Merge "Improve docs for Title::getInternalURL/getCanonicalURL"

[lhc/web/wiklou.git] / includes / http / Http.php

diff --git a/includes/http/Http.php b/includes/http/Http.php
index c0005c5..f0972dc 100644 (file)
--- a/includes/http/Http.php
+++ b/includes/http/Http.php
@@ -25,7 +25,7 @@ use MediaWiki\Logger\LoggerFactory;
  * @ingroup HTTP
  */
 class Http {
-       static public $httpEngine = false;
+       public static $httpEngine = false;
 
        /**
         * Perform an HTTP request
@@ -58,7 +58,7 @@ class Http {
         * @param string $caller The method making this request, for profiling
         * @return string|bool (bool)false on failure or a string on success
         */
-       public static function request( $method, $url, $options = [], $caller = __METHOD__ ) {
+       public static function request( $method, $url, array $options = [], $caller = __METHOD__ ) {
                $logger = LoggerFactory::getInstance( 'http' );
                $logger->debug( "$method: $url" );
 
@@ -95,7 +95,7 @@ class Http {
         * @param string $caller The method making this request, for profiling
         * @return string|bool false on error
         */
-       public static function get( $url, $options = [], $caller = __METHOD__ ) {
+       public static function get( $url, array $options = [], $caller = __METHOD__ ) {
                $args = func_get_args();
                if ( isset( $args[1] ) && ( is_string( $args[1] ) || is_numeric( $args[1] ) ) ) {
                        // Second was used to be the timeout
@@ -118,7 +118,7 @@ class Http {
         * @param string $caller The method making this request, for profiling
         * @return string|bool false on error
         */
-       public static function post( $url, $options = [], $caller = __METHOD__ ) {
+       public static function post( $url, array $options = [], $caller = __METHOD__ ) {
                return self::request( 'POST', $url, $options, $caller );
        }
 
@@ -132,11 +132,14 @@ class Http {
        }
 
        /**
-        * Checks that the given URI is a valid one. Hardcoding the
-        * protocols, because we only want protocols that both cURL
-        * and php support.
+        * Check that the given URI is a valid one.
         *
-        * file:// should not be allowed here for security purpose (r67684)
+        * This hardcodes a small set of protocols only, because we want to
+        * deterministically reject protocols not supported by all HTTP-transport
+        * methods.
+        *
+        * "file://" specifically must not be allowed, for security purpose
+        * (see <https://www.mediawiki.org/wiki/Special:Code/MediaWiki/r67684>).
         *
         * @todo FIXME this is wildly inaccurate and fails to actually check most stuff
         *
@@ -170,7 +173,7 @@ class Http {
         * @param array $options
         * @return MultiHttpClient
         */
-       public static function createMultiClient( $options = [] ) {
+       public static function createMultiClient( array $options = [] ) {
                global $wgHTTPConnectTimeout, $wgHTTPTimeout, $wgHTTPProxy;
 
                return new MultiHttpClient( $options + [