MediaWiki  master
OutputHandler.php
Go to the documentation of this file.
1 <?php
30 function wfOutputHandler( $s ) {
31  global $wgDisableOutputCompression, $wgValidateAllHtml, $wgMangleFlashPolicy;
32  if ( $wgMangleFlashPolicy ) {
33  $s = wfMangleFlashPolicy( $s );
34  }
35  if ( $wgValidateAllHtml ) {
36  $headers = headers_list();
37  $isHTML = false;
38  foreach ( $headers as $header ) {
39  $parts = explode( ':', $header, 2 );
40  if ( count( $parts ) !== 2 ) {
41  continue;
42  }
43  $name = strtolower( trim( $parts[0] ) );
44  $value = trim( $parts[1] );
45  if ( $name == 'content-type' && ( strpos( $value, 'text/html' ) === 0
46  || strpos( $value, 'application/xhtml+xml' ) === 0 )
47  ) {
48  $isHTML = true;
49  break;
50  }
51  }
52  if ( $isHTML ) {
53  $s = wfHtmlValidationHandler( $s );
54  }
55  }
56  if ( !$wgDisableOutputCompression && !ini_get( 'zlib.output_compression' ) ) {
57  if ( !defined( 'MW_NO_OUTPUT_COMPRESSION' ) ) {
58  $s = wfGzipHandler( $s );
59  }
60  if ( !ini_get( 'output_handler' ) ) {
61  wfDoContentLength( strlen( $s ) );
62  }
63  }
64  return $s;
65 }
66 
75 function wfRequestExtension() {
77  if ( isset( $_SERVER['REQUEST_URI'] ) ) {
78  // Strip the query string...
79  list( $path ) = explode( '?', $_SERVER['REQUEST_URI'], 2 );
80  } elseif ( isset( $_SERVER['SCRIPT_NAME'] ) ) {
81  // Probably IIS. QUERY_STRING appears separately.
82  $path = $_SERVER['SCRIPT_NAME'];
83  } else {
84  // Can't get the path from the server? :(
85  return '';
86  }
87 
88  $period = strrpos( $path, '.' );
89  if ( $period !== false ) {
90  return strtolower( substr( $path, $period ) );
91  }
92  return '';
93 }
94 
103 function wfGzipHandler( $s ) {
104  if ( !function_exists( 'gzencode' ) ) {
105  wfDebug( __FUNCTION__ . "() skipping compression (gzencode unavailable)\n" );
106  return $s;
107  }
108  if ( headers_sent() ) {
109  wfDebug( __FUNCTION__ . "() skipping compression (headers already sent)\n" );
110  return $s;
111  }
112 
113  $ext = wfRequestExtension();
114  if ( $ext == '.gz' || $ext == '.tgz' ) {
115  // Don't do gzip compression if the URL path ends in .gz or .tgz
116  // This confuses Safari and triggers a download of the page,
117  // even though it's pretty clearly labeled as viewable HTML.
118  // Bad Safari! Bad!
119  return $s;
120  }
121 
122  if ( wfClientAcceptsGzip() ) {
123  wfDebug( __FUNCTION__ . "() is compressing output\n" );
124  header( 'Content-Encoding: gzip' );
125  $s = gzencode( $s, 6 );
126  }
127 
128  // Set vary header if it hasn't been set already
129  $headers = headers_list();
130  $foundVary = false;
131  foreach ( $headers as $header ) {
132  $headerName = strtolower( substr( $header, 0, 5 ) );
133  if ( $headerName == 'vary:' ) {
134  $foundVary = true;
135  break;
136  }
137  }
138  if ( !$foundVary ) {
139  header( 'Vary: Accept-Encoding' );
140  global $wgUseKeyHeader;
141  if ( $wgUseKeyHeader ) {
142  header( 'Key: Accept-Encoding;match=gzip' );
143  }
144  }
145  return $s;
146 }
147 
155 function wfMangleFlashPolicy( $s ) {
156  # Avoid weird excessive memory usage in PCRE on big articles
157  if ( preg_match( '/<\s*cross-domain-policy(?=\s|>)/i', $s ) ) {
158  return preg_replace( '/<(\s*)(cross-domain-policy(?=\s|>))/i', '<$1NOT-$2', $s );
159  } else {
160  return $s;
161  }
162 }
163 
169 function wfDoContentLength( $length ) {
170  if ( !headers_sent()
171  && isset( $_SERVER['SERVER_PROTOCOL'] )
172  && $_SERVER['SERVER_PROTOCOL'] == 'HTTP/1.0'
173  ) {
174  header( "Content-Length: $length" );
175  }
176 }
177 
185 function wfHtmlValidationHandler( $s ) {
186 
187  $errors = '';
188  if ( MWTidy::checkErrors( $s, $errors ) ) {
189  return $s;
190  }
191 
192  header( 'Cache-Control: no-cache' );
193 
194  $out = Html::element( 'h1', null, 'HTML validation error' );
195  $out .= Html::openElement( 'ul' );
196 
197  $error = strtok( $errors, "\n" );
198  $badLines = [];
199  while ( $error !== false ) {
200  if ( preg_match( '/^line (\d+)/', $error, $m ) ) {
201  $lineNum = intval( $m[1] );
202  $badLines[$lineNum] = true;
203  $out .= Html::rawElement( 'li', null,
204  Html::element( 'a', [ 'href' => "#line-{$lineNum}" ], $error ) ) . "\n";
205  }
206  $error = strtok( "\n" );
207  }
208 
209  $out .= Html::closeElement( 'ul' );
210  $out .= Html::element( 'pre', null, $errors );
211  $out .= Html::openElement( 'ol' ) . "\n";
212  $line = strtok( $s, "\n" );
213  $i = 1;
214  while ( $line !== false ) {
215  $attrs = [];
216  if ( isset( $badLines[$i] ) ) {
217  $attrs['class'] = 'highlight';
218  $attrs['id'] = "line-$i";
219  }
220  $out .= Html::element( 'li', $attrs, $line ) . "\n";
221  $line = strtok( "\n" );
222  $i++;
223  }
224  $out .= Html::closeElement( 'ol' );
225 
226  $style = <<<CSS
227 .highlight { background-color: #ffc }
228 li { white-space: pre }
229 CSS;
230 
231  $out = Html::htmlHeader( [ 'lang' => 'en', 'dir' => 'ltr' ] ) .
232  Html::rawElement( 'head', null,
233  Html::element( 'title', null, 'HTML validation error' ) .
234  Html::inlineStyle( $style ) ) .
235  Html::rawElement( 'body', null, $out ) .
236  Html::closeElement( 'html' );
237 
238  return $out;
239 }
Html\closeElement
static closeElement($element)
Returns "</$element>".
Definition: Html.php:306
list
deferred txt A few of the database updates required by various functions here can be deferred until after the result page is displayed to the user For updating the view updating the linked to tables after a etc PHP does not yet have any way to tell the server to actually return and disconnect while still running these but it might have such a feature in the future We handle these by creating a deferred update object and putting those objects on a global list
Definition: deferred.txt:11
$out
this hook is for auditing only or null if authentication failed before getting that far or null if we can t even determine that probably a stub it is not rendered in wiki pages or galleries in category pages allow injecting custom HTML after the section Any uses of the hook need to handle escaping see BaseTemplate::getToolbox and BaseTemplate::makeListItem for details on the format of individual items inside of this array or by returning and letting standard HTTP rendering take place modifiable or by returning false and taking over the output $out
Definition: hooks.txt:776
$wgUseKeyHeader
$wgUseKeyHeader
Send the Key HTTP header for better caching.
Definition: DefaultSettings.php:2628
Html\rawElement
static rawElement($element, $attribs=[], $contents= '')
Returns an HTML element in a string.
Definition: Html.php:210
MWTidy\checkErrors
static checkErrors($text, &$errorStr=null)
Check HTML for errors, used if $wgValidateAllHtml = true.
Definition: MWTidy.php:63
$value
$value
Definition: styleTest.css.php:45
$wgDisableOutputCompression
$wgDisableOutputCompression
Disable output compression (enabled by default if zlib is available)
Definition: DefaultSettings.php:3330
global
when a variable name is used in a it is silently declared as a new local masking the global
Definition: design.txt:93
$wgValidateAllHtml
$wgValidateAllHtml
Validate the overall output using tidy and refuse to display the page if it's not valid...
Definition: DefaultSettings.php:3230
wfDebug
wfDebug($text, $dest= 'all', array $context=[])
Sends a line to the debug log if enabled or, optionally, to a comment in output.
Definition: GlobalFunctions.php:997
wfGzipHandler
wfGzipHandler($s)
Handler that compresses data with gzip if allowed by the Accept header.
Definition: OutputHandler.php:103
Html\openElement
static openElement($element, $attribs=[])
Identical to rawElement(), but has no third parameter and omits the end tag (and the self-closing '/'...
Definition: Html.php:248
wfOutputHandler
wfOutputHandler($s)
Standard output handler for use with ob_start.
Definition: OutputHandler.php:30
wfClientAcceptsGzip
wfClientAcceptsGzip($force=false)
Definition: GlobalFunctions.php:1632
wfDoContentLength
wfDoContentLength($length)
Add a Content-Length header if possible.
Definition: OutputHandler.php:169
wfHtmlValidationHandler
wfHtmlValidationHandler($s)
Replace the output with an error if the HTML is not valid.
Definition: OutputHandler.php:185
Html\inlineStyle
static inlineStyle($contents, $media= 'all')
Output a "<style>" tag with the given contents for the given media type (if any). ...
Definition: Html.php:629
Html\htmlHeader
static htmlHeader(array $attribs=[])
Constructs the opening html-tag with necessary doctypes depending on global variables.
Definition: Html.php:910
as
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such as
Definition: distributors.txt:9
color
in the sidebar</td >< td > font color
Definition: All_system_messages.txt:425
wfRequestExtension
wfRequestExtension()
Get the "file extension" that some client apps will estimate from the currently-requested URL...
Definition: OutputHandler.php:75
php
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition: injection.txt:35
$wgMangleFlashPolicy
$wgMangleFlashPolicy
When OutputHandler is used, mangle any output that contains <cross-domain-policy>.
Definition: DefaultSettings.php:3442
$line
$line
Definition: cdb.php:59
Html\element
static element($element, $attribs=[], $contents= '')
Identical to rawElement(), but HTML-escapes $contents (like Xml::element()).
Definition: Html.php:230
wfMangleFlashPolicy
wfMangleFlashPolicy($s)
Mangle flash policy tags which open up the site to XSS attacks.
Definition: OutputHandler.php:155
$name
Allows to change the fields on the form that will be generated $name
Definition: hooks.txt:310