The use of static server detection outside of its intended use case
(i.e. at the start of DefaultSettings.php), for example in r93258, was
an architectural error. Every other bit of information about the web
request in non-setup code comes from non-static methods of WebRequest,
which allows the request object to be meaningfully replaced or
subclassed. The situation became increasingly ridiculous as more
callers of WebRequest::detectProtocol() were introduced. Two of the
callers were calling it non-statically! I suppose they had the right
idea, in a way.
Using a non-static call allows caching, which is a nice additional
benefit.
WebRequest::detectProtocolAndStdPort() was introduced in r93258 as part of
the introduction of WebRequest::detectProtocol(). It was basically
useless. Grep indicates there was only one caller in core and WMF
deployed extensions, and it is patched here.
Change-Id: Ia0a61e98fbff7a46ceaeebcb02236e5eac3df0e1
PHP documentation says this can theoretically return false on failure.
HHVM actually returns null when running from the command line, so
this does protect against that.
Change-Id: I0d75b8ed209128a9667ce1e7189597ae9ebc8af6
Make it possible to get the raw parameters given to the request, with
no escaping. This is needed for features like OAuth, where a signature
is calculated over the parameters to verify their integrity and source.
FauxRequest is extended so the original request doesn't pollute the
fake one. This could be extended so "raw" values could be set and used,
but there isn't a use case for that yet, so it's not done here.
Change-Id: I8710844f21d21cbbf28517b0cc25b0713b506bee
HTTP headers are case insensitive per spec, and WebRequest
treats them like that, so FauxRequest should too.
Change-Id: I4257af7a8de2792ac556c670dcc7f28e4af4cb44
* Always treat the first XFF IP from cache proxies as sane
even if it is a private IP (useful for things like labs wmf).
* Make sure IP::canonicalize() gets called if the IP is selected
from the XFF chain (this matches getRawIP()).
* Altered and expanded unit tests.
bug: 48919
Change-Id: I350aca72c7a96ba3ec727324800612fc84e0e7a4
Venema's taint feature was apparently never publicised beyond the
php-dev mailing list, and now there is a PECL taint extension which is
incompatible with the interface assumed here.
Grep confirms that wfArrayMap() is not used in any extensions.
Change-Id: I17d8d302947443262474c608829c7c7504bef589
* Only match consecutive slashes at the beginning of the URL, where
they are actually a problem.
* Fix bug 46607 in cases where the server provides an absolute URL.
Change-Id: Ibe00a6b8722786170d09b846c1c4054b73da3d9e
Multiple slashes at the start of the request url will look like a
protocol-relative url, so strip the extra slashes.
Bug: 46607
Change-Id: I34c3fc9d8f9467e83cd201cb099c2d26f3a39b36
* Removed spaces around array index
* Removed double spaces or added spaces to begin or end of function
calls, method signature, conditions or foreachs
* Added braces to one-line ifs
* Changed multi line conditions to one line conditions
* Realigned some arrays
Change-Id: Ia04d2a99d663b07101013c2d53b3b2e872fd9cc3
* Renamed WebRequest::exportUserSession -> RequestContext::exportSession.
Updated the only callers of this new function.
* Init the user with User::newFromId() instead of relying on the session
(which breaks when things like CentralAuth are enabled).
* Made RequestContext::exportSession() include the user ID.
* Removed now-redundant user ID checks in upload jobs.
* Added unit tests for the session import function.
Change-Id: I543e6766f7a8a828ea5d270328c3bc7738c6fe94
* Ran spell-checker over code comments in /includes/
* A few spellchecking fixes for wfDebug() calls
Found one very strange (NOOP?) line in Linker.php - see "TODO: BUG?"
Change-Id: Ibb86b51073b980eda9ecce2cf0b8dd33f058adbf
Doxygen expects parameter types to come before the
parameter name in @param tags. Used a quick regex
to switch everything around where possible. This
only fixes cases where a primitve variable (or a
primitive followed by other types) is the variable
type. Other cases will need to be fixed manually.
Change-Id: Ic59fd20856eb0489d70f3469a56ebce0efb3db13
* (bug 44080) Also carry-over the IP and HTTP header info.
* This adds a RequestContext::importScopedSession() function.
Change-Id: Ie9c0a4d78fb719569c8149b9cc8a5430f0ac5673
Added/removed spaces after opening/before closing parentheses
Added a space after a comma
Removed unneeded parentheses in condition
Change-Id: I306091347ccaaf11dee0cdfda3019cb0c12be51b
Changed WebRequest::getRawIP to check for values of
$_SERVER['REMOTE_ADDR'] that are either an array
or a comma separated list of IP addresses, and throw
an exception.
Original patch by Ilmari Karonen. Adapted from original
patch to work with newer MediaWiki version.
Change-Id: I4b3c56adf46b336c5032db3f2a1e621c873f0d83
From the docs:
On seriously malformed URLs, parse_url may return false and emit a E_WARNING
We're already checking for false, but we can get spammed with E_WARNING..
Change-Id: I44a9ef2b163e64113bd2a30b081c1256ffeada1e
When inserting XML elements inline <such as this one>, doxygen chokes
about it not being known. Simply enclosing the tag in double quotes
prevents doxygen from emitting a warning.
Also enclosed a few invalid functions calls such as \. and double quoted
the HTML entities such as &foobar;
Change-Id: I4019637145e683c2bec3d17b2fd98b0c50a932f1
Now in Accept-Language handling (in the language converter),
languages appearing earlier in the list are treated as more
preferred languages (variants).
Change-Id: Ic50d01f52dce1ae1f4f4e747d5f8b8399ca03b0b
It is an ugly piece of UI-related code in an infrastructure class.
Its only user, MobileFrontend, is currently in process of getting rid of it.
Patchset 2: Fixed commit message
Change-Id: I62f9f707532a95be01c1ecdcb1fbfbd0c4117be6
- $wgUsePathInfo is now only used on servers not passing REQUEST_URI to determine if PATH_INFO should be used
- WebRequest now extracts information from REQUEST_URI even when $wgUsePathInfo is false
- HTMLForm bases it's decision on whether or not to include a hidden 'title' input on whether $wgArticlePath uses a query instead of assuming that $wgUsePathInfo was used to set the article path
Change-Id: I1b461fef88b26d045f4edd7553b59255c5e595d8
