X-Git-Url: https://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=blobdiff_plain;f=includes%2FWebRequest.php;h=39f9cb8e62cbbdd0ab13568e974e7635c2350a36;hp=5d2bd265b0f0225ac816b7dcd84b8cfb583807a0;hb=2d72930472dc4093e218aebd5eb9a4f2f61680ab;hpb=bae4503ec845c91cad6d3f6e9fb1f2d6de307b11 diff --git a/includes/WebRequest.php b/includes/WebRequest.php index 5d2bd265b0..39f9cb8e62 100644 --- a/includes/WebRequest.php +++ b/includes/WebRequest.php @@ -1,35 +1,28 @@ + * http://www.mediawiki.org/ + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * http://www.gnu.org/copyleft/gpl.html + * + * @file */ -# Copyright (C) 2003 Brion Vibber -# http://www.mediawiki.org/ -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -# http://www.gnu.org/copyleft/gpl.html - - -/** - * Some entry points may use this file without first enabling the - * autoloader. - */ -if ( !function_exists( '__autoload' ) ) { - require_once( dirname(__FILE__) . '/normal/UtfNormal.php' ); -} - /** * The WebRequest class encapsulates getting at data passed in the * URL or via a POSTed form, handling remove of "magic quotes" slashes, @@ -39,16 +32,26 @@ if ( !function_exists( '__autoload' ) ) { * not create a second WebRequest object; make a FauxRequest object if * you want to pass arbitrary data to some function in place of the web * input. - * + * * @ingroup HTTP */ class WebRequest { - var $data = array(); - var $headers; - private $_response; + protected $data, $headers = array(); - function __construct() { - /// @fixme This preemptive de-quoting can interfere with other web libraries + /** + * Lazy-init response object + * @var WebResponse + */ + private $response; + + /** + * Cached client IP address + * @var String + */ + private $ip; + + public function __construct() { + /// @todo FIXME: This preemptive de-quoting can interfere with other web libraries /// and increases our memory footprint. It would be cleaner to do on /// demand; but currently we have no wrapper for $_SERVER etc. $this->checkMagicQuotes(); @@ -58,6 +61,143 @@ class WebRequest { $this->data = $_POST + $_GET; } + /** + * Extract relevant query arguments from the http request uri's path + * to be merged with the normal php provided query arguments. + * Tries to use the REQUEST_URI data if available and parses it + * according to the wiki's configuration looking for any known pattern. + * + * If the REQUEST_URI is not provided we'll fall back on the PATH_INFO + * provided by the server if any and use that to set a 'title' parameter. + * + * @param $want string: If this is not 'all', then the function + * will return an empty array if it determines that the URL is + * inside a rewrite path. + * + * @return Array: Any query arguments found in path matches. + */ + static public function getPathInfo( $want = 'all' ) { + // PATH_INFO is mangled due to http://bugs.php.net/bug.php?id=31892 + // And also by Apache 2.x, double slashes are converted to single slashes. + // So we will use REQUEST_URI if possible. + $matches = array(); + if ( !empty( $_SERVER['REQUEST_URI'] ) ) { + // Slurp out the path portion to examine... + $url = $_SERVER['REQUEST_URI']; + if ( !preg_match( '!^https?://!', $url ) ) { + $url = 'http://unused' . $url; + } + $a = parse_url( $url ); + if( $a ) { + $path = isset( $a['path'] ) ? $a['path'] : ''; + + global $wgScript; + if( $path == $wgScript && $want !== 'all' ) { + // Script inside a rewrite path? + // Abort to keep from breaking... + return $matches; + } + + $router = new PathRouter; + + // Raw PATH_INFO style + $router->add( "$wgScript/$1" ); + + if( isset( $_SERVER['SCRIPT_NAME'] ) + && preg_match( '/\.php5?/', $_SERVER['SCRIPT_NAME'] ) ) + { + # Check for SCRIPT_NAME, we handle index.php explicitly + # But we do have some other .php files such as img_auth.php + # Don't let root article paths clober the parsing for them + $router->add( $_SERVER['SCRIPT_NAME'] . "/$1" ); + } + + global $wgArticlePath; + if( $wgArticlePath ) { + $router->add( $wgArticlePath ); + } + + global $wgActionPaths; + if( $wgActionPaths ) { + $router->add( $wgActionPaths, array( 'action' => '$key' ) ); + } + + global $wgVariantArticlePath, $wgContLang; + if( $wgVariantArticlePath ) { + $router->add( $wgVariantArticlePath, + array( 'variant' => '$2'), + array( '$2' => $wgContLang->getVariants() ) + ); + } + + wfRunHooks( 'WebRequestPathInfoRouter', array( $router ) ); + + $matches = $router->parse( $path ); + } + } elseif ( isset( $_SERVER['ORIG_PATH_INFO'] ) && $_SERVER['ORIG_PATH_INFO'] != '' ) { + // Mangled PATH_INFO + // http://bugs.php.net/bug.php?id=31892 + // Also reported when ini_get('cgi.fix_pathinfo')==false + $matches['title'] = substr( $_SERVER['ORIG_PATH_INFO'], 1 ); + + } elseif ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != '') ) { + // Regular old PATH_INFO yay + $matches['title'] = substr( $_SERVER['PATH_INFO'], 1 ); + } + + return $matches; + } + + /** + * Work out an appropriate URL prefix containing scheme and host, based on + * information detected from $_SERVER + * + * @return string + */ + public static function detectServer() { + list( $proto, $stdPort ) = self::detectProtocolAndStdPort(); + + $varNames = array( 'HTTP_HOST', 'SERVER_NAME', 'HOSTNAME', 'SERVER_ADDR' ); + $host = 'localhost'; + $port = $stdPort; + foreach ( $varNames as $varName ) { + if ( !isset( $_SERVER[$varName] ) ) { + continue; + } + $parts = IP::splitHostAndPort( $_SERVER[$varName] ); + if ( !$parts ) { + // Invalid, do not use + continue; + } + $host = $parts[0]; + if ( $parts[1] === false ) { + if ( isset( $_SERVER['SERVER_PORT'] ) ) { + $port = $_SERVER['SERVER_PORT']; + } // else leave it as $stdPort + } else { + $port = $parts[1]; + } + break; + } + + return $proto . '://' . IP::combineHostAndPort( $host, $port, $stdPort ); + } + + /** + * @return array + */ + public static function detectProtocolAndStdPort() { + return ( isset( $_SERVER['HTTPS'] ) && $_SERVER['HTTPS'] == 'on' ) ? array( 'https', 443 ) : array( 'http', 80 ); + } + + /** + * @return string + */ + public static function detectProtocol() { + list( $proto, $stdPort ) = self::detectProtocolAndStdPort(); + return $proto; + } + /** * Check for title, action, and/or variant data in the URL * and interpolate it into the GET variables. @@ -65,62 +205,16 @@ class WebRequest { * as we may need the list of language variants to determine * available variant URLs. */ - function interpolateTitle() { + public function interpolateTitle() { global $wgUsePathInfo; - if ( $wgUsePathInfo ) { - // PATH_INFO is mangled due to http://bugs.php.net/bug.php?id=31892 - // And also by Apache 2.x, double slashes are converted to single slashes. - // So we will use REQUEST_URI if possible. - $matches = array(); - if ( !empty( $_SERVER['REQUEST_URI'] ) ) { - // Slurp out the path portion to examine... - $url = $_SERVER['REQUEST_URI']; - if ( !preg_match( '!^https?://!', $url ) ) { - $url = 'http://unused' . $url; - } - $a = parse_url( $url ); - if( $a ) { - $path = isset( $a['path'] ) ? $a['path'] : ''; - - global $wgScript; - if( $path == $wgScript ) { - // Script inside a rewrite path? - // Abort to keep from breaking... - return; - } - // Raw PATH_INFO style - $matches = $this->extractTitle( $path, "$wgScript/$1" ); - global $wgArticlePath; - if( !$matches && $wgArticlePath ) { - $matches = $this->extractTitle( $path, $wgArticlePath ); - } - - global $wgActionPaths; - if( !$matches && $wgActionPaths ) { - $matches = $this->extractTitle( $path, $wgActionPaths, 'action' ); - } + // bug 16019: title interpolation on API queries is useless and sometimes harmful + if ( defined( 'MW_API' ) ) { + return; + } - global $wgVariantArticlePath, $wgContLang; - if( !$matches && $wgVariantArticlePath ) { - $variantPaths = array(); - foreach( $wgContLang->getVariants() as $variant ) { - $variantPaths[$variant] = - str_replace( '$2', $variant, $wgVariantArticlePath ); - } - $matches = $this->extractTitle( $path, $variantPaths, 'variant' ); - } - } - } elseif ( isset( $_SERVER['ORIG_PATH_INFO'] ) && $_SERVER['ORIG_PATH_INFO'] != '' ) { - // Mangled PATH_INFO - // http://bugs.php.net/bug.php?id=31892 - // Also reported when ini_get('cgi.fix_pathinfo')==false - $matches['title'] = substr( $_SERVER['ORIG_PATH_INFO'], 1 ); - - } elseif ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != '') ) { - // Regular old PATH_INFO yay - $matches['title'] = substr( $_SERVER['PATH_INFO'], 1 ); - } + if ( $wgUsePathInfo ) { + $matches = self::getPathInfo( 'title' ); foreach( $matches as $key => $val) { $this->data[$key] = $_GET[$key] = $_REQUEST[$key] = $val; } @@ -128,7 +222,7 @@ class WebRequest { } /** - * Internal URL rewriting function; tries to extract page title and, + * URL rewriting function; tries to extract page title and, * optionally, one other fixed parameter value from a URL path. * * @param $path string: the URL path given from the client @@ -137,7 +231,7 @@ class WebRequest { * passed on as the value of this URL parameter * @return array of URL variables to interpolate; empty if no match */ - private function extractTitle( $path, $bases, $key=false ) { + static function extractTitle( $path, $bases, $key = false ) { foreach( (array)$bases as $keyValue => $base ) { // Find the part after $wgArticlePath $base = str_replace( '$1', '', $base ); @@ -159,18 +253,26 @@ class WebRequest { /** * Recursively strips slashes from the given array; * used for undoing the evil that is magic_quotes_gpc. + * * @param $arr array: will be modified + * @param $topLevel bool Specifies if the array passed is from the top + * level of the source. In PHP5 magic_quotes only escapes the first level + * of keys that belong to an array. * @return array the original array - * @private + * @see http://www.php.net/manual/en/function.get-magic-quotes-gpc.php#49612 */ - function &fix_magic_quotes( &$arr ) { + private function &fix_magic_quotes( &$arr, $topLevel = true ) { + $clean = array(); foreach( $arr as $key => $val ) { if( is_array( $val ) ) { - $this->fix_magic_quotes( $arr[$key] ); + $cleanKey = $topLevel ? stripslashes( $key ) : $key; + $clean[$cleanKey] = $this->fix_magic_quotes( $arr[$key], false ); } else { - $arr[$key] = stripslashes( $val ); + $cleanKey = stripslashes( $key ); + $clean[$cleanKey] = stripslashes( $val ); } } + $arr = $clean; return $arr; } @@ -179,10 +281,11 @@ class WebRequest { * through fix_magic_quotes to strip out the stupid slashes. * WARNING: This should only be done once! Running a second * time could damage the values. - * @private */ - function checkMagicQuotes() { - if ( function_exists( 'get_magic_quotes_gpc' ) && get_magic_quotes_gpc() ) { + private function checkMagicQuotes() { + $mustFixQuotes = function_exists( 'get_magic_quotes_gpc' ) + && get_magic_quotes_gpc(); + if( $mustFixQuotes ) { $this->fix_magic_quotes( $_COOKIE ); $this->fix_magic_quotes( $_ENV ); $this->fix_magic_quotes( $_GET ); @@ -194,6 +297,7 @@ class WebRequest { /** * Recursively normalizes UTF-8 strings in the given array. + * * @param $data string or array * @return cleaned-up version of the given * @private @@ -204,7 +308,8 @@ class WebRequest { $data[$key] = $this->normalizeUnicode( $val ); } } else { - $data = UtfNormal::cleanUp( $data ); + global $wgContLang; + $data = isset( $wgContLang ) ? $wgContLang->normalize( $data ) : UtfNormal::cleanUp( $data ); } return $data; } @@ -212,39 +317,32 @@ class WebRequest { /** * Fetch a value from the given array or return $default if it's not set. * - * @param $arr array - * @param $name string - * @param $default mixed + * @param $arr Array + * @param $name String + * @param $default Mixed * @return mixed - * @private */ - function getGPCVal( $arr, $name, $default ) { + private function getGPCVal( $arr, $name, $default ) { + # PHP is so nice to not touch input data, except sometimes: + # http://us2.php.net/variables.external#language.variables.external.dot-in-names + # Work around PHP *feature* to avoid *bugs* elsewhere. + $name = strtr( $name, '.', '_' ); if( isset( $arr[$name] ) ) { + global $wgContLang; $data = $arr[$name]; if( isset( $_GET[$name] ) && !is_array( $data ) ) { # Check for alternate/legacy character encoding. - $data = $this->checkTitleEncoding( $data ); + if( isset( $wgContLang ) ) { + $data = $wgContLang->checkTitleEncoding( $data ); + } } $data = $this->normalizeUnicode( $data ); return $data; } else { + taint( $default ); return $default; } } - - protected function checkTitleEncoding( $s ) { - global $wgContLang; - if( !isset($wgContLang) ) return $s; - # Check for non-UTF-8 URLs - $ishigh = preg_match( '/[\x80-\xff]/', $s); - if( !$ishigh ) return $s; - - $isutf8 = preg_match( '/^([\x00-\x7f]|[\xc0-\xdf][\x80-\xbf]|' . - '[\xe0-\xef][\x80-\xbf]{2}|[\xf0-\xf7][\x80-\xbf]{3})+$/', $s ); - if( $isutf8 ) return $s; - # Do the heavy lifting by unstubbing $wgContLang - return $wgContLang->iconv( $wgContLang->fallback8bitEncoding(), "utf-8", $s ); - } /** * Fetch a scalar from the input or return $default if it's not set. @@ -252,29 +350,30 @@ class WebRequest { * non-freeform text inputs (e.g. predefined internal text keys * selected by a drop-down menu). For freeform input, see getText(). * - * @param $name string - * @param $default string: optional default (or NULL) - * @return string + * @param $name String + * @param $default String: optional default (or NULL) + * @return String */ - function getVal( $name, $default = NULL ) { + public function getVal( $name, $default = null ) { $val = $this->getGPCVal( $this->data, $name, $default ); if( is_array( $val ) ) { $val = $default; } if( is_null( $val ) ) { - return null; + return $val; } else { return (string)$val; } } - + /** - * Set an aribtrary value into our get/post data. - * @param $key string Key name to use - * @param $value mixed Value to set - * @return mixed old value if one was present, null otherwise + * Set an arbitrary value into our get/post data. + * + * @param $key String: key name to use + * @param $value Mixed: value to set + * @return Mixed: old value if one was present, null otherwise */ - function setVal( $key, $value ) { + public function setVal( $key, $value ) { $ret = isset( $this->data[$key] ) ? $this->data[$key] : null; $this->data[$key] = $value; return $ret; @@ -285,11 +384,11 @@ class WebRequest { * If source was scalar, will return an array with a single element. * If no source and no default, returns NULL. * - * @param $name string - * @param $default array: optional default (or NULL) - * @return array + * @param $name String + * @param $default Array: optional default (or NULL) + * @return Array */ - function getArray( $name, $default = NULL ) { + public function getArray( $name, $default = null ) { $val = $this->getGPCVal( $this->data, $name, $default ); if( is_null( $val ) ) { return null; @@ -304,11 +403,11 @@ class WebRequest { * If no source and no default, returns NULL. * If an array is returned, contents are guaranteed to be integers. * - * @param $name string - * @param $default array: option default (or NULL) - * @return array of ints + * @param $name String + * @param $default Array: option default (or NULL) + * @return Array of ints */ - function getIntArray( $name, $default = NULL ) { + public function getIntArray( $name, $default = null ) { $val = $this->getArray( $name, $default ); if( is_array( $val ) ) { $val = array_map( 'intval', $val ); @@ -320,11 +419,12 @@ class WebRequest { * Fetch an integer value from the input or return $default if not set. * Guaranteed to return an integer; non-numeric input will typically * return 0. - * @param $name string - * @param $default int - * @return int + * + * @param $name String + * @param $default Integer + * @return Integer */ - function getInt( $name, $default = 0 ) { + public function getInt( $name, $default = 0 ) { return intval( $this->getVal( $name, $default ) ); } @@ -332,10 +432,11 @@ class WebRequest { * Fetch an integer value from the input or return null if empty. * Guaranteed to return an integer or null; non-numeric input will * typically return null. - * @param $name string - * @return int + * + * @param $name String + * @return Integer */ - function getIntOrNull( $name ) { + public function getIntOrNull( $name ) { $val = $this->getVal( $name ); return is_numeric( $val ) ? intval( $val ) @@ -346,41 +447,56 @@ class WebRequest { * Fetch a boolean value from the input or return $default if not set. * Guaranteed to return true or false, with normal PHP semantics for * boolean interpretation of strings. - * @param $name string - * @param $default bool - * @return bool + * + * @param $name String + * @param $default Boolean + * @return Boolean + */ + public function getBool( $name, $default = false ) { + return (bool)$this->getVal( $name, $default ); + } + + /** + * Fetch a boolean value from the input or return $default if not set. + * Unlike getBool, the string "false" will result in boolean false, which is + * useful when interpreting information sent from JavaScript. + * + * @param $name String + * @param $default Boolean + * @return Boolean */ - function getBool( $name, $default = false ) { - return $this->getVal( $name, $default ) ? true : false; + public function getFuzzyBool( $name, $default = false ) { + return $this->getBool( $name, $default ) && strcasecmp( $this->getVal( $name ), 'false' ) !== 0; } /** * Return true if the named value is set in the input, whatever that * value is (even "0"). Return false if the named value is not set. * Example use is checking for the presence of check boxes in forms. - * @param $name string - * @return bool + * + * @param $name String + * @return Boolean */ - function getCheck( $name ) { + public function getCheck( $name ) { # Checkboxes and buttons are only present when clicked # Presence connotes truth, abscense false - $val = $this->getVal( $name, NULL ); + $val = $this->getVal( $name, null ); return isset( $val ); } /** * Fetch a text string from the given array or return $default if it's not - * set. \r is stripped from the text, and with some language modules there - * is an input transliteration applied. This should generally be used for - * form