param string $str
1179 * @return string
1180 */
1181 private function ensureNewline( $str ) {
1182 $end = substr( $str, -1 );
1183 if ( $end === false || $end === '' || $end === "\n" ) {
1184 return $str;
1185 }
1186 return $str . "\n";
1187 }
1188
1189 /**
1190 * Get names of modules that use a certain message.
1191 *
1192 * @param string $messageKey
1193 * @return array List of module names
1194 */
1195 public function getModulesByMessage( $messageKey ) {
1196 $moduleNames = [];
1197 foreach ( $this->getModuleNames() as $moduleName ) {
1198 $module = $this->getModule( $moduleName );
1199 if ( in_array( $messageKey, $module->getMessages() ) ) {
1200 $moduleNames[] = $moduleName;
1201 }
1202 }
1203 return $moduleNames;
1204 }
1205
1206 /**
1207 * Return JS code that calls mw.loader.implement with given module properties.
1208 *
1209 * @param string $name Module name or implement key (format "`[name]@[version]`")
1210 * @param XmlJsCode|array|string $scripts Code as XmlJsCode (to be wrapped in a closure),
1211 * list of URLs to JavaScript files, string of JavaScript for `$.globalEval`, or array with
1212 * 'files' and 'main' properties (see ResourceLoaderModule::getScript())
1213 * @param mixed $styles Array of CSS strings keyed by media type, or an array of lists of URLs
1214 * to CSS files keyed by media type
1215 * @param mixed $messages List of messages associated with this module. May either be an
1216 * associative array mapping message key to value, or a JSON-encoded message blob containing
1217 * the same data, wrapped in an XmlJsCode object.
1218 * @param array $templates Keys are name of templates and values are the source of
1219 * the template.
1220 * @throws MWException
1221 * @return string JavaScript code
1222 */
1223 protected static function makeLoaderImplementScript(
1224 $name, $scripts, $styles, $messages, $templates
1225 ) {
1226 if ( $scripts instanceof XmlJsCode ) {
1227 if ( $scripts->value === '' ) {
1228 $scripts = null;
1229 } elseif ( self::inDebugMode() ) {
1230 $scripts = new XmlJsCode( "function ( $, jQuery, require, module ) {\n{$scripts->value}\n}" );
1231 } else {
1232 $scripts = new XmlJsCode( 'function($,jQuery,require,module){' . $scripts->value . '}' );
1233 }
1234 } elseif ( is_array( $scripts ) && isset( $scripts['files'] ) ) {
1235 $files = $scripts['files'];
1236 foreach ( $files as $path => &$file ) {
1237 // $file is changed (by reference) from a descriptor array to the content of the file
1238 // All of these essentially do $file = $file['content'];, some just have wrapping around it
1239 if ( $file['type'] === 'script' ) {
1240 // Multi-file modules only get two parameters ($ and jQuery are being phased out)
1241 if ( self::inDebugMode() ) {
1242 $file = new XmlJsCode( "function ( require, module ) {\n{$file['content']}\n}" );
1243 } else {
1244 $file = new XmlJsCode( 'function(require,module){' . $file['content'] . '}' );
1245 }
1246 } else {
1247 $file = $file['content'];
1248 }
1249 }
1250 $scripts = XmlJsCode::encodeObject( [
1251 'main' => $scripts['main'],
1252 'files' => XmlJsCode::encodeObject( $files, self::inDebugMode() )
1253 ], self::inDebugMode() );
1254 } elseif ( !is_string( $scripts ) && !is_array( $scripts ) ) {
1255 throw new MWException( 'Invalid scripts error. Array of URLs or string of code expected.' );
1256 }
1257
1258 // mw.loader.implement requires 'styles', 'messages' and 'templates' to be objects (not
1259 // arrays). json_encode considers empty arrays to be numerical and outputs "[]" instead
1260 // of "{}". Force them to objects.
1261 $module = [
1262 $name,
1263 $scripts,
1264 (object)$styles,
1265 (object)$messages,
1266 (object)$templates
1267 ];
1268 self::trimArray( $module );
1269
1270 return Xml::encodeJsCall( 'mw.loader.implement', $module, self::inDebugMode() );
1271 }
1272
1273 /**
1274 * Returns JS code which, when called, will register a given list of messages.
1275 *
1276 * @param mixed $messages Associative array mapping message key to value.
1277 * @return string JavaScript code
1278 */
1279 public static function makeMessageSetScript( $messages ) {
1280 return 'mw.messages.set('
1281 . self::encodeJsonForScript( (object)$messages )
1282 . ');';
1283 }
1284
1285 /**
1286 * Combines an associative array mapping media type to CSS into a
1287 * single stylesheet with "@media" blocks.
1288 *
1289 * @param array $stylePairs Array keyed by media type containing (arrays of) CSS strings
1290 * @return array
1291 */
1292 public static function makeCombinedStyles( array $stylePairs ) {
1293 $out = [];
1294 foreach ( $stylePairs as $media => $styles ) {
1295 // ResourceLoaderFileModule::getStyle can return the styles
1296 // as a string or an array of strings. This is to allow separation in
1297 // the front-end.
1298 $styles = (array)$styles;
1299 foreach ( $styles as $style ) {
1300 $style = trim( $style );
1301 // Don't output an empty "@media print { }" block (T42498)
1302 if ( $style !== '' ) {
1303 // Transform the media type based on request params and config
1304 // The way that this relies on $wgRequest to propagate request params is slightly evil
1305 $media = OutputPage::transformCssMedia( $media );
1306
1307 if ( $media === '' || $media == 'all' ) {
1308 $out[] = $style;
1309 } elseif ( is_string( $media ) ) {
1310 $out[] = "@media $media {\n" . str_replace( "\n", "\n\t", "\t" . $style ) . "}";
1311 }
1312 // else: skip
1313 }
1314 }
1315 }
1316 return $out;
1317 }
1318
1319 /**
1320 * Wrapper around json_encode that avoids needless escapes,
1321 * and pretty-prints in debug mode.
1322 *
1323 * @internal
1324 * @since 1.32
1325 * @param mixed $data
1326 * @return string|false JSON string, false on error
1327 */
1328 public static function encodeJsonForScript( $data ) {
1329 // Keep output as small as possible by disabling needless escape modes
1330 // that PHP uses by default.
1331 // However, while most module scripts are only served on HTTP responses
1332 // for JavaScript, some modules can also be embedded in the HTML as inline
1333 // scripts. This, and the fact that we sometimes need to export strings
1334 // containing user-generated content and labels that may genuinely contain
1335 // a sequences like "</script>", we need to encode either '/' or '<'.
1336 // By default PHP escapes '/'. Let's escape '<' instead which is less common
1337 // and allows URLs to mostly remain readable.
1338 $jsonFlags = JSON_UNESCAPED_SLASHES |
1339 JSON_UNESCAPED_UNICODE |
1340 JSON_HEX_TAG |
1341 JSON_HEX_AMP;
1342 if ( self::inDebugMode() ) {
1343 $jsonFlags |= JSON_PRETTY_PRINT;
1344 }
1345 return json_encode( $data, $jsonFlags );
1346 }
1347
1348 /**
1349 * Returns a JS call to mw.loader.state, which sets the state of one
1350 * ore more modules to a given value. Has two calling conventions:
1351 *
1352 * - ResourceLoader::makeLoaderStateScript( $name, $state ):
1353 * Set the state of a single module called $name to $state
1354 *
1355 * - ResourceLoader::makeLoaderStateScript( [ $name => $state, ... ] ):
1356 * Set the state of modules with the given names to the given states
1357 *
1358 * @param array|string $states
1359 * @param string|null $state
1360 * @return string JavaScript code
1361 */
1362 public static function makeLoaderStateScript( $states, $state = null ) {
1363 if ( !is_array( $states ) ) {
1364 $states = [ $states => $state ];
1365 }
1366 return 'mw.loader.state('
1367 . self::encodeJsonForScript( $states )
1368 . ');';
1369 }
1370
1371 private static function isEmptyObject( stdClass $obj ) {
1372 foreach ( $obj as $key => $value ) {
1373 return false;
1374 }
1375 return true;
1376 }
1377
1378 /**
1379 * Remove empty values from the end of an array.
1380 *
1381 * Values considered empty:
1382 *
1383 * - null
1384 * - []
1385 * - new XmlJsCode( '{}' )
1386 * - new stdClass() // (object) []
1387 *
1388 * @param array $array
1389 */
1390 private static function trimArray( array &$array ) {
1391 $i = count( $array );
1392 while ( $i-- ) {
1393 if ( $array[$i] === null
1394 || $array[$i] === []
1395 || ( $array[$i] instanceof XmlJsCode && $array[$i]->value === '{}' )
1396 || ( $array[$i] instanceof stdClass && self::isEmptyObject( $array[$i] ) )
1397 ) {
1398 unset( $array[$i] );
1399 } else {
1400 break;
1401 }
1402 }
1403 }
1404
1405 /**
1406 * Returns JS code which calls mw.loader.register with the given
1407 * parameter.
1408 *
1409 * @par Example
1410 * @code
1411 *
1412 * ResourceLoader::makeLoaderRegisterScript( [
1413 * [ $name1, $version1, $dependencies1, $group1, $source1, $skip1 ],
1414 * [ $name2, $version2, $dependencies1, $group2, $source2, $skip2 ],
1415 * ...
1416 * ] ):
1417 * @endcode
1418 *
1419 * @internal
1420 * @since 1.32
1421 * @param array $modules Array of module registration arrays, each containing
1422 * - string: module name
1423 * - string: module version
1424 * - array|null: List of dependencies (optional)
1425 * - string|null: Module group (optional)
1426 * - string|null: Name of foreign module source, or 'local' (optional)
1427 * - string|null: Script body of a skip function (optional)
1428 * @return string JavaScript code
1429 */
1430 public static function makeLoaderRegisterScript( array $modules ) {
1431 // Optimisation: Transform dependency names into indexes when possible
1432 // to produce smaller output. They are expanded by mw.loader.register on
1433 // the other end using resolveIndexedDependencies().
1434 $index = [];
1435 foreach ( $modules as $i => &$module ) {
1436 // Build module name index
1437 $index[$module[0]] = $i;
1438 }
1439 foreach ( $modules as &$module ) {
1440 if ( isset( $module[2] ) ) {
1441 foreach ( $module[2] as &$dependency ) {
1442 if ( isset( $index[$dependency] ) ) {
1443 // Replace module name in dependency list with index
1444 $dependency = $index[$dependency];
1445 }
1446 }
1447 }
1448 }
1449
1450 array_walk( $modules, [ self::class, 'trimArray' ] );
1451
1452 return 'mw.loader.register('
1453 . self::encodeJsonForScript( $modules )
1454 . ');';
1455 }
1456
1457 /**
1458 * Returns JS code which calls mw.loader.addSource() with the given
1459 * parameters. Has two calling conventions:
1460 *
1461 * - ResourceLoader::makeLoaderSourcesScript( $id, $properties ):
1462 * Register a single source
1463 *
1464 * - ResourceLoader::makeLoaderSourcesScript( [ $id1 => $loadUrl, $id2 => $loadUrl, ... ] );
1465 * Register sources with the given IDs and properties.
1466 *
1467 * @param string|array $sources Source ID
1468 * @param string|null $loadUrl load.php url
1469 * @return string JavaScript code
1470 */
1471 public static function makeLoaderSourcesScript( $sources, $loadUrl = null ) {
1472 if ( !is_array( $sources ) ) {
1473 $sources = [ $sources => $loadUrl ];
1474 }
1475 return 'mw.loader.addSource('
1476 . self::encodeJsonForScript( $sources )
1477 . ');';
1478 }
1479
1480 /**
1481 * Wraps JavaScript code to run after the startup module.
1482 *
1483 * @param string $script JavaScript code
1484 * @return string JavaScript code
1485 */
1486 public static function makeLoaderConditionalScript( $script ) {
1487 // Adds a function to lazy-created RLQ
1488 return '(RLQ=window.RLQ||[]).push(function(){' .
1489 trim( $script ) . '});';
1490 }
1491
1492 /**
1493 * Wraps JavaScript code to run after a required module.
1494 *
1495 * @since 1.32
1496 * @param string|string[] $modules Module name(s)
1497 * @param string $script JavaScript code
1498 * @return string JavaScript code
1499 */
1500 public static function makeInlineCodeWithModule( $modules, $script ) {
1501 // Adds an array to lazy-created RLQ
1502 return '(RLQ=window.RLQ||[]).push(['
1503 . self::encodeJsonForScript( $modules ) . ','
1504 . 'function(){' . trim( $script ) . '}'
1505 . ']);';
1506 }
1507
1508 /**
1509 * Returns an HTML script tag that runs given JS code after startup and base modules.
1510 *
1511 * The code will be wrapped in a closure, and it will be executed by ResourceLoader's
1512 * startup module if the client has adequate support for MediaWiki JavaScript code.
1513 *
1514 * @param string $script JavaScript code
1515 * @param string|null $nonce [optional] Content-Security-Policy nonce
1516 * (from OutputPage::getCSPNonce)
1517 * @return string|WrappedString HTML
1518 */
1519 public static function makeInlineScript( $script, $nonce = null ) {
1520 $js = self::makeLoaderConditionalScript( $script );
1521 $escNonce = '';
1522 if ( $nonce === null ) {
1523 wfWarn( __METHOD__ . " did not get nonce. Will break CSP" );
1524 } elseif ( $nonce !== false ) {
1525 // If it was false, CSP is disabled, so no nonce attribute.
1526 // Nonce should be only base64 characters, so should be safe,
1527 // but better to be safely escaped than sorry.
1528 $escNonce = ' nonce="' . htmlspecialchars( $nonce ) . '"';
1529 }
1530
1531 return new WrappedString(
1532 Html::inlineScript( $js, $nonce ),
1533 "<script$escNonce>(RLQ=window.RLQ||[]).push(function(){",
1534 '});</script>'
1535 );
1536 }
1537
1538 /**
1539 * Returns JS code which will set the MediaWiki configuration array to
1540 * the given value.
1541 *
1542 * @param array $configuration List of configuration values keyed by variable name
1543 * @return string JavaScript code
1544 * @throws Exception
1545 */
1546 public static function makeConfigSetScript( array $configuration ) {
1547 $json = self::encodeJsonForScript( $configuration );
1548 if ( $json === false ) {
1549 $e = new Exception(
1550 'JSON serialization of config data failed. ' .
1551 'This usually means the config data is not valid UTF-8.'
1552 );
1553 MWExceptionHandler::logException( $e );
1554 return 'mw.log.error(' . self::encodeJsonForScript( $e->__toString() ) . ');';
1555 }
1556 return "mw.config.set($json);";
1557 }
1558
1559 /**
1560 * Convert an array of module names to a packed query string.
1561 *
1562 * For example, `[ 'foo.bar', 'foo.baz', 'bar.baz', 'bar.quux' ]`
1563 * becomes `'foo.bar,baz|bar.baz,quux'`.
1564 *
1565 * This process is reversed by ResourceLoader::expandModuleNames().
1566 * See also mw.loader#buildModulesString() which is a port of this, used
1567 * on the client-side.
1568 *
1569 * @param array $modules List of module names (strings)
1570 * @return string Packed query string
1571 */
1572 public static function makePackedModulesString( $modules ) {
1573 $moduleMap = []; // [ prefix => [ suffixes ] ]
1574 foreach ( $modules as $module ) {
1575 $pos = strrpos( $module, '.' );
1576 $prefix = $pos === false ? '' : substr( $module, 0, $pos );
1577 $suffix = $pos === false ? $module : substr( $module, $pos + 1 );
1578 $moduleMap[$prefix][] = $suffix;
1579 }
1580
1581 $arr = [];
1582 foreach ( $moduleMap as $prefix => $suffixes ) {
1583 $p = $prefix === '' ? '' : $prefix . '.';
1584 $arr[] = $p . implode( ',', $suffixes );
1585 }
1586 return implode( '|', $arr );
1587 }
1588
1589 /**
1590 * Expand a string of the form `jquery.foo,bar|jquery.ui.baz,quux` to
1591 * an array of module names like `[ 'jquery.foo', 'jquery.bar',
1592 * 'jquery.ui.baz', 'jquery.ui.quux' ]`.
1593 *
1594 * This process is reversed by ResourceLoader::makePackedModulesString().
1595 *
1596 * @since 1.33
1597 * @param string $modules Packed module name list
1598 * @return array Array of module names
1599 */
1600 public static function expandModuleNames( $modules ) {
1601 $retval = [];
1602 $exploded = explode( '|', $modules );
1603 foreach ( $exploded as $group ) {
1604 if ( strpos( $group, ',' ) === false ) {
1605 // This is not a set of modules in foo.bar,baz notation
1606 // but a single module
1607 $retval[] = $group;
1608 } else {
1609 // This is a set of modules in foo.bar,baz notation
1610 $pos = strrpos( $group, '.' );
1611 if ( $pos === false ) {
1612 // Prefixless modules, i.e. without dots
1613 $retval = array_merge( $retval, explode( ',', $group ) );
1614 } else {
1615 // We have a prefix and a bunch of suffixes
1616 $prefix = substr( $group, 0, $pos ); // 'foo'
1617 $suffixes = explode( ',', substr( $group, $pos + 1 ) ); // [ 'bar', 'baz' ]
1618 foreach ( $suffixes as $suffix ) {
1619 $retval[] = "$prefix.$suffix";
1620 }
1621 }
1622 }
1623 }
1624 return $retval;
1625 }
1626
1627 /**
1628 * Determine whether debug mode was requested
1629 * Order of priority is 1) request param, 2) cookie, 3) $wg setting
1630 * @return bool
1631 */
1632 public static function inDebugMode() {
1633 if ( self::$debugMode === null ) {
1634 global $wgRequest, $wgResourceLoaderDebug;
1635 self::$debugMode = $wgRequest->getFuzzyBool( 'debug',
1636 $wgRequest->getCookie( 'resourceLoaderDebug', '', $wgResourceLoaderDebug )
1637 );
1638 }
1639 return self::$debugMode;
1640 }
1641
1642 /**
1643 * Reset static members used for caching.
1644 *
1645 * Global state and $wgRequest are evil, but we're using it right
1646 * now and sometimes we need to be able to force ResourceLoader to
1647 * re-evaluate the context because it has changed (e.g. in the test suite).
1648 *
1649 * @internal For use by unit tests
1650 * @codeCoverageIgnore
1651 */
1652 public static function clearCache() {
1653 self::$debugMode = null;
1654 }
1655
1656 /**
1657 * Build a load.php URL
1658 *
1659 * @since 1.24
1660 * @param string $source Name of the ResourceLoader source
1661 * @param ResourceLoaderContext $context
1662 * @param array $extraQuery
1663 * @return string URL to load.php. May be protocol-relative if $wgLoadScript is, too.
1664 */
1665 public function createLoaderURL( $source, ResourceLoaderContext $context,
1666 $extraQuery = []
1667 ) {
1668 $query = self::createLoaderQuery( $context, $extraQuery );
1669 $script = $this->getLoadScript( $source );
1670
1671 return wfAppendQuery( $script, $query );
1672 }
1673
1674 /**
1675 * Helper for createLoaderURL()
1676 *
1677 * @since 1.24
1678 * @see makeLoaderQuery
1679 * @param ResourceLoaderContext $context
1680 * @param array $extraQuery
1681 * @return array
1682 */
1683 protected static function createLoaderQuery( ResourceLoaderContext $context, $extraQuery = [] ) {
1684 return self::makeLoaderQuery(
1685 $context->getModules(),
1686 $context->getLanguage(),
1687 $context->getSkin(),
1688 $context->getUser(),
1689 $context->getVersion(),
1690 $context->getDebug(),
1691 $context->getOnly(),
1692 $context->getRequest()->getBool( 'printable' ),
1693 $context->getRequest()->getBool( 'handheld' ),
1694 $extraQuery
1695 );
1696 }
1697
1698 /**
1699 * Build a query array (array representation of query string) for load.php. Helper
1700 * function for createLoaderURL().
1701 *
1702 * @param array $modules
1703 * @param string $lang
1704 * @param string $skin
1705 * @param string|null $user
1706 * @param string|null $version
1707 * @param bool $debug
1708 * @param string|null $only
1709 * @param bool $printable
1710 * @param bool $handheld
1711 * @param array $extraQuery
1712 * @return array
1713 */
1714 public static function makeLoaderQuery( $modules, $lang, $skin, $user = null,
1715 $version = null, $debug = false, $only = null, $printable = false,
1716 $handheld = false, $extraQuery = []
1717 ) {
1718 $query = [
1719 'modules' => self::makePackedModulesString( $modules ),
1720 ];
1721 // Keep urls short by omitting query parameters that
1722 // match the defaults assumed by ResourceLoaderContext.
1723 // Note: This relies on the defaults either being insignificant or forever constant,
1724 // as otherwise cached urls could change in meaning when the defaults change.
1725 if ( $lang !== ResourceLoaderContext::DEFAULT_LANG ) {
1726 $query['lang'] = $lang;
1727 }
1728 if ( $skin !== ResourceLoaderContext::DEFAULT_SKIN ) {
1729 $query['skin'] = $skin;
1730 }
1731 if ( $debug === true ) {
1732 $query['debug'] = 'true';
1733 }
1734 if ( $user !== null ) {
1735 $query['user'] = $user;
1736 }
1737 if ( $version !== null ) {
1738 $query['version'] = $version;
1739 }
1740 if ( $only !== null ) {
1741 $query['only'] = $only;
1742 }
1743 if ( $printable ) {
1744 $query['printable'] = 1;
1745 }
1746 if ( $handheld ) {
1747 $query['handheld'] = 1;
1748 }
1749 $query += $extraQuery;
1750
1751 // Make queries uniform in order
1752 ksort( $query );
1753 return $query;
1754 }
1755
1756 /**
1757 * Check a module name for validity.
1758 *
1759 * Module names may not contain pipes (|), commas (,) or exclamation marks (!) and can be
1760 * at most 255 bytes.
1761 *
1762 * @param string $moduleName Module name to check
1763 * @return bool Whether $moduleName is a valid module name
1764 */
1765 public static function isValidModuleName( $moduleName ) {
1766 return strcspn( $moduleName, '!,|', 0, 255 ) === strlen( $moduleName );
1767 }
1768
1769 /**
1770 * Returns LESS compiler set up for use with MediaWiki
1771 *
1772 * @since 1.27
1773 * @param array $vars Associative array of variables that should be used
1774 * for compilation. Since 1.32, this method no longer automatically includes
1775 * global LESS vars from ResourceLoader::getLessVars (T191937).
1776 * @throws MWException
1777 * @return Less_Parser
1778 */
1779 public function getLessCompiler( $vars = [] ) {
1780 global $IP;
1781 // When called from the installer, it is possible that a required PHP extension
1782 // is missing (at least for now; see T49564). If this is the case, throw an
1783 // exception (caught by the installer) to prevent a fatal error later on.
1784 if ( !class_exists( 'Less_Parser' ) ) {
1785 throw new MWException( 'MediaWiki requires the less.php parser' );
1786 }
1787
1788 $parser = new Less_Parser;
1789 $parser->ModifyVars( $vars );
1790 $parser->SetImportDirs( [
1791 "$IP/resources/src/mediawiki.less/" => '',
1792 ] );
1793 $parser->SetOption( 'relativeUrls', false );
1794
1795 return $parser;
1796 }
1797
1798 /**
1799 * Get global LESS variables.
1800 *
1801 * @since 1.27
1802 * @deprecated since 1.32 Use ResourceLoderModule::getLessVars() instead.
1803 * @return array Map of variable names to string CSS values.
1804 */
1805 public function getLessVars() {
1806 return [];
1807 }
1808 }
Wiklou, le Wiki du Wiklou