aboutsummaryrefslogtreecommitdiffstats
path: root/includes/OutputHandler.php
Commit message (Collapse)AuthorAgeFilesLines
* Reorg: Move three output related classes to includes/Output/Amir Sarabadani2023-09-051-206/+0
| | | | | | | | | | And namesapce them: - StreamFile - OutputHandler - OutputPage Bug: T321882 Change-Id: Iedf8d88c595e580f2d8f0734c92aa5c45618ba33
* Revert "Reorg: Move some of request related classes to MediaWiki/Request"Zabe2022-10-271-3/+3
| | | | | | | | | This reverts commit 2bdc0b2b7209441a42a784157633a8a01b321922. Reason for revert: T166010#8349431 Bug: T166010 Change-Id: Idcd3025647aec99532f5d69b9c1718c531761283
* Reorg: Move some of request related classes to MediaWiki/RequestAmir Sarabadani2022-10-261-3/+3
| | | | | | | | | | | | | Moving: - DerivativeRequest - FauxRequest - FauxRequestUpload - PathRouter - WebRequest - WebRequestUpload Bug: T166010 Change-Id: I5ea70120d745f2876ae31d039f3f8a51e49e9ad8
* Remove Flash cross-domain policy manglingTim Starling2022-07-221-20/+0
| | | | | | | | | | | | Remove Flash cross-domain policy mangling. Users who are somehow still using Flash as a browser extension will be exposed to CSRF vulnerabilities. Deprecate the config since deprecation has some advantages in the new config system over simple removal. Bug: T279496 Change-Id: I2c0e85a430d7e6aaf8d5decd00cf1dade04cebe1
* Use name constants to access config settings.daniel2022-04-071-2/+2
| | | | | | | | | | | Use name constants instead of string literals in calls to Config::get and ServiceOptions::get, when referring to core configuration variables. This protects against typos and makes the decumentation and schema declaration of the config settings discoverable. This is the first batch, only touching files directly under /includes/ Change-Id: I7252e636c7c86d950d9257b33491af492c6dd5eb
* Refactor global variables to use MediaWikiServices insteadTChin2022-01-101-4/+5
| | | | | | | | | | | | Automatically refactors wg prefixed globals to use MediaWikiServices config using Rector. Doesn't include files that set globals or files that fail CI. Rector Gist: https://gist.github.com/tchin25/7cc54f6d23aedef010b22e4dfbead228 * This patch uses a modified source code rector library for our specific use case and the rector will have different effects without it. A writeup for future reference is here: https://meta.wikimedia.org/wiki/User:TChin_(WMF)/Using_Rector_On_MediaWiki Change-Id: I1a691f01cd82e60bf41207d32501edb4b9835e37
* Remove or replace usages of "sanity"Reedy2021-11-191-1/+1
| | | | | Bug: T254646 Change-Id: I2b120f0b9c9e1dc1a6c216bfefa3f2463efe1001
* OutputHandler: Omit debug() call for common caseTimo Tijhof2021-09-231-8/+6
| | | | | | | | | | | | | Folllows-up I4c2d478b492ff17. * MW_ENTRY_POINT can only be undefined in very early WebStart/Setup code. In code outside those files, and by the time MW_SETUP_CALLBACK OutputHandler run, this is always filled in to at least "unknown". * Inline extra code to the less common conditional block. Bug: T290776 Change-Id: Ia7fa6cb0ff156ed6cb0212443ac3a97c91982d4b
* Fix $wgDisableOutputCompression and $phase checks in OutputHandlerAaron Schulz2021-09-221-2/+12
| | | | | | | | | | | | | The config variable check from 6c81f0b868d2 needed a negation. The phase check from 374bdc0f7c790d should have been a conjuction. Also add some debug logging statements. Follow-up to 6c81f0b868d2 and 374bdc0f7c790d. Bug: T290776 Change-Id: I4c2d478b492ff17bdad76bf75119b5926f7917e8
* Reapply Content-Length deferred updates patchesTim Starling2021-04-081-12/+66
| | | | | | | | | | | | | | | * Revert "Disable DEFER_SET_LENGTH_AND_FLUSH headers to avoid HTTP errors" * Reapply "Avoid HTTP protocol errors when fastcgi_finish_request() is unavailable" * Reapply "Move logDataPageOutputOnly() call to outputResponsePayload()" This reverts commit 0393ddbb2a08a4d278b1d0ef65b1f4c391d769b5. This reverts commit 89065a22aac744363dc528f73423a2f37d73ce14. This reverts commit e70757f58b9a3252882f3d3b516f23cd7c61430e. Change-Id: I8a362a80bb1aa147192218a37df34aadba34fb2e
* Don't send headers on ob_end_clean()Tim Starling2021-04-081-1/+6
| | | | | | | | | | Replace the global variable hack in wfResetOutputBuffers() with a check for the PHP_OUTPUT_HANDLER_CLEAN flag in the $phase parameter, available since PHP 5.4.0. Aaron's Content-Length patch will work if applied on top of this. Bug: T278579 Change-Id: I9ec12f499821826038a39ebe94eed136f123b078
* Revert "Avoid HTTP protocol errors when fastcgi_finish_request() is unavailable"Reedy2021-04-021-65/+12
| | | | | | | This reverts commit f4f0ad970e08ddeb1795e74dbf0230019a850a7b. Bug: T278579 Change-Id: I3071209eff16b5dcc853f497a243a9af0883b67a
* Avoid HTTP protocol errors when fastcgi_finish_request() is unavailableAaron Schulz2021-03-241-12/+65
| | | | | | | | | | | | | | | | | | | | | | | | | This fixes problem that arise with apache2/mod_php due to deferred updates * Do not send unnecessary and invalid "Content-Encoding: identity" header * Do not send "Connection: close" if HTTP2 is detected (per the HTTP spec) pending, which reduces the use of output buffer and HTTP header tricks * Make sure that no output is emitted in doPostOutputShutdown() from any deferred updates since the response will have already been flushed to the client by that point * Make the Content-Length header logic in outputResponsePayload() account for cases where there is a non-empty output buffer, cases where there are several output buffers (bail out), and limit the use of the header to HTTP 200/404 responses (avoids violation of the HTTP spec) * Make sure OutputHandler::handle() does not send payloads for responses that must not have one (e.g. "204 No Content") * If an output buffer using OutputHandler::handle is active, then let it handle the setting of Content-Length rather than outputResponsePayload() * Do not bother trying to disable zlib.output_compression, since that did not actually stop the client from getting blocked * Set "no-gzip" via apache_setenv() unconditionally Bug: T235554 Change-Id: I26f16457698c2c45e561b0c79c78a74e7f47126c
* Comments: use only // instead of moreDannyS7122021-03-101-1/+1
| | | | | | | | | No need for three or more slashes Except in some places where a bunch more are used for drawing attention to something Change-Id: Ic90358eb89a14a04d2b66c48e52e8fb20de0eb04
* Remove terminating line breaks from debug messagesTim Starling2020-06-031-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | A terminating line break has not been required in wfDebug() since 2014, however no migration was done. Some of these line breaks found their way into LoggerInterface::debug() calls, where they mess up the formatting of the debug log. So, remove terminating line breaks from wfDebug() and LoggerInterface::debug() calls. Also: * Fix the stripping of leading line breaks from the log header emitted by Setup.php. This feature, accidentally broken in 2014, allows requests to be distinguished in the log file. * Avoid using the global variable $self. * Move the logging of the client IP back to Setup.php. It was moved to WebRequest in the hopes that it would not always be needed, however $wgRequest->getIP() is now called unconditionally a few lines up in Setup.php. This means that it is put in its proper place after the "start request" message. * Wrap the log header code in a closure so that variables like $name do not leak into global scope. * In Linker.php, remove a few instances of an unnecessary second parameter to wfDebug(). Change-Id: I96651d3044a95b9d210b51cb8368edc76bebbb9e
* Remove $wgUseKeyHeader and OutputPage::getKeyHeader(), deprecated in 1.32C. Scott Ananian2019-06-191-4/+0
| | | | | | | | These implemented a since-abandoned draft IETF spec, and the code was broken due to (1) case-(in)sensitivity issues with the Accept-Language header and (2) the BCP47 language code compatibility workaround we use. Change-Id: Ia53d07cd8ce8ab1497294ea244c13c7499f632c7
* Simplify a few list() that only care about the first elementThiemo Kreuz2019-05-171-1/+1
| | | | | | | | | | | | The nice thing about explode() is that the resulting array is guaranteed to contain at least one element. The array can not be empty. In some of these cases it might be possible to use strstr() instead, but that returns an empty string when the needle character is not found. explode() returns the original string in this case. Change-Id: I6ad1f3273defeaf36e2305fd871eaaf9d3c1e134
* Immediately drop wgValidateAllHtml and related codeJames D. Forrester2018-04-101-86/+1
| | | | | Bug: T191670 Change-Id: If13d02ee1b30fec1c701226af9d363c6e08b3737
* Convert OutputHandler functions to a classTimo Tijhof2018-03-201-183/+192
| | | | | | | | | | | | | | | | | | | | | | | | | * Convert OutputHandler.php from global functions to a class. - wfOutputHandler → OutputHandler::handle (no alias, no usage outside core) - wfGzipHandler → OutputHandler::handleGzip (private, no usage outside class) - wfRequestExtension → OutputHandler::findUriExtension (private, no usage outside class) - wfMangleFlashPolicy → OutputHandler::mangleFlashPolicy (private, no usage outside class) - wfDoContentLength → OutputHandler::emitContentLength (private, no usage outside class) - wfHtmlValidationHandler → OutputHandler::validateAllHtml (private, no usage outside class) * Add the class to autoload.php for exposure outside WebStart. Specifically, for use in ApiFormatPhpTest. This also removes the need to manually load the class because this code runs after Setup.php loads AutoLoader.php. Bug: T189966 Change-Id: I27a41ec0ae0ee30aeb313a616323b967605c4055
* Remove empty lines at begin of function, if, foreach, switchUmherirrender2017-07-011-1/+0
| | | | | | Organize phpcs.xml a bit Change-Id: Ifb767729b481b4b686e6d6444cf48b1f580cc478
* SECURITY: Improve cross-domain-policy manglingBrad Jorsch2016-05-201-2/+2
| | | | | | | | | Take into account that the tag might have parameters. Bug: T123653 Change-Id: Ie9799f5ea45badfb4e7b4be7e7fbc1c35cc86f26 Signed-off-by: Chad Horohoe <chadh@wikimedia.org>
* Convert all array() syntax to []Kunal Mehta2016-02-171-4/+4
| | | | | | | | | | Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
* Replace "squid" with "CDN" in various commentsAaron Schulz2015-12-091-1/+1
| | | | Change-Id: Idcc528daf28e119349155d36e30a9bcf61b2e7d5
* Replace XVO with support for the Key HTTP headerFaidon Liambotis2015-10-071-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | MediaWiki currently has support for a header called X-Vary-Options (XVO), used to communicate to upstream caches more granular cache variance options than the Vary header can. The header was envisioned by Tim Starling back in 2008 and implemented into MediaWiki and Squid 2.0, with those patches submitted to the squid-dev mailing list at the time: http://www.squid-cache.org/mail-archive/squid-dev/200802/0085.html The patches never actually made it into an upstream Squid release, however, and Squid has since evolved in potentially significant ways. Wikimedia has since switched to Varnish but XVO was not ported over as it was deemed too complex at the time; custom VCL was used instead. To our knowledge, noone else is using XVO in production and certainly not with recent, up-to-date MediaWiki releases. There is currently work at IETF's httpbis working group for a "Key" header that is in concept and implementation very similar to Tim's XVO header: https://datatracker.ietf.org/doc/draft-fielding-http-key/ Rather than rip XVO out of MediaWiki, replace it with support for the Key header, as preliminary defined by the draft spec. This is an almost straight search-and-replace. No other software (caching proxy or user-agent) currently implements Key to my knowledge, so this is essentially untested. Change-Id: I949fc289dd5d48bd34f3b37f7739e2b9cd5db277
* Fix case insensitive string comparison for http header namesSergio Santoro2014-12-121-1/+2
| | | | | | As of RFC 2616 sec 4.2, http header names are case insensitive. Change-Id: Ib72df2572f5a9c825c5b3ad7735126f3687aad79
* Make calling wfMangleFlashPolicy configurablecsteipp2014-11-191-2/+4
| | | | | | | | Add $wgMangleFlashPolicy so sites that define a safe master flash policy can disable mangling of the <cross-domain-policy> string. Bug: 66776 Change-Id: Ic0db939aae9d0bb6bdfc3cd9ce282661bad46783
* Make phpcs-strict pass on includes/ (2/~10)Siebrand Mazeland2014-05-111-1/+4
| | | | Change-Id: I59fa9af7b16e0a5a4eb8a5cc764a605b18137316
* Fixed some @params documentation (includes/*)umherirrender2014-04-201-5/+5
| | | | | | | | | Swapped some "$var type" to "type $var" or added missing types before the $var. Changed some other types to match the more common spelling. Makes beginning of some text in captial. Also added some missing @param. Change-Id: I7f605aa9e117b5fd80d9b1440864fe526d2b14a5
* Fix fatal error when $wgValidateAllHtml is enabled and ↵Alexandre Emsenhuber2013-07-251-5/+13
| | | | | | | | apache_request_headers() does not exists Changed apache_request_headers() to headers_list() since the latter is always available Change-Id: Ia52f5a0d12db0680aa03b57dd45c974291e88af9
* Drop support for XHTML 1.0Daniel Friesen2013-05-151-23/+25
| | | | | | | | | | | * $wgHtml5 = false; is now ignored completely. * $wgDocType and $wgDTD have been removed. * $wgXhtmlDefaultNamespace is now ignored. * XHTML5 will be output if $wgMimeType is set to an XML mime type (according to HTML5's rules). * For backwards compatibility with extensions $wgHtml5 and $wgXhtmlDefaultNamespace are set in Setup.php but depending on them is deprecated. Change-Id: Iad9634e2ee420b5a3bbffe550421fde4fa1819b0
* Fixed spacing in files direct in includes folderumherirrender2013-04-211-7/+7
| | | | | | | Added spaces before if, foreach Added some braces for one line statements Change-Id: Ibb8dd102db045522d12ff939075ba7420d95ab6b
* Spellchecked /includes directoryYuri Astrakhan2013-03-131-1/+1
| | | | | | | | | * Ran spell-checker over code comments in /includes/ * A few spellchecking fixes for wfDebug() calls Found one very strange (NOOP?) line in Linker.php - see "TODO: BUG?" Change-Id: Ibb86b51073b980eda9ecce2cf0b8dd33f058adbf
* (bug 43218) Fixing PHP notice: undefined SERVER_PROTOCOL keyDereckson2012-12-181-1/+1
| | | | Change-Id: I1ce7605a7c8503aed37ed9b3e7c3f3c13083db6f
* Remove a bunch of trailing spaces and unneeded newlinesumherirrender2012-10-101-3/+3
| | | | Change-Id: I00f369641320acd7f087427ef031f3ee7efa0997
* Added missing GPLv2 headers in some places.Alexandre Emsenhuber2012-05-111-1/+16
| | | | | | Also made file/class documentation more consistent. Change-Id: Ia45d0756cd84138da267bf1cbd1a58be7f28c6d1
* debug statements for HTMLFileCache / OutputAntoine Musso2012-02-091-1/+7
| | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/111026
* And more documentation. YaaaaySam Reed2011-05-281-1/+3
| | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/89047
* More adding, updating and tweaking of documentationSam Reed2011-05-211-0/+18
| | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/88531
* Use consistent notation for "@todo FIXME". Should update ↵Siebrand Mazeland2011-05-171-1/+1
| | | | | | | http://svn.wikimedia.org/doc/todo.html nicely. Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/88355
* * Standardised file description headersAlexandre Emsenhuber2010-08-141-0/+5
| | | | | | | | * Added some descriptions * Added @file where needed Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/71078
* Send XVO headers only if $wgUseXVO is true.Tim Starling2010-07-231-1/+4
| | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/69770
* War on xml:langAryeh Gregor2010-02-111-1/+1
| | | | | | | | There is no reason to use this in HTML in addition to the lang attribute. No spec requires it (AFAIK) and it's completely redundant. Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/62312
* (bug 22034) use wfClientAcceptsGzip() in wfGzipHandler instead of ↵Platonides2010-01-141-6/+3
| | | | | | | | | reimplementing it. $wgUseGzip check on wfClientAcceptsGzip() is removed since HTMLFileCache (the only wfClientAcceptsGzip() user) already checked that before calling it. This way, $wgUseGzip stays applying only for file cache, and $wgDisableOutputCompression for output handler. Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/61054
* Revert 60864: "Use wfClientAcceptsGzip() in wfGzipHandler." Causes PHP ↵Siebrand Mazeland2010-01-091-3/+6
| | | | | | | Notice: Undefined index: HTTP_ACCEPT_ENCODING in GlobalFunctions.php on line 1175 Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/60871
* (bug 22034) Use wfClientAcceptsGzip() in wfGzipHandler. Patch by Platonides.Siebrand Mazeland2010-01-091-6/+3
| | | | | | | wfGzipHandler should use wfClientAcceptsGzip() instead of reimplementing it. Patch does this and removes the $wgUseGzip check on wfClientAcceptsGzip() since HTMLFileCache (the only wfClientAcceptsGzip() user) already checked that before calling it. This way $wgUseGzip stays applying only for file cache, and $wgDisableOutputCompression for output handler. Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/60864
* Replaced all @fixme with "@todo Fixme" since doxygen doesn't have a @fixme ↵Alexandre Emsenhuber2009-12-151-1/+1
| | | | | | | command Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/60093
* Code cleanup, covert leading spaces into tabs per coding styleOverlordQ2009-11-141-2/+2
| | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/59080
* sweet spot for compression, per:Domas Mituzas2009-08-281-1/+1
| | | | | | | * http://spreadsheets.google.com/pub?key=t-EjyzEfh0t39hoQbf-a5fw Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/55654
* Re-revert r46344 because of crossing commits (r46346)Siebrand Mazeland2009-01-271-43/+5
| | | | Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/46348
* Revert r46344. PHP Fatal error: Class 'MWTidy' not found in ↵Siebrand Mazeland2009-01-271-5/+43
| | | | | | | /var/www/w/includes/parser/Parser.php on line 378 Notes: http://mediawiki.org/wiki/Special:Code/MediaWiki/46347
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-25 04:27:21 +0000