* @file
*/
+use MediaWiki\MediaWikiServices;
use MediaWiki\Session\Session;
use MediaWiki\Session\SessionId;
use MediaWiki\Session\SessionManager;
/** @var bool Whether this HTTP request is "safe" (even if it is an HTTP post) */
protected $markedAsSafe = false;
+ /**
+ * @codeCoverageIgnore
+ */
public function __construct() {
$this->requestTime = isset( $_SERVER['REQUEST_TIME_FLOAT'] )
? $_SERVER['REQUEST_TIME_FLOAT'] : microtime( true );
* @return array|string Cleaned-up version of the given
* @private
*/
- function normalizeUnicode( $data ) {
+ public function normalizeUnicode( $data ) {
if ( is_array( $data ) ) {
foreach ( $data as $key => $val ) {
$data[$key] = $this->normalizeUnicode( $val );
}
}
+ /**
+ * Fetch a scalar from the input without normalization, or return $default
+ * if it's not set.
+ *
+ * Unlike self::getVal(), this does not perform any normalization on the
+ * input value.
+ *
+ * @since 1.28
+ * @param string $name
+ * @param string|null $default Optional default
+ * @return string
+ */
+ public function getRawVal( $name, $default = null ) {
+ $name = strtr( $name, '.', '_' ); // See comment in self::getGPCVal()
+ if ( isset( $this->data[$name] ) && !is_array( $this->data[$name] ) ) {
+ $val = $this->data[$name];
+ } else {
+ $val = $default;
+ }
+ if ( is_null( $val ) ) {
+ return $val;
+ } else {
+ return (string)$val;
+ }
+ }
+
/**
* Fetch a scalar from the input or return $default if it's not set.
* Returns a string. Arrays are discarded. Useful for
* @return int
*/
public function getInt( $name, $default = 0 ) {
- return intval( $this->getVal( $name, $default ) );
+ return intval( $this->getRawVal( $name, $default ) );
}
/**
* @return int|null
*/
public function getIntOrNull( $name ) {
- $val = $this->getVal( $name );
+ $val = $this->getRawVal( $name );
return is_numeric( $val )
? intval( $val )
: null;
* @return float
*/
public function getFloat( $name, $default = 0.0 ) {
- return floatval( $this->getVal( $name, $default ) );
+ return floatval( $this->getRawVal( $name, $default ) );
}
/**
* @return bool
*/
public function getBool( $name, $default = false ) {
- return (bool)$this->getVal( $name, $default );
+ return (bool)$this->getRawVal( $name, $default );
}
/**
* @return bool
*/
public function getFuzzyBool( $name, $default = false ) {
- return $this->getBool( $name, $default ) && strcasecmp( $this->getVal( $name ), 'false' ) !== 0;
+ return $this->getBool( $name, $default )
+ && strcasecmp( $this->getRawVal( $name ), 'false' ) !== 0;
}
/**
public function getCheck( $name ) {
# Checkboxes and buttons are only present when clicked
# Presence connotes truth, absence false
- return $this->getVal( $name, null ) !== null;
+ return $this->getRawVal( $name, null ) !== null;
}
/**
* Fetch a text string from the given array or return $default if it's not
- * set. Carriage returns are stripped from the text, and with some language
- * modules there is an input transliteration applied. This should generally
- * be used for form "<textarea>" and "<input>" fields. Used for
- * user-supplied freeform text input (for which input transformations may
- * be required - e.g. Esperanto x-coding).
+ * set. Carriage returns are stripped from the text. This should generally
+ * be used for form "<textarea>" and "<input>" fields, and for
+ * user-supplied freeform text input.
*
* @param string $name
* @param string $default Optional
* @return string
*/
public function getText( $name, $default = '' ) {
- global $wgContLang;
$val = $this->getVal( $name, $default );
- return str_replace( "\r\n", "\n",
- $wgContLang->recodeInput( $val ) );
+ return str_replace( "\r\n", "\n", $val );
}
/**
* Get the values passed in the query string.
* No transformation is performed on the values.
*
+ * @codeCoverageIgnore
* @return array
*/
public function getQueryValues() {
* Return the contents of the Query with no decoding. Use when you need to
* know exactly what was sent, e.g. for an OAuth signature over the elements.
*
+ * @codeCoverageIgnore
* @return string
*/
public function getRawQueryString() {
/**
* Return the session for this request
+ *
+ * This might unpersist an existing session if it was invalid.
+ *
* @since 1.27
* @note For performance, keep the session locally if you will be making
* much use of it instead of calling this method repeatedly.
# Append XFF
$forwardedFor = $this->getHeader( 'X-Forwarded-For' );
if ( $forwardedFor !== false ) {
- $isConfigured = IP::isConfiguredProxy( $ip );
+ $proxyLookup = MediaWikiServices::getInstance()->getProxyLookup();
+ $isConfigured = $proxyLookup->isConfiguredProxy( $ip );
$ipchain = array_map( 'trim', explode( ',', $forwardedFor ) );
$ipchain = array_reverse( $ipchain );
array_unshift( $ipchain, $ip );
foreach ( $ipchain as $i => $curIP ) {
$curIP = IP::sanitizeIP( IP::canonicalize( $curIP ) );
if ( !$curIP || !isset( $ipchain[$i + 1] ) || $ipchain[$i + 1] === 'unknown'
- || !IP::isTrustedProxy( $curIP )
+ || !$proxyLookup->isTrustedProxy( $curIP )
) {
break; // IP is not valid/trusted or does not point to anything
}
if (
IP::isPublic( $ipchain[$i + 1] ) ||
$wgUsePrivateIPs ||
- IP::isConfiguredProxy( $curIP ) // bug 48919; treat IP as sane
+ $proxyLookup->isConfiguredProxy( $curIP ) // bug 48919; treat IP as sane
) {
// Follow the next IP according to the proxy
$nextIP = IP::canonicalize( $ipchain[$i + 1] );