Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/includes/AjaxDispatcher.php
Tim Starling 47a1619027 Remove terminating line breaks from debug messages 
A terminating line break has not been required in wfDebug() since 2014,
however no migration was done. Some of these line breaks found their way
into LoggerInterface::debug() calls, where they mess up the formatting
of the debug log.

So, remove terminating line breaks from wfDebug() and
LoggerInterface::debug() calls.

Also:
* Fix the stripping of leading line breaks from the log header emitted
  by Setup.php. This feature, accidentally broken in 2014, allows
  requests to be distinguished in the log file.
* Avoid using the global variable $self.
* Move the logging of the client IP back to Setup.php. It was moved to
  WebRequest in the hopes that it would not always be needed, however
  $wgRequest->getIP() is now called unconditionally a few lines up in
  Setup.php. This means that it is put in its proper place after the
  "start request" message.
* Wrap the log header code in a closure so that variables like $name do
  not leak into global scope.
* In Linker.php, remove a few instances of an unnecessary second
  parameter to wfDebug().

Change-Id: I96651d3044a95b9d210b51cb8368edc76bebbb9e
2020-06-03 12:01:16 +10:00

171 lines
4.5 KiB
PHP
Raw Blame History

<?php
/**
* Handle ajax requests and send them to the proper handler.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* http://www.gnu.org/copyleft/gpl.html
*
* @file
* @ingroup Ajax
*/
use MediaWiki\MediaWikiServices;
// Use superglobals, but since it's deprecated, it's not worth fixing
// phpcs:disable MediaWiki.Usage.SuperGlobalsUsage.SuperGlobals
/**
* @defgroup Ajax Ajax
*/
/**
* Object-Oriented Ajax functions.
* @ingroup Ajax
*/
class AjaxDispatcher {
/**
* The way the request was made, either a 'get' or a 'post'
* @var string
*/
private $mode;
/**
* Name of the requested handler
* @var string
*/
private $func_name;
/** Arguments passed
* @var array
*/
private $args;
/**
* @var Config
*/
private $config;
/**
* Load up our object with user supplied data
* @param Config $config
*/
public function __construct( Config $config ) {
$this->config = $config;
$this->mode = "";
if ( !empty( $_GET["rs"] ) ) {
$this->mode = "get";
}
if ( !empty( $_POST["rs"] ) ) {
$this->mode = "post";
}
switch ( $this->mode ) {
case 'get':
$this->func_name = $_GET["rs"] ?? '';
if ( !empty( $_GET["rsargs"] ) ) {
$this->args = $_GET["rsargs"];
} else {
$this->args = [];
}
break;
case 'post':
$this->func_name = $_POST["rs"] ?? '';
if ( !empty( $_POST["rsargs"] ) ) {
$this->args = $_POST["rsargs"];
} else {
$this->args = [];
}
break;
default:
return;
# Or we could throw an exception:
# throw new MWException( __METHOD__ . ' called without any data (mode empty).' );
}
}
/**
* Pass the request to our internal function.
* BEWARE! Data are passed as they have been supplied by the user,
* they should be carefully handled in the function processing the
* request.
*
* phan-taint-check triggers as it is not smart enough to understand
* the early return if func_name not in AjaxExportList.
* @suppress SecurityCheck-XSS
* @param User $user
*/
public function performAction( User $user ) {
if ( empty( $this->mode ) ) {
return;
}
$permissionManager = MediaWikiServices::getInstance()->getPermissionManager();
if ( !in_array( $this->func_name, $this->config->get( 'AjaxExportList' ) ) ) {
wfDebug( __METHOD__ . ' Bad Request for unknown function ' . $this->func_name );
wfHttpError(
400,
'Bad Request',
"unknown function " . $this->func_name
);
} elseif ( !$permissionManager->isEveryoneAllowed( 'read' ) &&
!$permissionManager->userHasRight( $user, 'read' ) ) {
wfHttpError(
403,
'Forbidden',
'You are not allowed to view pages.' );
} else {
wfDebug( __METHOD__ . ' dispatching ' . $this->func_name );
try {
$result = call_user_func_array( $this->func_name, $this->args );
if ( $result === false || $result === null ) {
wfDebug( __METHOD__ . ' ERROR while dispatching ' .
$this->func_name . "(" . var_export( $this->args, true ) . "): " .
"no data returned" );
wfHttpError( 500, 'Internal Error',
"{$this->func_name} returned no data" );
} else {
if ( is_string( $result ) ) {
$result = new AjaxResponse( $result );
}
// Make sure DB commit succeeds before sending a response
$lbFactory = MediaWikiServices::getInstance()->getDBLoadBalancerFactory();
$lbFactory->commitMasterChanges( __METHOD__ );
$result->sendHeaders();
$result->printText();
wfDebug( __METHOD__ . ' dispatch complete for ' . $this->func_name );
}
} catch ( Exception $e ) {
wfDebug( __METHOD__ . ' ERROR while dispatching ' .
$this->func_name . "(" . var_export( $this->args, true ) . "): " .
get_class( $e ) . ": " . $e->getMessage() );
if ( !headers_sent() ) {
wfHttpError( 500, 'Internal Error',
$e->getMessage() );
} else {
print $e->getMessage();
}
}
}
}
}
Reference in a new issue View git blame Copy permalink