- Generated on Wed Jun 25 2014 21:02:02 for MediaWiki by
1.7.6.1
|
MediaWiki
REL1_21
|
00001 <?php 00038 class WebRequest { 00039 protected $data, $headers = array(); 00040 00045 private $response; 00046 00051 private $ip; 00052 00053 public function __construct() { 00057 $this->checkMagicQuotes(); 00058 00059 // POST overrides GET data 00060 // We don't use $_REQUEST here to avoid interference from cookies... 00061 $this->data = $_POST + $_GET; 00062 } 00063 00079 public static function getPathInfo( $want = 'all' ) { 00080 global $wgUsePathInfo; 00081 // PATH_INFO is mangled due to http://bugs.php.net/bug.php?id=31892 00082 // And also by Apache 2.x, double slashes are converted to single slashes. 00083 // So we will use REQUEST_URI if possible. 00084 $matches = array(); 00085 if ( !empty( $_SERVER['REQUEST_URI'] ) ) { 00086 // Slurp out the path portion to examine... 00087 $url = $_SERVER['REQUEST_URI']; 00088 if ( !preg_match( '!^https?://!', $url ) ) { 00089 $url = 'http://unused' . $url; 00090 } 00091 wfSuppressWarnings(); 00092 $a = parse_url( $url ); 00093 wfRestoreWarnings(); 00094 if( $a ) { 00095 $path = isset( $a['path'] ) ? $a['path'] : ''; 00096 00097 global $wgScript; 00098 if( $path == $wgScript && $want !== 'all' ) { 00099 // Script inside a rewrite path? 00100 // Abort to keep from breaking... 00101 return $matches; 00102 } 00103 00104 $router = new PathRouter; 00105 00106 // Raw PATH_INFO style 00107 $router->add( "$wgScript/$1" ); 00108 00109 if( isset( $_SERVER['SCRIPT_NAME'] ) 00110 && preg_match( '/\.php5?/', $_SERVER['SCRIPT_NAME'] ) ) 00111 { 00112 # Check for SCRIPT_NAME, we handle index.php explicitly 00113 # But we do have some other .php files such as img_auth.php 00114 # Don't let root article paths clober the parsing for them 00115 $router->add( $_SERVER['SCRIPT_NAME'] . "/$1" ); 00116 } 00117 00118 global $wgArticlePath; 00119 if( $wgArticlePath ) { 00120 $router->add( $wgArticlePath ); 00121 } 00122 00123 global $wgActionPaths; 00124 if( $wgActionPaths ) { 00125 $router->add( $wgActionPaths, array( 'action' => '$key' ) ); 00126 } 00127 00128 global $wgVariantArticlePath, $wgContLang; 00129 if( $wgVariantArticlePath ) { 00130 $router->add( $wgVariantArticlePath, 00131 array( 'variant' => '$2' ), 00132 array( '$2' => $wgContLang->getVariants() ) 00133 ); 00134 } 00135 00136 wfRunHooks( 'WebRequestPathInfoRouter', array( $router ) ); 00137 00138 $matches = $router->parse( $path ); 00139 } 00140 } elseif ( $wgUsePathInfo ) { 00141 if ( isset( $_SERVER['ORIG_PATH_INFO'] ) && $_SERVER['ORIG_PATH_INFO'] != '' ) { 00142 // Mangled PATH_INFO 00143 // http://bugs.php.net/bug.php?id=31892 00144 // Also reported when ini_get('cgi.fix_pathinfo')==false 00145 $matches['title'] = substr( $_SERVER['ORIG_PATH_INFO'], 1 ); 00146 00147 } elseif ( isset( $_SERVER['PATH_INFO'] ) && $_SERVER['PATH_INFO'] != '' ) { 00148 // Regular old PATH_INFO yay 00149 $matches['title'] = substr( $_SERVER['PATH_INFO'], 1 ); 00150 } 00151 } 00152 00153 return $matches; 00154 } 00155 00162 public static function detectServer() { 00163 list( $proto, $stdPort ) = self::detectProtocolAndStdPort(); 00164 00165 $varNames = array( 'HTTP_HOST', 'SERVER_NAME', 'HOSTNAME', 'SERVER_ADDR' ); 00166 $host = 'localhost'; 00167 $port = $stdPort; 00168 foreach ( $varNames as $varName ) { 00169 if ( !isset( $_SERVER[$varName] ) ) { 00170 continue; 00171 } 00172 $parts = IP::splitHostAndPort( $_SERVER[$varName] ); 00173 if ( !$parts ) { 00174 // Invalid, do not use 00175 continue; 00176 } 00177 $host = $parts[0]; 00178 if ( $parts[1] === false ) { 00179 if ( isset( $_SERVER['SERVER_PORT'] ) ) { 00180 $port = $_SERVER['SERVER_PORT']; 00181 } // else leave it as $stdPort 00182 } else { 00183 $port = $parts[1]; 00184 } 00185 break; 00186 } 00187 00188 return $proto . '://' . IP::combineHostAndPort( $host, $port, $stdPort ); 00189 } 00190 00194 public static function detectProtocolAndStdPort() { 00195 if ( ( isset( $_SERVER['HTTPS'] ) && $_SERVER['HTTPS'] == 'on' ) || 00196 ( isset( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) && 00197 $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' ) ) { 00198 $arr = array( 'https', 443 ); 00199 } else { 00200 $arr = array( 'http', 80 ); 00201 } 00202 return $arr; 00203 } 00204 00208 public static function detectProtocol() { 00209 list( $proto, ) = self::detectProtocolAndStdPort(); 00210 return $proto; 00211 } 00212 00220 public function interpolateTitle() { 00221 // bug 16019: title interpolation on API queries is useless and sometimes harmful 00222 if ( defined( 'MW_API' ) ) { 00223 return; 00224 } 00225 00226 $matches = self::getPathInfo( 'title' ); 00227 foreach( $matches as $key => $val) { 00228 $this->data[$key] = $_GET[$key] = $_REQUEST[$key] = $val; 00229 } 00230 } 00231 00242 static function extractTitle( $path, $bases, $key = false ) { 00243 foreach( (array)$bases as $keyValue => $base ) { 00244 // Find the part after $wgArticlePath 00245 $base = str_replace( '$1', '', $base ); 00246 $baseLen = strlen( $base ); 00247 if( substr( $path, 0, $baseLen ) == $base ) { 00248 $raw = substr( $path, $baseLen ); 00249 if( $raw !== '' ) { 00250 $matches = array( 'title' => rawurldecode( $raw ) ); 00251 if( $key ) { 00252 $matches[$key] = $keyValue; 00253 } 00254 return $matches; 00255 } 00256 } 00257 } 00258 return array(); 00259 } 00260 00272 private function &fix_magic_quotes( &$arr, $topLevel = true ) { 00273 $clean = array(); 00274 foreach( $arr as $key => $val ) { 00275 if( is_array( $val ) ) { 00276 $cleanKey = $topLevel ? stripslashes( $key ) : $key; 00277 $clean[$cleanKey] = $this->fix_magic_quotes( $arr[$key], false ); 00278 } else { 00279 $cleanKey = stripslashes( $key ); 00280 $clean[$cleanKey] = stripslashes( $val ); 00281 } 00282 } 00283 $arr = $clean; 00284 return $arr; 00285 } 00286 00293 private function checkMagicQuotes() { 00294 $mustFixQuotes = function_exists( 'get_magic_quotes_gpc' ) 00295 && get_magic_quotes_gpc(); 00296 if( $mustFixQuotes ) { 00297 $this->fix_magic_quotes( $_COOKIE ); 00298 $this->fix_magic_quotes( $_ENV ); 00299 $this->fix_magic_quotes( $_GET ); 00300 $this->fix_magic_quotes( $_POST ); 00301 $this->fix_magic_quotes( $_REQUEST ); 00302 $this->fix_magic_quotes( $_SERVER ); 00303 } 00304 } 00305 00313 function normalizeUnicode( $data ) { 00314 if( is_array( $data ) ) { 00315 foreach( $data as $key => $val ) { 00316 $data[$key] = $this->normalizeUnicode( $val ); 00317 } 00318 } else { 00319 global $wgContLang; 00320 $data = isset( $wgContLang ) ? $wgContLang->normalize( $data ) : UtfNormal::cleanUp( $data ); 00321 } 00322 return $data; 00323 } 00324 00333 private function getGPCVal( $arr, $name, $default ) { 00334 # PHP is so nice to not touch input data, except sometimes: 00335 # http://us2.php.net/variables.external#language.variables.external.dot-in-names 00336 # Work around PHP *feature* to avoid *bugs* elsewhere. 00337 $name = strtr( $name, '.', '_' ); 00338 if( isset( $arr[$name] ) ) { 00339 global $wgContLang; 00340 $data = $arr[$name]; 00341 if( isset( $_GET[$name] ) && !is_array( $data ) ) { 00342 # Check for alternate/legacy character encoding. 00343 if( isset( $wgContLang ) ) { 00344 $data = $wgContLang->checkTitleEncoding( $data ); 00345 } 00346 } 00347 $data = $this->normalizeUnicode( $data ); 00348 return $data; 00349 } else { 00350 taint( $default ); 00351 return $default; 00352 } 00353 } 00354 00365 public function getVal( $name, $default = null ) { 00366 $val = $this->getGPCVal( $this->data, $name, $default ); 00367 if( is_array( $val ) ) { 00368 $val = $default; 00369 } 00370 if( is_null( $val ) ) { 00371 return $val; 00372 } else { 00373 return (string)$val; 00374 } 00375 } 00376 00384 public function setVal( $key, $value ) { 00385 $ret = isset( $this->data[$key] ) ? $this->data[$key] : null; 00386 $this->data[$key] = $value; 00387 return $ret; 00388 } 00389 00396 public function unsetVal( $key ) { 00397 if ( !isset( $this->data[$key] ) ) { 00398 $ret = null; 00399 } else { 00400 $ret = $this->data[$key]; 00401 unset( $this->data[$key] ); 00402 } 00403 return $ret; 00404 } 00405 00415 public function getArray( $name, $default = null ) { 00416 $val = $this->getGPCVal( $this->data, $name, $default ); 00417 if( is_null( $val ) ) { 00418 return null; 00419 } else { 00420 return (array)$val; 00421 } 00422 } 00423 00434 public function getIntArray( $name, $default = null ) { 00435 $val = $this->getArray( $name, $default ); 00436 if( is_array( $val ) ) { 00437 $val = array_map( 'intval', $val ); 00438 } 00439 return $val; 00440 } 00441 00451 public function getInt( $name, $default = 0 ) { 00452 return intval( $this->getVal( $name, $default ) ); 00453 } 00454 00463 public function getIntOrNull( $name ) { 00464 $val = $this->getVal( $name ); 00465 return is_numeric( $val ) 00466 ? intval( $val ) 00467 : null; 00468 } 00469 00479 public function getBool( $name, $default = false ) { 00480 return (bool)$this->getVal( $name, $default ); 00481 } 00482 00492 public function getFuzzyBool( $name, $default = false ) { 00493 return $this->getBool( $name, $default ) && strcasecmp( $this->getVal( $name ), 'false' ) !== 0; 00494 } 00495 00504 public function getCheck( $name ) { 00505 # Checkboxes and buttons are only present when clicked 00506 # Presence connotes truth, absence false 00507 return $this->getVal( $name, null ) !== null; 00508 } 00509 00522 public function getText( $name, $default = '' ) { 00523 global $wgContLang; 00524 $val = $this->getVal( $name, $default ); 00525 return str_replace( "\r\n", "\n", 00526 $wgContLang->recodeInput( $val ) ); 00527 } 00528 00536 public function getValues() { 00537 $names = func_get_args(); 00538 if ( count( $names ) == 0 ) { 00539 $names = array_keys( $this->data ); 00540 } 00541 00542 $retVal = array(); 00543 foreach ( $names as $name ) { 00544 $value = $this->getGPCVal( $this->data, $name, null ); 00545 if ( !is_null( $value ) ) { 00546 $retVal[$name] = $value; 00547 } 00548 } 00549 return $retVal; 00550 } 00551 00558 public function getValueNames( $exclude = array() ) { 00559 return array_diff( array_keys( $this->getValues() ), $exclude ); 00560 } 00561 00568 public function getQueryValues() { 00569 return $_GET; 00570 } 00571 00577 public function getMethod() { 00578 return isset( $_SERVER['REQUEST_METHOD'] ) ? $_SERVER['REQUEST_METHOD'] : 'GET'; 00579 } 00580 00590 public function wasPosted() { 00591 return $this->getMethod() == 'POST'; 00592 } 00593 00605 public function checkSessionCookie() { 00606 return isset( $_COOKIE[ session_name() ] ); 00607 } 00608 00617 public function getCookie( $key, $prefix = null, $default = null ) { 00618 if( $prefix === null ) { 00619 global $wgCookiePrefix; 00620 $prefix = $wgCookiePrefix; 00621 } 00622 return $this->getGPCVal( $_COOKIE, $prefix . $key, $default ); 00623 } 00624 00632 public function getRequestURL() { 00633 if( isset( $_SERVER['REQUEST_URI'] ) && strlen( $_SERVER['REQUEST_URI'] ) ) { 00634 $base = $_SERVER['REQUEST_URI']; 00635 } elseif ( isset( $_SERVER['HTTP_X_ORIGINAL_URL'] ) && strlen( $_SERVER['HTTP_X_ORIGINAL_URL'] ) ) { 00636 // Probably IIS; doesn't set REQUEST_URI 00637 $base = $_SERVER['HTTP_X_ORIGINAL_URL']; 00638 } elseif( isset( $_SERVER['SCRIPT_NAME'] ) ) { 00639 $base = $_SERVER['SCRIPT_NAME']; 00640 if( isset( $_SERVER['QUERY_STRING'] ) && $_SERVER['QUERY_STRING'] != '' ) { 00641 $base .= '?' . $_SERVER['QUERY_STRING']; 00642 } 00643 } else { 00644 // This shouldn't happen! 00645 throw new MWException( "Web server doesn't provide either " . 00646 "REQUEST_URI, HTTP_X_ORIGINAL_URL or SCRIPT_NAME. Report details " . 00647 "of your web server configuration to http://bugzilla.wikimedia.org/" ); 00648 } 00649 // User-agents should not send a fragment with the URI, but 00650 // if they do, and the web server passes it on to us, we 00651 // need to strip it or we get false-positive redirect loops 00652 // or weird output URLs 00653 $hash = strpos( $base, '#' ); 00654 if( $hash !== false ) { 00655 $base = substr( $base, 0, $hash ); 00656 } 00657 if( $base[0] == '/' ) { 00658 return $base; 00659 } else { 00660 // We may get paths with a host prepended; strip it. 00661 return preg_replace( '!^[^:]+://[^/]+/!', '/', $base ); 00662 } 00663 } 00664 00675 public function getFullRequestURL() { 00676 return wfExpandUrl( $this->getRequestURL(), PROTO_CURRENT ); 00677 } 00678 00685 public function appendQuery( $query ) { 00686 return $this->appendQueryArray( wfCgiToArray( $query ) ); 00687 } 00688 00696 public function escapeAppendQuery( $query ) { 00697 return htmlspecialchars( $this->appendQuery( $query ) ); 00698 } 00699 00706 public function appendQueryValue( $key, $value, $onlyquery = false ) { 00707 return $this->appendQueryArray( array( $key => $value ), $onlyquery ); 00708 } 00709 00718 public function appendQueryArray( $array, $onlyquery = false ) { 00719 global $wgTitle; 00720 $newquery = $this->getQueryValues(); 00721 unset( $newquery['title'] ); 00722 $newquery = array_merge( $newquery, $array ); 00723 $query = wfArrayToCgi( $newquery ); 00724 return $onlyquery ? $query : $wgTitle->getLocalURL( $query ); 00725 } 00726 00736 public function getLimitOffset( $deflimit = 50, $optionname = 'rclimit' ) { 00737 global $wgUser; 00738 00739 $limit = $this->getInt( 'limit', 0 ); 00740 if( $limit < 0 ) { 00741 $limit = 0; 00742 } 00743 if( ( $limit == 0 ) && ( $optionname != '' ) ) { 00744 $limit = $wgUser->getIntOption( $optionname ); 00745 } 00746 if( $limit <= 0 ) { 00747 $limit = $deflimit; 00748 } 00749 if( $limit > 5000 ) { 00750 $limit = 5000; # We have *some* limits... 00751 } 00752 00753 $offset = $this->getInt( 'offset', 0 ); 00754 if( $offset < 0 ) { 00755 $offset = 0; 00756 } 00757 00758 return array( $limit, $offset ); 00759 } 00760 00767 public function getFileTempname( $key ) { 00768 $file = new WebRequestUpload( $this, $key ); 00769 return $file->getTempName(); 00770 } 00771 00779 public function getFileSize( $key ) { 00780 wfDeprecated( __METHOD__, '1.17' ); 00781 $file = new WebRequestUpload( $this, $key ); 00782 return $file->getSize(); 00783 } 00784 00791 public function getUploadError( $key ) { 00792 $file = new WebRequestUpload( $this, $key ); 00793 return $file->getError(); 00794 } 00795 00807 public function getFileName( $key ) { 00808 $file = new WebRequestUpload( $this, $key ); 00809 return $file->getName(); 00810 } 00811 00818 public function getUpload( $key ) { 00819 return new WebRequestUpload( $this, $key ); 00820 } 00821 00828 public function response() { 00829 /* Lazy initialization of response object for this request */ 00830 if ( !is_object( $this->response ) ) { 00831 $class = ( $this instanceof FauxRequest ) ? 'FauxResponse' : 'WebResponse'; 00832 $this->response = new $class(); 00833 } 00834 return $this->response; 00835 } 00836 00840 private function initHeaders() { 00841 if ( count( $this->headers ) ) { 00842 return; 00843 } 00844 00845 if ( function_exists( 'apache_request_headers' ) ) { 00846 foreach ( apache_request_headers() as $tempName => $tempValue ) { 00847 $this->headers[ strtoupper( $tempName ) ] = $tempValue; 00848 } 00849 } else { 00850 foreach ( $_SERVER as $name => $value ) { 00851 if ( substr( $name, 0, 5 ) === 'HTTP_' ) { 00852 $name = str_replace( '_', '-', substr( $name, 5 ) ); 00853 $this->headers[$name] = $value; 00854 } elseif ( $name === 'CONTENT_LENGTH' ) { 00855 $this->headers['CONTENT-LENGTH'] = $value; 00856 } 00857 } 00858 } 00859 } 00860 00866 public function getAllHeaders() { 00867 $this->initHeaders(); 00868 return $this->headers; 00869 } 00870 00877 public function getHeader( $name ) { 00878 $this->initHeaders(); 00879 $name = strtoupper( $name ); 00880 if ( isset( $this->headers[$name] ) ) { 00881 return $this->headers[$name]; 00882 } else { 00883 return false; 00884 } 00885 } 00886 00893 public function getSessionData( $key ) { 00894 if( !isset( $_SESSION[$key] ) ) { 00895 return null; 00896 } 00897 return $_SESSION[$key]; 00898 } 00899 00906 public function setSessionData( $key, $data ) { 00907 $_SESSION[$key] = $data; 00908 } 00909 00920 public function checkUrlExtension( $extWhitelist = array() ) { 00921 global $wgScriptExtension; 00922 $extWhitelist[] = ltrim( $wgScriptExtension, '.' ); 00923 if ( IEUrlExtension::areServerVarsBad( $_SERVER, $extWhitelist ) ) { 00924 if ( !$this->wasPosted() ) { 00925 $newUrl = IEUrlExtension::fixUrlForIE6( 00926 $this->getFullRequestURL(), $extWhitelist ); 00927 if ( $newUrl !== false ) { 00928 $this->doSecurityRedirect( $newUrl ); 00929 return false; 00930 } 00931 } 00932 throw new HttpError( 403, 00933 'Invalid file extension found in the path info or query string.' ); 00934 } 00935 return true; 00936 } 00937 00945 protected function doSecurityRedirect( $url ) { 00946 header( 'Location: ' . $url ); 00947 header( 'Content-Type: text/html' ); 00948 $encUrl = htmlspecialchars( $url ); 00949 echo <<<HTML 00950 <html> 00951 <head> 00952 <title>Security redirect</title> 00953 </head> 00954 <body> 00955 <h1>Security redirect</h1> 00956 <p> 00957 We can't serve non-HTML content from the URL you have requested, because 00958 Internet Explorer would interpret it as an incorrect and potentially dangerous 00959 content type.</p> 00960 <p>Instead, please use <a href="$encUrl">this URL</a>, which is the same as the URL you have requested, except that 00961 "&*" is appended. This prevents Internet Explorer from seeing a bogus file 00962 extension. 00963 </p> 00964 </body> 00965 </html> 00966 HTML; 00967 echo "\n"; 00968 return true; 00969 } 00970 00993 public function isPathInfoBad( $extWhitelist = array() ) { 00994 wfDeprecated( __METHOD__, '1.17' ); 00995 global $wgScriptExtension; 00996 $extWhitelist[] = ltrim( $wgScriptExtension, '.' ); 00997 return IEUrlExtension::areServerVarsBad( $_SERVER, $extWhitelist ); 00998 } 00999 01008 public function getAcceptLang() { 01009 // Modified version of code found at http://www.thefutureoftheweb.com/blog/use-accept-language-header 01010 $acceptLang = $this->getHeader( 'Accept-Language' ); 01011 if ( !$acceptLang ) { 01012 return array(); 01013 } 01014 01015 // Return the language codes in lower case 01016 $acceptLang = strtolower( $acceptLang ); 01017 01018 // Break up string into pieces (languages and q factors) 01019 $lang_parse = null; 01020 preg_match_all( '/([a-z]{1,8}(-[a-z]{1,8})*|\*)\s*(;\s*q\s*=\s*(1(\.0{0,3})?|0(\.[0-9]{0,3})?)?)?/', 01021 $acceptLang, $lang_parse ); 01022 01023 if ( !count( $lang_parse[1] ) ) { 01024 return array(); 01025 } 01026 01027 $langcodes = $lang_parse[1]; 01028 $qvalues = $lang_parse[4]; 01029 $indices = range( 0, count( $lang_parse[1] ) - 1 ); 01030 01031 // Set default q factor to 1 01032 foreach ( $indices as $index ) { 01033 if ( $qvalues[$index] === '' ) { 01034 $qvalues[$index] = 1; 01035 } elseif ( $qvalues[$index] == 0 ) { 01036 unset( $langcodes[$index], $qvalues[$index], $indices[$index] ); 01037 } 01038 } 01039 01040 // Sort list. First by $qvalues, then by order. Reorder $langcodes the same way 01041 array_multisort( $qvalues, SORT_DESC, SORT_NUMERIC, $indices, $langcodes ); 01042 01043 // Create a list like "en" => 0.8 01044 $langs = array_combine( $langcodes, $qvalues ); 01045 01046 return $langs; 01047 } 01048 01057 protected function getRawIP() { 01058 if ( !isset( $_SERVER['REMOTE_ADDR'] ) ) { 01059 return null; 01060 } 01061 01062 if ( is_array( $_SERVER['REMOTE_ADDR'] ) || strpos( $_SERVER['REMOTE_ADDR'], ',' ) !== false ) { 01063 throw new MWException( __METHOD__ . " : Could not determine the remote IP address due to multiple values." ); 01064 } else { 01065 $ipchain = $_SERVER['REMOTE_ADDR']; 01066 } 01067 01068 return IP::canonicalize( $ipchain ); 01069 } 01070 01080 public function getIP() { 01081 global $wgUsePrivateIPs; 01082 01083 # Return cached result 01084 if ( $this->ip !== null ) { 01085 return $this->ip; 01086 } 01087 01088 # collect the originating ips 01089 $ip = $this->getRawIP(); 01090 01091 # Append XFF 01092 $forwardedFor = $this->getHeader( 'X-Forwarded-For' ); 01093 if ( $forwardedFor !== false ) { 01094 $ipchain = array_map( 'trim', explode( ',', $forwardedFor ) ); 01095 $ipchain = array_reverse( $ipchain ); 01096 if ( $ip ) { 01097 array_unshift( $ipchain, $ip ); 01098 } 01099 01100 # Step through XFF list and find the last address in the list which is a trusted server 01101 # Set $ip to the IP address given by that trusted server, unless the address is not sensible (e.g. private) 01102 foreach ( $ipchain as $i => $curIP ) { 01103 $curIP = IP::canonicalize( $curIP ); 01104 if ( wfIsTrustedProxy( $curIP ) ) { 01105 if ( isset( $ipchain[$i + 1] ) ) { 01106 if ( $wgUsePrivateIPs || IP::isPublic( $ipchain[$i + 1 ] ) ) { 01107 $ip = $ipchain[$i + 1]; 01108 } 01109 } 01110 } else { 01111 break; 01112 } 01113 } 01114 } 01115 01116 # Allow extensions to improve our guess 01117 wfRunHooks( 'GetIP', array( &$ip ) ); 01118 01119 if ( !$ip ) { 01120 throw new MWException( "Unable to determine IP" ); 01121 } 01122 01123 wfDebug( "IP: $ip\n" ); 01124 $this->ip = $ip; 01125 return $ip; 01126 } 01127 01133 public function setIP( $ip ) { 01134 $this->ip = $ip; 01135 } 01136 } 01137 01141 class WebRequestUpload { 01142 protected $request; 01143 protected $doesExist; 01144 protected $fileInfo; 01145 01152 public function __construct( $request, $key ) { 01153 $this->request = $request; 01154 $this->doesExist = isset( $_FILES[$key] ); 01155 if ( $this->doesExist ) { 01156 $this->fileInfo = $_FILES[$key]; 01157 } 01158 } 01159 01165 public function exists() { 01166 return $this->doesExist; 01167 } 01168 01174 public function getName() { 01175 if ( !$this->exists() ) { 01176 return null; 01177 } 01178 01179 global $wgContLang; 01180 $name = $this->fileInfo['name']; 01181 01182 # Safari sends filenames in HTML-encoded Unicode form D... 01183 # Horrid and evil! Let's try to make some kind of sense of it. 01184 $name = Sanitizer::decodeCharReferences( $name ); 01185 $name = $wgContLang->normalize( $name ); 01186 wfDebug( __METHOD__ . ": {$this->fileInfo['name']} normalized to '$name'\n" ); 01187 return $name; 01188 } 01189 01195 public function getSize() { 01196 if ( !$this->exists() ) { 01197 return 0; 01198 } 01199 01200 return $this->fileInfo['size']; 01201 } 01202 01208 public function getTempName() { 01209 if ( !$this->exists() ) { 01210 return null; 01211 } 01212 01213 return $this->fileInfo['tmp_name']; 01214 } 01215 01222 public function getError() { 01223 if ( !$this->exists() ) { 01224 return 0; # UPLOAD_ERR_OK 01225 } 01226 01227 return $this->fileInfo['error']; 01228 } 01229 01236 public function isIniSizeOverflow() { 01237 if ( $this->getError() == UPLOAD_ERR_INI_SIZE ) { 01238 # PHP indicated that upload_max_filesize is exceeded 01239 return true; 01240 } 01241 01242 $contentLength = $this->request->getHeader( 'CONTENT_LENGTH' ); 01243 if ( $contentLength > wfShorthandToInteger( ini_get( 'post_max_size' ) ) ) { 01244 # post_max_size is exceeded 01245 return true; 01246 } 01247 01248 return false; 01249 } 01250 } 01251 01257 class FauxRequest extends WebRequest { 01258 private $wasPosted = false; 01259 private $session = array(); 01260 01268 public function __construct( $data = array(), $wasPosted = false, $session = null ) { 01269 if( is_array( $data ) ) { 01270 $this->data = $data; 01271 } else { 01272 throw new MWException( "FauxRequest() got bogus data" ); 01273 } 01274 $this->wasPosted = $wasPosted; 01275 if( $session ) { 01276 $this->session = $session; 01277 } 01278 } 01279 01284 private function notImplemented( $method ) { 01285 throw new MWException( "{$method}() not implemented" ); 01286 } 01287 01293 public function getText( $name, $default = '' ) { 01294 # Override; don't recode since we're using internal data 01295 return (string)$this->getVal( $name, $default ); 01296 } 01297 01301 public function getValues() { 01302 return $this->data; 01303 } 01304 01308 public function getQueryValues() { 01309 if ( $this->wasPosted ) { 01310 return array(); 01311 } else { 01312 return $this->data; 01313 } 01314 } 01315 01316 public function getMethod() { 01317 return $this->wasPosted ? 'POST' : 'GET'; 01318 } 01319 01323 public function wasPosted() { 01324 return $this->wasPosted; 01325 } 01326 01327 public function getCookie( $key, $prefix = null, $default = null ) { 01328 return $default; 01329 } 01330 01331 public function checkSessionCookie() { 01332 return false; 01333 } 01334 01335 public function getRequestURL() { 01336 $this->notImplemented( __METHOD__ ); 01337 } 01338 01343 public function getHeader( $name ) { 01344 return isset( $this->headers[$name] ) ? $this->headers[$name] : false; 01345 } 01346 01351 public function setHeader( $name, $val ) { 01352 $this->headers[$name] = $val; 01353 } 01354 01359 public function getSessionData( $key ) { 01360 if( isset( $this->session[$key] ) ) { 01361 return $this->session[$key]; 01362 } 01363 return null; 01364 } 01365 01370 public function setSessionData( $key, $data ) { 01371 $this->session[$key] = $data; 01372 } 01373 01377 public function getSessionArray() { 01378 return $this->session; 01379 } 01380 01385 public function isPathInfoBad( $extWhitelist = array() ) { 01386 return false; 01387 } 01388 01393 public function checkUrlExtension( $extWhitelist = array() ) { 01394 return true; 01395 } 01396 01400 protected function getRawIP() { 01401 return '127.0.0.1'; 01402 } 01403 } 01404 01413 class DerivativeRequest extends FauxRequest { 01414 private $base; 01415 01416 public function __construct( WebRequest $base, $data, $wasPosted = false ) { 01417 $this->base = $base; 01418 parent::__construct( $data, $wasPosted ); 01419 } 01420 01421 public function getCookie( $key, $prefix = null, $default = null ) { 01422 return $this->base->getCookie( $key, $prefix, $default ); 01423 } 01424 01425 public function checkSessionCookie() { 01426 return $this->base->checkSessionCookie(); 01427 } 01428 01429 public function getHeader( $name ) { 01430 return $this->base->getHeader( $name ); 01431 } 01432 01433 public function getAllHeaders() { 01434 return $this->base->getAllHeaders(); 01435 } 01436 01437 public function getSessionData( $key ) { 01438 return $this->base->getSessionData( $key ); 01439 } 01440 01441 public function setSessionData( $key, $data ) { 01442 $this->base->setSessionData( $key, $data ); 01443 } 01444 01445 public function getAcceptLang() { 01446 return $this->base->getAcceptLang(); 01447 } 01448 01449 public function getIP() { 01450 return $this->base->getIP(); 01451 } 01452 }
1.7.6.1