wiki.techinc.nl/includes/OutputHandler.php

<?php

/**
 * Standard output handler for use with ob_start
 */
function wfOutputHandler( $s ) {
	global $wgDisableOutputCompression;
	$s = wfMangleFlashPolicy( $s );
	if ( !$wgDisableOutputCompression && !ini_get( 'zlib.output_compression' ) ) {
		if ( !defined( 'MW_NO_OUTPUT_COMPRESSION' ) ) {
			$s = wfGzipHandler( $s );
		}
		if ( !ini_get( 'output_handler' ) ) {
			wfDoContentLength( strlen( $s ) );
		}
	}
	return $s;
}

/**
 * Handler that compresses data with gzip if allowed by the Accept header.
 * Unlike ob_gzhandler, it works for HEAD requests too.
 */
function wfGzipHandler( $s ) {
	if ( function_exists( 'gzencode' ) && !headers_sent() ) {
		$tokens = preg_split( '/[,; ]/', $_SERVER['HTTP_ACCEPT_ENCODING'] );
		if ( in_array( 'gzip', $tokens ) ) {
			header( 'Content-Encoding: gzip' );
			$s = gzencode( $s, 3 );

			# Set vary header if it hasn't been set already
			$headers = headers_list();
			$foundVary = false;
			foreach ( $headers as $header ) {
				if ( substr( $header, 0, 5 ) == 'Vary:' ) {
					$foundVary = true;
					break;
				}
			}
			if ( !$foundVary ) {
				header( 'Vary: Accept-Encoding' );
			}
		}
	}
	return $s;
}

/**
 * Mangle flash policy tags which open up the site to XSS attacks.
 */
function wfMangleFlashPolicy( $s ) {
	return preg_replace( '/\<\s*cross-domain-policy\s*\>/i', '<NOT-cross-domain-policy>', $s );
}

/**
 * Add a Content-Length header if possible. This makes it cooperate with squid better.
 */
function wfDoContentLength( $length ) {
	if ( !headers_sent() && $_SERVER['SERVER_PROTOCOL'] == 'HTTP/1.0' ) {
		header( "Content-Length: $length" );
	}
}
* Moved the main ob_start() from the default LocalSettings.php to WebStart.php. The ob_start() section should preferably be removed from older LocalSettings.php files. * Give Content-Length header for HTTP/1.0 clients. * Partial support for Flash cross-domain-policy filtering. Text entry points should be protected, but uploads are not. 2007-02-19 23:03:37 +00:00			`<?php`

			`/**`
			`* Standard output handler for use with ob_start`
			`*/`
			`function wfOutputHandler( $s ) {`
			`global $wgDisableOutputCompression;`
			`$s = wfMangleFlashPolicy( $s );`
* Further fix to Special:Export etc; instead of trying to suppress those Content-Encoding and Content-Length headers, just don't send them in the first place! * Suppress Content-Length from wfOutputHandler if $wgDisableOutputCompression set * Fix typo that caused $wgDisableOutputCompression to enable instead of disable compression ;) 2007-02-20 04:46:07 +00:00			`if ( !$wgDisableOutputCompression && !ini_get( 'zlib.output_compression' ) ) {`
			`if ( !defined( 'MW_NO_OUTPUT_COMPRESSION' ) ) {`
* Moved the main ob_start() from the default LocalSettings.php to WebStart.php. The ob_start() section should preferably be removed from older LocalSettings.php files. * Give Content-Length header for HTTP/1.0 clients. * Partial support for Flash cross-domain-policy filtering. Text entry points should be protected, but uploads are not. 2007-02-19 23:03:37 +00:00			`$s = wfGzipHandler( $s );`
			`}`
			`if ( !ini_get( 'output_handler' ) ) {`
			`wfDoContentLength( strlen( $s ) );`
			`}`
			`}`
			`return $s;`
			`}`

			`/**`
			`* Handler that compresses data with gzip if allowed by the Accept header.`
			`* Unlike ob_gzhandler, it works for HEAD requests too.`
			`*/`
			`function wfGzipHandler( $s ) {`
Don't suppress gzip mode for zero-length output; failing to send the Content-Encoding header with 304 responses confuses some browsers. 2007-02-20 04:58:54 +00:00			`if ( function_exists( 'gzencode' ) && !headers_sent() ) {`
* Moved the main ob_start() from the default LocalSettings.php to WebStart.php. The ob_start() section should preferably be removed from older LocalSettings.php files. * Give Content-Length header for HTTP/1.0 clients. * Partial support for Flash cross-domain-policy filtering. Text entry points should be protected, but uploads are not. 2007-02-19 23:03:37 +00:00			`$tokens = preg_split( '/[,; ]/', $_SERVER['HTTP_ACCEPT_ENCODING'] );`
			`if ( in_array( 'gzip', $tokens ) ) {`
			`header( 'Content-Encoding: gzip' );`
			`$s = gzencode( $s, 3 );`

			`# Set vary header if it hasn't been set already`
			`$headers = headers_list();`
			`$foundVary = false;`
			`foreach ( $headers as $header ) {`
			`if ( substr( $header, 0, 5 ) == 'Vary:' ) {`
Fix regression: typo caused 'Vary: Accept-Encoding' to be sent overwriting more exact Vary lines such as the Vary: Accept-Encoding, Cookie used for squid mode 2007-02-20 05:04:36 +00:00			`$foundVary = true;`
* Moved the main ob_start() from the default LocalSettings.php to WebStart.php. The ob_start() section should preferably be removed from older LocalSettings.php files. * Give Content-Length header for HTTP/1.0 clients. * Partial support for Flash cross-domain-policy filtering. Text entry points should be protected, but uploads are not. 2007-02-19 23:03:37 +00:00			`break;`
			`}`
			`}`
			`if ( !$foundVary ) {`
			`header( 'Vary: Accept-Encoding' );`
			`}`
			`}`
			`}`
			`return $s;`
			`}`

			`/**`
			`* Mangle flash policy tags which open up the site to XSS attacks.`
			`*/`
			`function wfMangleFlashPolicy( $s ) {`
			`return preg_replace( '/\<\scross-domain-policy\s\>/i', '<NOT-cross-domain-policy>', $s );`
			`}`

			`/**`
			`* Add a Content-Length header if possible. This makes it cooperate with squid better.`
			`*/`
			`function wfDoContentLength( $length ) {`
			`if ( !headers_sent() && $_SERVER['SERVER_PROTOCOL'] == 'HTTP/1.0' ) {`
			`header( "Content-Length: $length" );`
			`}`
			`}`

Remove ?>'s from files. They're pointless, and just asking for people to mess with the files and add trailing whitespace. (Yes, I looked over every one and reverted those that were bogus. Slash-enter a million times in less worked well enough, although it was a bit mind-numbing.) 2007-06-29 01:19:14 +00:00