- Generated on Sun Nov 11 2012 00:00:58 for MediaWiki by
1.7.6.1
|
MediaWiki
master
|
00001 <?php 00038 class WebRequest { 00039 protected $data, $headers = array(); 00040 00045 private $response; 00046 00051 private $ip; 00052 00053 public function __construct() { 00057 $this->checkMagicQuotes(); 00058 00059 // POST overrides GET data 00060 // We don't use $_REQUEST here to avoid interference from cookies... 00061 $this->data = $_POST + $_GET; 00062 } 00063 00079 static public function getPathInfo( $want = 'all' ) { 00080 global $wgUsePathInfo; 00081 // PATH_INFO is mangled due to http://bugs.php.net/bug.php?id=31892 00082 // And also by Apache 2.x, double slashes are converted to single slashes. 00083 // So we will use REQUEST_URI if possible. 00084 $matches = array(); 00085 if ( !empty( $_SERVER['REQUEST_URI'] ) ) { 00086 // Slurp out the path portion to examine... 00087 $url = $_SERVER['REQUEST_URI']; 00088 if ( !preg_match( '!^https?://!', $url ) ) { 00089 $url = 'http://unused' . $url; 00090 } 00091 wfSuppressWarnings(); 00092 $a = parse_url( $url ); 00093 wfRestoreWarnings(); 00094 if( $a ) { 00095 $path = isset( $a['path'] ) ? $a['path'] : ''; 00096 00097 global $wgScript; 00098 if( $path == $wgScript && $want !== 'all' ) { 00099 // Script inside a rewrite path? 00100 // Abort to keep from breaking... 00101 return $matches; 00102 } 00103 00104 $router = new PathRouter; 00105 00106 // Raw PATH_INFO style 00107 $router->add( "$wgScript/$1" ); 00108 00109 if( isset( $_SERVER['SCRIPT_NAME'] ) 00110 && preg_match( '/\.php5?/', $_SERVER['SCRIPT_NAME'] ) ) 00111 { 00112 # Check for SCRIPT_NAME, we handle index.php explicitly 00113 # But we do have some other .php files such as img_auth.php 00114 # Don't let root article paths clober the parsing for them 00115 $router->add( $_SERVER['SCRIPT_NAME'] . "/$1" ); 00116 } 00117 00118 global $wgArticlePath; 00119 if( $wgArticlePath ) { 00120 $router->add( $wgArticlePath ); 00121 } 00122 00123 global $wgActionPaths; 00124 if( $wgActionPaths ) { 00125 $router->add( $wgActionPaths, array( 'action' => '$key' ) ); 00126 } 00127 00128 global $wgVariantArticlePath, $wgContLang; 00129 if( $wgVariantArticlePath ) { 00130 $router->add( $wgVariantArticlePath, 00131 array( 'variant' => '$2'), 00132 array( '$2' => $wgContLang->getVariants() ) 00133 ); 00134 } 00135 00136 wfRunHooks( 'WebRequestPathInfoRouter', array( $router ) ); 00137 00138 $matches = $router->parse( $path ); 00139 } 00140 } elseif ( $wgUsePathInfo ) { 00141 if ( isset( $_SERVER['ORIG_PATH_INFO'] ) && $_SERVER['ORIG_PATH_INFO'] != '' ) { 00142 // Mangled PATH_INFO 00143 // http://bugs.php.net/bug.php?id=31892 00144 // Also reported when ini_get('cgi.fix_pathinfo')==false 00145 $matches['title'] = substr( $_SERVER['ORIG_PATH_INFO'], 1 ); 00146 00147 } elseif ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != '') ) { 00148 // Regular old PATH_INFO yay 00149 $matches['title'] = substr( $_SERVER['PATH_INFO'], 1 ); 00150 } 00151 } 00152 00153 return $matches; 00154 } 00155 00162 public static function detectServer() { 00163 list( $proto, $stdPort ) = self::detectProtocolAndStdPort(); 00164 00165 $varNames = array( 'HTTP_HOST', 'SERVER_NAME', 'HOSTNAME', 'SERVER_ADDR' ); 00166 $host = 'localhost'; 00167 $port = $stdPort; 00168 foreach ( $varNames as $varName ) { 00169 if ( !isset( $_SERVER[$varName] ) ) { 00170 continue; 00171 } 00172 $parts = IP::splitHostAndPort( $_SERVER[$varName] ); 00173 if ( !$parts ) { 00174 // Invalid, do not use 00175 continue; 00176 } 00177 $host = $parts[0]; 00178 if ( $parts[1] === false ) { 00179 if ( isset( $_SERVER['SERVER_PORT'] ) ) { 00180 $port = $_SERVER['SERVER_PORT']; 00181 } // else leave it as $stdPort 00182 } else { 00183 $port = $parts[1]; 00184 } 00185 break; 00186 } 00187 00188 return $proto . '://' . IP::combineHostAndPort( $host, $port, $stdPort ); 00189 } 00190 00194 public static function detectProtocolAndStdPort() { 00195 return ( isset( $_SERVER['HTTPS'] ) && $_SERVER['HTTPS'] == 'on' ) ? array( 'https', 443 ) : array( 'http', 80 ); 00196 } 00197 00201 public static function detectProtocol() { 00202 list( $proto, $stdPort ) = self::detectProtocolAndStdPort(); 00203 return $proto; 00204 } 00205 00213 public function interpolateTitle() { 00214 // bug 16019: title interpolation on API queries is useless and sometimes harmful 00215 if ( defined( 'MW_API' ) ) { 00216 return; 00217 } 00218 00219 $matches = self::getPathInfo( 'title' ); 00220 foreach( $matches as $key => $val) { 00221 $this->data[$key] = $_GET[$key] = $_REQUEST[$key] = $val; 00222 } 00223 } 00224 00235 static function extractTitle( $path, $bases, $key = false ) { 00236 foreach( (array)$bases as $keyValue => $base ) { 00237 // Find the part after $wgArticlePath 00238 $base = str_replace( '$1', '', $base ); 00239 $baseLen = strlen( $base ); 00240 if( substr( $path, 0, $baseLen ) == $base ) { 00241 $raw = substr( $path, $baseLen ); 00242 if( $raw !== '' ) { 00243 $matches = array( 'title' => rawurldecode( $raw ) ); 00244 if( $key ) { 00245 $matches[$key] = $keyValue; 00246 } 00247 return $matches; 00248 } 00249 } 00250 } 00251 return array(); 00252 } 00253 00265 private function &fix_magic_quotes( &$arr, $topLevel = true ) { 00266 $clean = array(); 00267 foreach( $arr as $key => $val ) { 00268 if( is_array( $val ) ) { 00269 $cleanKey = $topLevel ? stripslashes( $key ) : $key; 00270 $clean[$cleanKey] = $this->fix_magic_quotes( $arr[$key], false ); 00271 } else { 00272 $cleanKey = stripslashes( $key ); 00273 $clean[$cleanKey] = stripslashes( $val ); 00274 } 00275 } 00276 $arr = $clean; 00277 return $arr; 00278 } 00279 00286 private function checkMagicQuotes() { 00287 $mustFixQuotes = function_exists( 'get_magic_quotes_gpc' ) 00288 && get_magic_quotes_gpc(); 00289 if( $mustFixQuotes ) { 00290 $this->fix_magic_quotes( $_COOKIE ); 00291 $this->fix_magic_quotes( $_ENV ); 00292 $this->fix_magic_quotes( $_GET ); 00293 $this->fix_magic_quotes( $_POST ); 00294 $this->fix_magic_quotes( $_REQUEST ); 00295 $this->fix_magic_quotes( $_SERVER ); 00296 } 00297 } 00298 00306 function normalizeUnicode( $data ) { 00307 if( is_array( $data ) ) { 00308 foreach( $data as $key => $val ) { 00309 $data[$key] = $this->normalizeUnicode( $val ); 00310 } 00311 } else { 00312 global $wgContLang; 00313 $data = isset( $wgContLang ) ? $wgContLang->normalize( $data ) : UtfNormal::cleanUp( $data ); 00314 } 00315 return $data; 00316 } 00317 00326 private function getGPCVal( $arr, $name, $default ) { 00327 # PHP is so nice to not touch input data, except sometimes: 00328 # http://us2.php.net/variables.external#language.variables.external.dot-in-names 00329 # Work around PHP *feature* to avoid *bugs* elsewhere. 00330 $name = strtr( $name, '.', '_' ); 00331 if( isset( $arr[$name] ) ) { 00332 global $wgContLang; 00333 $data = $arr[$name]; 00334 if( isset( $_GET[$name] ) && !is_array( $data ) ) { 00335 # Check for alternate/legacy character encoding. 00336 if( isset( $wgContLang ) ) { 00337 $data = $wgContLang->checkTitleEncoding( $data ); 00338 } 00339 } 00340 $data = $this->normalizeUnicode( $data ); 00341 return $data; 00342 } else { 00343 taint( $default ); 00344 return $default; 00345 } 00346 } 00347 00358 public function getVal( $name, $default = null ) { 00359 $val = $this->getGPCVal( $this->data, $name, $default ); 00360 if( is_array( $val ) ) { 00361 $val = $default; 00362 } 00363 if( is_null( $val ) ) { 00364 return $val; 00365 } else { 00366 return (string)$val; 00367 } 00368 } 00369 00377 public function setVal( $key, $value ) { 00378 $ret = isset( $this->data[$key] ) ? $this->data[$key] : null; 00379 $this->data[$key] = $value; 00380 return $ret; 00381 } 00382 00389 public function unsetVal( $key ) { 00390 if ( !isset( $this->data[$key] ) ) { 00391 $ret = null; 00392 } else { 00393 $ret = $this->data[$key]; 00394 unset( $this->data[$key] ); 00395 } 00396 return $ret; 00397 } 00398 00408 public function getArray( $name, $default = null ) { 00409 $val = $this->getGPCVal( $this->data, $name, $default ); 00410 if( is_null( $val ) ) { 00411 return null; 00412 } else { 00413 return (array)$val; 00414 } 00415 } 00416 00427 public function getIntArray( $name, $default = null ) { 00428 $val = $this->getArray( $name, $default ); 00429 if( is_array( $val ) ) { 00430 $val = array_map( 'intval', $val ); 00431 } 00432 return $val; 00433 } 00434 00444 public function getInt( $name, $default = 0 ) { 00445 return intval( $this->getVal( $name, $default ) ); 00446 } 00447 00456 public function getIntOrNull( $name ) { 00457 $val = $this->getVal( $name ); 00458 return is_numeric( $val ) 00459 ? intval( $val ) 00460 : null; 00461 } 00462 00472 public function getBool( $name, $default = false ) { 00473 return (bool)$this->getVal( $name, $default ); 00474 } 00475 00485 public function getFuzzyBool( $name, $default = false ) { 00486 return $this->getBool( $name, $default ) && strcasecmp( $this->getVal( $name ), 'false' ) !== 0; 00487 } 00488 00497 public function getCheck( $name ) { 00498 # Checkboxes and buttons are only present when clicked 00499 # Presence connotes truth, abscense false 00500 return $this->getVal( $name, null ) !== null; 00501 } 00502 00515 public function getText( $name, $default = '' ) { 00516 global $wgContLang; 00517 $val = $this->getVal( $name, $default ); 00518 return str_replace( "\r\n", "\n", 00519 $wgContLang->recodeInput( $val ) ); 00520 } 00521 00529 public function getValues() { 00530 $names = func_get_args(); 00531 if ( count( $names ) == 0 ) { 00532 $names = array_keys( $this->data ); 00533 } 00534 00535 $retVal = array(); 00536 foreach ( $names as $name ) { 00537 $value = $this->getGPCVal( $this->data, $name, null ); 00538 if ( !is_null( $value ) ) { 00539 $retVal[$name] = $value; 00540 } 00541 } 00542 return $retVal; 00543 } 00544 00551 public function getValueNames( $exclude = array() ) { 00552 return array_diff( array_keys( $this->getValues() ), $exclude ); 00553 } 00554 00561 public function getQueryValues() { 00562 return $_GET; 00563 } 00564 00570 public function getMethod() { 00571 return isset( $_SERVER['REQUEST_METHOD'] ) ? $_SERVER['REQUEST_METHOD'] : 'GET'; 00572 } 00573 00583 public function wasPosted() { 00584 return $this->getMethod() == 'POST'; 00585 } 00586 00598 public function checkSessionCookie() { 00599 return isset( $_COOKIE[ session_name() ] ); 00600 } 00601 00610 public function getCookie( $key, $prefix = null, $default = null ) { 00611 if( $prefix === null ) { 00612 global $wgCookiePrefix; 00613 $prefix = $wgCookiePrefix; 00614 } 00615 return $this->getGPCVal( $_COOKIE, $prefix . $key , $default ); 00616 } 00617 00625 public function getRequestURL() { 00626 if( isset( $_SERVER['REQUEST_URI'] ) && strlen( $_SERVER['REQUEST_URI'] ) ) { 00627 $base = $_SERVER['REQUEST_URI']; 00628 } elseif ( isset( $_SERVER['HTTP_X_ORIGINAL_URL'] ) && strlen( $_SERVER['HTTP_X_ORIGINAL_URL'] ) ) { 00629 // Probably IIS; doesn't set REQUEST_URI 00630 $base = $_SERVER['HTTP_X_ORIGINAL_URL']; 00631 } elseif( isset( $_SERVER['SCRIPT_NAME'] ) ) { 00632 $base = $_SERVER['SCRIPT_NAME']; 00633 if( isset( $_SERVER['QUERY_STRING'] ) && $_SERVER['QUERY_STRING'] != '' ) { 00634 $base .= '?' . $_SERVER['QUERY_STRING']; 00635 } 00636 } else { 00637 // This shouldn't happen! 00638 throw new MWException( "Web server doesn't provide either " . 00639 "REQUEST_URI, HTTP_X_ORIGINAL_URL or SCRIPT_NAME. Report details " . 00640 "of your web server configuration to http://bugzilla.wikimedia.org/" ); 00641 } 00642 // User-agents should not send a fragment with the URI, but 00643 // if they do, and the web server passes it on to us, we 00644 // need to strip it or we get false-positive redirect loops 00645 // or weird output URLs 00646 $hash = strpos( $base, '#' ); 00647 if( $hash !== false ) { 00648 $base = substr( $base, 0, $hash ); 00649 } 00650 if( $base[0] == '/' ) { 00651 return $base; 00652 } else { 00653 // We may get paths with a host prepended; strip it. 00654 return preg_replace( '!^[^:]+://[^/]+/!', '/', $base ); 00655 } 00656 } 00657 00668 public function getFullRequestURL() { 00669 return wfExpandUrl( $this->getRequestURL(), PROTO_CURRENT ); 00670 } 00671 00678 public function appendQuery( $query ) { 00679 return $this->appendQueryArray( wfCgiToArray( $query ) ); 00680 } 00681 00689 public function escapeAppendQuery( $query ) { 00690 return htmlspecialchars( $this->appendQuery( $query ) ); 00691 } 00692 00699 public function appendQueryValue( $key, $value, $onlyquery = false ) { 00700 return $this->appendQueryArray( array( $key => $value ), $onlyquery ); 00701 } 00702 00711 public function appendQueryArray( $array, $onlyquery = false ) { 00712 global $wgTitle; 00713 $newquery = $this->getQueryValues(); 00714 unset( $newquery['title'] ); 00715 $newquery = array_merge( $newquery, $array ); 00716 $query = wfArrayToCGI( $newquery ); 00717 return $onlyquery ? $query : $wgTitle->getLocalURL( $query ); 00718 } 00719 00729 public function getLimitOffset( $deflimit = 50, $optionname = 'rclimit' ) { 00730 global $wgUser; 00731 00732 $limit = $this->getInt( 'limit', 0 ); 00733 if( $limit < 0 ) { 00734 $limit = 0; 00735 } 00736 if( ( $limit == 0 ) && ( $optionname != '' ) ) { 00737 $limit = (int)$wgUser->getOption( $optionname ); 00738 } 00739 if( $limit <= 0 ) { 00740 $limit = $deflimit; 00741 } 00742 if( $limit > 5000 ) { 00743 $limit = 5000; # We have *some* limits... 00744 } 00745 00746 $offset = $this->getInt( 'offset', 0 ); 00747 if( $offset < 0 ) { 00748 $offset = 0; 00749 } 00750 00751 return array( $limit, $offset ); 00752 } 00753 00760 public function getFileTempname( $key ) { 00761 $file = new WebRequestUpload( $this, $key ); 00762 return $file->getTempName(); 00763 } 00764 00772 public function getFileSize( $key ) { 00773 wfDeprecated( __METHOD__, '1.17' ); 00774 $file = new WebRequestUpload( $this, $key ); 00775 return $file->getSize(); 00776 } 00777 00784 public function getUploadError( $key ) { 00785 $file = new WebRequestUpload( $this, $key ); 00786 return $file->getError(); 00787 } 00788 00800 public function getFileName( $key ) { 00801 $file = new WebRequestUpload( $this, $key ); 00802 return $file->getName(); 00803 } 00804 00811 public function getUpload( $key ) { 00812 return new WebRequestUpload( $this, $key ); 00813 } 00814 00821 public function response() { 00822 /* Lazy initialization of response object for this request */ 00823 if ( !is_object( $this->response ) ) { 00824 $class = ( $this instanceof FauxRequest ) ? 'FauxResponse' : 'WebResponse'; 00825 $this->response = new $class(); 00826 } 00827 return $this->response; 00828 } 00829 00833 private function initHeaders() { 00834 if ( count( $this->headers ) ) { 00835 return; 00836 } 00837 00838 if ( function_exists( 'apache_request_headers' ) ) { 00839 foreach ( apache_request_headers() as $tempName => $tempValue ) { 00840 $this->headers[ strtoupper( $tempName ) ] = $tempValue; 00841 } 00842 } else { 00843 foreach ( $_SERVER as $name => $value ) { 00844 if ( substr( $name, 0, 5 ) === 'HTTP_' ) { 00845 $name = str_replace( '_', '-', substr( $name, 5 ) ); 00846 $this->headers[$name] = $value; 00847 } elseif ( $name === 'CONTENT_LENGTH' ) { 00848 $this->headers['CONTENT-LENGTH'] = $value; 00849 } 00850 } 00851 } 00852 } 00853 00859 public function getAllHeaders() { 00860 $this->initHeaders(); 00861 return $this->headers; 00862 } 00863 00870 public function getHeader( $name ) { 00871 $this->initHeaders(); 00872 $name = strtoupper( $name ); 00873 if ( isset( $this->headers[$name] ) ) { 00874 return $this->headers[$name]; 00875 } else { 00876 return false; 00877 } 00878 } 00879 00886 public function getSessionData( $key ) { 00887 if( !isset( $_SESSION[$key] ) ) { 00888 return null; 00889 } 00890 return $_SESSION[$key]; 00891 } 00892 00899 public function setSessionData( $key, $data ) { 00900 $_SESSION[$key] = $data; 00901 } 00902 00913 public function checkUrlExtension( $extWhitelist = array() ) { 00914 global $wgScriptExtension; 00915 $extWhitelist[] = ltrim( $wgScriptExtension, '.' ); 00916 if ( IEUrlExtension::areServerVarsBad( $_SERVER, $extWhitelist ) ) { 00917 if ( !$this->wasPosted() ) { 00918 $newUrl = IEUrlExtension::fixUrlForIE6( 00919 $this->getFullRequestURL(), $extWhitelist ); 00920 if ( $newUrl !== false ) { 00921 $this->doSecurityRedirect( $newUrl ); 00922 return false; 00923 } 00924 } 00925 throw new HttpError( 403, 00926 'Invalid file extension found in the path info or query string.' ); 00927 } 00928 return true; 00929 } 00930 00938 protected function doSecurityRedirect( $url ) { 00939 header( 'Location: ' . $url ); 00940 header( 'Content-Type: text/html' ); 00941 $encUrl = htmlspecialchars( $url ); 00942 echo <<<HTML 00943 <html> 00944 <head> 00945 <title>Security redirect</title> 00946 </head> 00947 <body> 00948 <h1>Security redirect</h1> 00949 <p> 00950 We can't serve non-HTML content from the URL you have requested, because 00951 Internet Explorer would interpret it as an incorrect and potentially dangerous 00952 content type.</p> 00953 <p>Instead, please use <a href="$encUrl">this URL</a>, which is the same as the URL you have requested, except that 00954 "&*" is appended. This prevents Internet Explorer from seeing a bogus file 00955 extension. 00956 </p> 00957 </body> 00958 </html> 00959 HTML; 00960 echo "\n"; 00961 return true; 00962 } 00963 00986 public function isPathInfoBad( $extWhitelist = array() ) { 00987 wfDeprecated( __METHOD__, '1.17' ); 00988 global $wgScriptExtension; 00989 $extWhitelist[] = ltrim( $wgScriptExtension, '.' ); 00990 return IEUrlExtension::areServerVarsBad( $_SERVER, $extWhitelist ); 00991 } 00992 01001 public function getAcceptLang() { 01002 // Modified version of code found at http://www.thefutureoftheweb.com/blog/use-accept-language-header 01003 $acceptLang = $this->getHeader( 'Accept-Language' ); 01004 if ( !$acceptLang ) { 01005 return array(); 01006 } 01007 01008 // Return the language codes in lower case 01009 $acceptLang = strtolower( $acceptLang ); 01010 01011 // Break up string into pieces (languages and q factors) 01012 $lang_parse = null; 01013 preg_match_all( '/([a-z]{1,8}(-[a-z]{1,8})*|\*)\s*(;\s*q\s*=\s*(1(\.0{0,3})?|0(\.[0-9]{0,3})?)?)?/', 01014 $acceptLang, $lang_parse ); 01015 01016 if ( !count( $lang_parse[1] ) ) { 01017 return array(); 01018 } 01019 01020 $langcodes = $lang_parse[1]; 01021 $qvalues = $lang_parse[4]; 01022 $indices = range( 0, count( $lang_parse[1] ) - 1 ); 01023 01024 // Set default q factor to 1 01025 foreach ( $indices as $index ) { 01026 if ( $qvalues[$index] === '' ) { 01027 $qvalues[$index] = 1; 01028 } elseif ( $qvalues[$index] == 0 ) { 01029 unset( $langcodes[$index], $qvalues[$index], $indices[$index] ); 01030 } 01031 } 01032 01033 // Sort list. First by $qvalues, then by order. Reorder $langcodes the same way 01034 array_multisort( $qvalues, SORT_DESC, SORT_NUMERIC, $indices, $langcodes ); 01035 01036 // Create a list like "en" => 0.8 01037 $langs = array_combine( $langcodes, $qvalues ); 01038 01039 return $langs; 01040 } 01041 01049 protected function getRawIP() { 01050 if ( !isset( $_SERVER['REMOTE_ADDR'] ) ) { 01051 return null; 01052 } 01053 01054 if ( is_array( $_SERVER['REMOTE_ADDR'] ) || strpos( $_SERVER['REMOTE_ADDR'], ',' ) !== false ) { 01055 throw new MWException( __METHOD__ . " : Could not determine the remote IP address due to multiple values." ); 01056 } else { 01057 $ipchain = $_SERVER['REMOTE_ADDR']; 01058 } 01059 01060 return IP::canonicalize( $ipchain ); 01061 } 01062 01072 public function getIP() { 01073 global $wgUsePrivateIPs; 01074 01075 # Return cached result 01076 if ( $this->ip !== null ) { 01077 return $this->ip; 01078 } 01079 01080 # collect the originating ips 01081 $ip = $this->getRawIP(); 01082 01083 # Append XFF 01084 $forwardedFor = $this->getHeader( 'X-Forwarded-For' ); 01085 if ( $forwardedFor !== false ) { 01086 $ipchain = array_map( 'trim', explode( ',', $forwardedFor ) ); 01087 $ipchain = array_reverse( $ipchain ); 01088 if ( $ip ) { 01089 array_unshift( $ipchain, $ip ); 01090 } 01091 01092 # Step through XFF list and find the last address in the list which is a trusted server 01093 # Set $ip to the IP address given by that trusted server, unless the address is not sensible (e.g. private) 01094 foreach ( $ipchain as $i => $curIP ) { 01095 $curIP = IP::canonicalize( $curIP ); 01096 if ( wfIsTrustedProxy( $curIP ) ) { 01097 if ( isset( $ipchain[$i + 1] ) ) { 01098 if ( $wgUsePrivateIPs || IP::isPublic( $ipchain[$i + 1 ] ) ) { 01099 $ip = $ipchain[$i + 1]; 01100 } 01101 } 01102 } else { 01103 break; 01104 } 01105 } 01106 } 01107 01108 # Allow extensions to improve our guess 01109 wfRunHooks( 'GetIP', array( &$ip ) ); 01110 01111 if ( !$ip ) { 01112 throw new MWException( "Unable to determine IP" ); 01113 } 01114 01115 wfDebug( "IP: $ip\n" ); 01116 $this->ip = $ip; 01117 return $ip; 01118 } 01119 } 01120 01124 class WebRequestUpload { 01125 protected $request; 01126 protected $doesExist; 01127 protected $fileInfo; 01128 01135 public function __construct( $request, $key ) { 01136 $this->request = $request; 01137 $this->doesExist = isset( $_FILES[$key] ); 01138 if ( $this->doesExist ) { 01139 $this->fileInfo = $_FILES[$key]; 01140 } 01141 } 01142 01148 public function exists() { 01149 return $this->doesExist; 01150 } 01151 01157 public function getName() { 01158 if ( !$this->exists() ) { 01159 return null; 01160 } 01161 01162 global $wgContLang; 01163 $name = $this->fileInfo['name']; 01164 01165 # Safari sends filenames in HTML-encoded Unicode form D... 01166 # Horrid and evil! Let's try to make some kind of sense of it. 01167 $name = Sanitizer::decodeCharReferences( $name ); 01168 $name = $wgContLang->normalize( $name ); 01169 wfDebug( __METHOD__ . ": {$this->fileInfo['name']} normalized to '$name'\n" ); 01170 return $name; 01171 } 01172 01178 public function getSize() { 01179 if ( !$this->exists() ) { 01180 return 0; 01181 } 01182 01183 return $this->fileInfo['size']; 01184 } 01185 01191 public function getTempName() { 01192 if ( !$this->exists() ) { 01193 return null; 01194 } 01195 01196 return $this->fileInfo['tmp_name']; 01197 } 01198 01205 public function getError() { 01206 if ( !$this->exists() ) { 01207 return 0; # UPLOAD_ERR_OK 01208 } 01209 01210 return $this->fileInfo['error']; 01211 } 01212 01219 public function isIniSizeOverflow() { 01220 if ( $this->getError() == UPLOAD_ERR_INI_SIZE ) { 01221 # PHP indicated that upload_max_filesize is exceeded 01222 return true; 01223 } 01224 01225 $contentLength = $this->request->getHeader( 'CONTENT_LENGTH' ); 01226 if ( $contentLength > wfShorthandToInteger( ini_get( 'post_max_size' ) ) ) { 01227 # post_max_size is exceeded 01228 return true; 01229 } 01230 01231 return false; 01232 } 01233 } 01234 01240 class FauxRequest extends WebRequest { 01241 private $wasPosted = false; 01242 private $session = array(); 01243 01251 public function __construct( $data = array(), $wasPosted = false, $session = null ) { 01252 if( is_array( $data ) ) { 01253 $this->data = $data; 01254 } else { 01255 throw new MWException( "FauxRequest() got bogus data" ); 01256 } 01257 $this->wasPosted = $wasPosted; 01258 if( $session ) 01259 $this->session = $session; 01260 } 01261 01266 private function notImplemented( $method ) { 01267 throw new MWException( "{$method}() not implemented" ); 01268 } 01269 01275 public function getText( $name, $default = '' ) { 01276 # Override; don't recode since we're using internal data 01277 return (string)$this->getVal( $name, $default ); 01278 } 01279 01283 public function getValues() { 01284 return $this->data; 01285 } 01286 01290 public function getQueryValues() { 01291 if ( $this->wasPosted ) { 01292 return array(); 01293 } else { 01294 return $this->data; 01295 } 01296 } 01297 01298 public function getMethod() { 01299 return $this->wasPosted ? 'POST' : 'GET'; 01300 } 01301 01305 public function wasPosted() { 01306 return $this->wasPosted; 01307 } 01308 01309 public function checkSessionCookie() { 01310 return false; 01311 } 01312 01313 public function getRequestURL() { 01314 $this->notImplemented( __METHOD__ ); 01315 } 01316 01321 public function getHeader( $name ) { 01322 return isset( $this->headers[$name] ) ? $this->headers[$name] : false; 01323 } 01324 01329 public function setHeader( $name, $val ) { 01330 $this->headers[$name] = $val; 01331 } 01332 01337 public function getSessionData( $key ) { 01338 if( isset( $this->session[$key] ) ) 01339 return $this->session[$key]; 01340 } 01341 01346 public function setSessionData( $key, $data ) { 01347 $this->session[$key] = $data; 01348 } 01349 01353 public function getSessionArray() { 01354 return $this->session; 01355 } 01356 01361 public function isPathInfoBad( $extWhitelist = array() ) { 01362 return false; 01363 } 01364 01369 public function checkUrlExtension( $extWhitelist = array() ) { 01370 return true; 01371 } 01372 01376 protected function getRawIP() { 01377 return '127.0.0.1'; 01378 } 01379 } 01380 01389 class DerivativeRequest extends FauxRequest { 01390 private $base; 01391 01392 public function __construct( WebRequest $base, $data, $wasPosted = false ) { 01393 $this->base = $base; 01394 parent::__construct( $data, $wasPosted ); 01395 } 01396 01397 public function getCookie( $key, $prefix = null, $default = null ) { 01398 return $this->base->getCookie( $key, $prefix, $default ); 01399 } 01400 01401 public function checkSessionCookie() { 01402 return $this->base->checkSessionCookie(); 01403 } 01404 01405 public function getHeader( $name ) { 01406 return $this->base->getHeader( $name ); 01407 } 01408 01409 public function getAllHeaders() { 01410 return $this->base->getAllHeaders(); 01411 } 01412 01413 public function getSessionData( $key ) { 01414 return $this->base->getSessionData( $key ); 01415 } 01416 01417 public function setSessionData( $key, $data ) { 01418 $this->base->setSessionData( $key, $data ); 01419 } 01420 01421 public function getAcceptLang() { 01422 return $this->base->getAcceptLang(); 01423 } 01424 01425 public function getIP() { 01426 return $this->base->getIP(); 01427 } 01428 }
1.7.6.1