Issues in Headers.php (development) - Issues in development - elkarte/Elkarte - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1697)

sources/ElkArte/Http/Headers.php (1 issue)

Labels

Severity

Major 1

<?php

/**
 *
 * @package   ElkArte Forum
 * @copyright ElkArte Forum contributors
 * @license   BSD http://opensource.org/licenses/BSD-3-Clause (see accompanying LICENSE.txt file)
 *
 * @version 2.0 dev
 *
 */

namespace ElkArte\Http;

use ElkArte\Helper\HttpReq;

/**
 * Class Headers
 *
 * Handles HTTP headers for the application.
 */
class Headers
{
	/** @var string Default content type */
	protected $contentType = 'text/html';

	/** @var string Default character set */
	protected $charset = 'UTF-8';

	/** @var int Default HTTP return code */
	protected $httpCode = 200;

	/** @var array Holds any normal headers collected */
	protected $headers = [];

	/** @var array Holds any special (raw) headers collected */
	protected $specialHeaders = [];

	/** @var HttpReq|null */
	protected $req;

	/** @var Headers Sole private \ElkArte\Headers instance */
	private static $instance;

	/**
	 * Headers constructor.
	 */
	public function __construct()
	{
		$this->req = HttpReq::instance();
	}

	/**
	 * Sets a redirect location header
	 *
	 * What it does:
	 *
	 * - Adds in scripturl if needed
	 * - Calls call_integration_hook integrate_redirect before headers are sent
	 *
	 * @event integrate_redirect called before headers are sent
	 * @param string $setLocation = '' The URL to redirect to
	 * @param int $httpCode defaults to 200
	 */
	public function redirect($setLocation = '', $httpCode = null): Headers
	{
		global $scripturl;

		// Convert relative URL to site url
		if (preg_match('~^(ftp|http)[s]?://~', $setLocation) === 0)
		{
			$setLocation = $scripturl . ($setLocation !== '' ? '?' . $setLocation : '');
		}

		// Put the session ID in.
		if (empty($_COOKIE) && defined('SID') && !empty(SID))
		{
			$setLocation = preg_replace('/^' . preg_quote($scripturl, '/') . '(?!\?' . preg_quote(SID, '/') . ')\\??/', $scripturl . '?' . SID . ';', $setLocation);
		}
		// Keep that debug in there for template debugging!
		elseif (isset($this->req->debug))

		{
			$setLocation = preg_replace('/^' . preg_quote($scripturl, '/') . '\\??/', $scripturl . '?debug;', $setLocation);
		}

		// Maybe integrations want to change where we are heading?
		call_integration_hook('integrate_redirect', [&$setLocation]);

		// Set the location header and code
		$this
			->header('Location', $setLocation)
			->httpCode = $httpCode ?? 302;

		return $this;
	}

	/**
	 * Run a maintenance function and then send the all collected headers
	 */
	public function send(): void
	{
		handleMaintenance();
		$this->sendHeaders();
	}

	/**
	 * Normally used for a header that starts with the string "HTTP/" (case is not significant),
	 * which will be used to figure out the HTTP status code to send.  You could stuff in any
	 * complete header you wanted as the value is used directly as header($value)
	 *
	 * @param $value
	 * @return $this
	 */
	public function headerSpecial($value): self
	{
		$this->specialHeaders[] = $value;

		return $this;
	}

	/**
	 * Adds headers to the header array for eventual output to browser
	 *
	 * @param string $name Name of the header
	 * @param string|null $value Value for the header
	 *
	 * @return $this
	 */
	public function header($name, $value = null): self
	{
		$name = $this->standardizeHeaderName($name);

		// Add new or overwrite
		$this->headers[$name] = $value;

		return $this;
	}

	/**
	 * Converts / Fixes header names to a standard format, so we have consistent search replace etc.
	 *
	 * @param string $name
	 * @return string
	 */
	protected function standardizeHeaderName($name): string
	{
		// Combine spaces and Convert dashes "clear    Site-Data" => "clear Site Data"
		$name = preg_replace('~\s+~', ' ', str_replace('-', ' ', trim($name)));

		// Now ucword the header and add back the dash => Clear-Site-Data
		return str_replace(' ', '-', ucwords($name));
	}

	/**
	 * Set the http header code, like 404, 200, 301, etc.
	 * Only output if the content type is empty
	 *
	 * @param int $httpCode
	 * @return $this
	 */
	public function httpCode($httpCode): self
	{
		$this->httpCode = (int) $httpCode;

		return $this;
	}

	/**
	 * Sets the context type based on if this is an image or not.  Calls
	 * setDownloadFileNameHeader to set the proper content disposition.
	 *
	 * @param string $mime_type
	 * @param string $fileName
	 * @param string $disposition 'attachment' or 'inline';
	 * @return $this
	 */
	public function setAttachmentFileParams($mime_type, $fileName, $disposition = 'attachment'): self
	{
		// If an image, set the content type to the image/type defined in the mime_type
		if (!empty($mime_type) && strpos($mime_type, 'image/') === 0)
		{
			$this->contentType($mime_type, '');
		}
		// Otherwise, arbitrary binary data
		else
		{
			$this->contentType('application/octet-stream', '');
		}

		// Set the content disposition and name
		$this->setDownloadFileNameHeader($fileName, $disposition);

		return $this;
	}

	/**
	 * Set the proper filename header accounting for UTF-8 characters in the name
	 *
	 * @param string $fileName That would be the name
	 * @param string $disposition 'inline' or 'attachment'
	 */
	private function setDownloadFileNameHeader($fileName, $disposition = false): void
	{
		$type = ($disposition ? 'inline' : 'attachment');

		$fileName = str_replace('"', '', $fileName);

		// Send as UTF-8 if the name requires that
		$altName = '';
		if (preg_match('~[\x80-\xFF]~', $fileName))
		{
			$altName = "; filename*=UTF-8''" . rawurlencode($fileName);
		}

		$this->header('Content-Disposition', $type . '; filename="' . $fileName . '"' . $altName);
	}

	/**
	 * Sets the content type and character set.  Replaces an existing one if called multiple times
	 * so the last call to this method will be what is output.
	 *
	 * @param string|null $contentType
	 * @param string|null $charset
	 * @return $this
	 */
	public function contentType($contentType, $charset = null): self
	{
		$this->contentType = $contentType;

		if ($charset !== null)
		{
			$this->charset($charset);
		}

		return $this;
	}

	/**
	 * Sets the character set in use, defaults to utf-8
	 *
	 * @param string $charset
	 * @return $this
	 */
	public function charset($charset): self
	{
		$this->charset = $charset;

		return $this;
	}

	/**
	 * Removes a single header if set or all headers if we need to restart
	 * the process, such as during an error or other.
	 *
	 * @param string $name
	 * @return $this
	 */
	public function removeHeader($name): self
	{
		// Full reset like nothing had been sent
		if ($name === 'all')
		{
			$this->headers = [];
			$this->specialHeaders = [];
			$this->contentType = '';
			$this->charset = 'UTF-8';
			$this->httpCode = 200;
		}

		// Or remove a specific header
		$name = $this->standardizeHeaderName($name);
		unset($this->headers[$name]);

		return $this;
	}

	/**
	 * Send the collection of headers using standard php header() function.  If you need to send
	 * a response header, set the return code via httpCode with no contentType header set.
	 */
	public function sendHeaders(): void
	{
		if (headers_sent())
		{
			return;
		}

		foreach ($this->headers as $header => $value)
		{
			header("$header: $value", true);
		}

		foreach ($this->specialHeaders as $header)
		{
			header($header, true);
		}

		if ($this->contentType)
		{
			header('Content-Type: ' . $this->contentType . ($this->charset ? '; charset=' . $this->charset : ''), true, $this->httpCode);
		}
		else
		{
			$this->setResponse();
		}
	}

	/**
	 * Sets the HTTP response header based on the provided HTTP status code.
	 * If the status code is not in the predefined list, defaults to 500 Internal Server Error.
	 *
	 * @return void
	 */
	public function setResponse(): void
	{
		$responseHeaders = [
			200 => '200 OK',
			206 => '206 Partial Content',
			301 => '301 Moved Permanently',
			302 => '302 Found',
			304 => '304 Not Modified',
			400 => '400 Bad Request',
			403 => '403 Forbidden',
			404 => '404 Not Found',
			406 => '406 Not Acceptable',
			410 => '403 Gone',
			416 => '416 Requested Range Not Satisfiable',
			500 => '500 Internal Server Error',
			503 => '503 Service Temporarily Unavailable',
		];

		if (!isset($responseHeaders[$this->httpCode]))
		{
			$this->httpCode = 500;
		}

		header(detectServer()->getProtocol() . ' ' . $responseHeaders[$this->httpCode]);
	}

	/**
	 * Retrieve the sole instance of this class.
	 *
	 * @return Headers
	 */
	public static function instance(): Headers
	{
		if (self::$instance === null)
		{
			self::$instance = new Headers();
		}

		return self::$instance;
	}
}


1			<?php
2
3			/**
4			*
5			* @package ElkArte Forum
6			* @copyright ElkArte Forum contributors
7			* @license BSD http://opensource.org/licenses/BSD-3-Clause (see accompanying LICENSE.txt file)
8			*
9			* @version 2.0 dev
10			*
11			*/
12
13			namespace ElkArte\Http;
14
15			use ElkArte\Helper\HttpReq;
16
17			/**
18			* Class Headers
19			*
20			* Handles HTTP headers for the application.
21			*/
22			class Headers
23			{
24			/** @var string Default content type */
25			protected $contentType = 'text/html';
26
27			/** @var string Default character set */
28			protected $charset = 'UTF-8';
29
30			/** @var int Default HTTP return code */
31			protected $httpCode = 200;
32
33			/** @var array Holds any normal headers collected */
34			protected $headers = [];
35
36			/** @var array Holds any special (raw) headers collected */
37			protected $specialHeaders = [];
38
39			/** @var HttpReq\|null */
40			protected $req;
41
42			/** @var Headers Sole private \ElkArte\Headers instance */
43			private static $instance;
44
45			/**
46			* Headers constructor.
47			*/
48			public function __construct()
49			{
50			$this->req = HttpReq::instance();
51			}
52
53			/**
54			* Sets a redirect location header
55			*
56			* What it does:
57			*
58			* - Adds in scripturl if needed
59			* - Calls call_integration_hook integrate_redirect before headers are sent
60			*
61			* @event integrate_redirect called before headers are sent
62			* @param string $setLocation = '' The URL to redirect to
63			* @param int $httpCode defaults to 200
64			*/
65			public function redirect($setLocation = '', $httpCode = null): Headers
66			{
67			global $scripturl;
68
69			// Convert relative URL to site url
70			if (preg_match('~^(ftp\|http)[s]?://~', $setLocation) === 0)
71			{
72			$setLocation = $scripturl . ($setLocation !== '' ? '?' . $setLocation : '');
73			}
74
75			// Put the session ID in.
76			if (empty($_COOKIE) && defined('SID') && !empty(SID))
77			{
78			$setLocation = preg_replace('/^' . preg_quote($scripturl, '/') . '(?!\?' . preg_quote(SID, '/') . ')\\??/', $scripturl . '?' . SID . ';', $setLocation);
79			}
80			// Keep that debug in there for template debugging!
81			elseif (isset($this->req->debug))
			0 ignored issues – show Bug Best Practice introduced 2024-03-01 00:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `debug` does not exist on `ElkArte\Helper\HttpReq`. Since you implemented `__get`, consider adding a @property annotation. Loading history...
82			{
83			$setLocation = preg_replace('/^' . preg_quote($scripturl, '/') . '\\??/', $scripturl . '?debug;', $setLocation);
84			}
85
86			// Maybe integrations want to change where we are heading?
87			call_integration_hook('integrate_redirect', [&$setLocation]);
88
89			// Set the location header and code
90			$this
91			->header('Location', $setLocation)
92			->httpCode = $httpCode ?? 302;
93
94			return $this;
95			}
96
97			/**
98			* Run a maintenance function and then send the all collected headers
99			*/
100			public function send(): void
101			{
102			handleMaintenance();
103			$this->sendHeaders();
104			}
105
106			/**
107			* Normally used for a header that starts with the string "HTTP/" (case is not significant),
108			* which will be used to figure out the HTTP status code to send. You could stuff in any
109			* complete header you wanted as the value is used directly as header($value)
110			*
111			* @param $value
112			* @return $this
113			*/
114			public function headerSpecial($value): self
115			{
116			$this->specialHeaders[] = $value;
117
118			return $this;
119			}
120
121			/**
122			* Adds headers to the header array for eventual output to browser
123			*
124			* @param string $name Name of the header
125			* @param string\|null $value Value for the header
126			*
127			* @return $this
128			*/
129			public function header($name, $value = null): self
130			{
131			$name = $this->standardizeHeaderName($name);
132
133			// Add new or overwrite
134			$this->headers[$name] = $value;
135
136			return $this;
137			}
138
139			/**
140			* Converts / Fixes header names to a standard format, so we have consistent search replace etc.
141			*
142			* @param string $name
143			* @return string
144			*/
145			protected function standardizeHeaderName($name): string
146			{
147			// Combine spaces and Convert dashes "clear Site-Data" => "clear Site Data"
148			$name = preg_replace('~\s+~', ' ', str_replace('-', ' ', trim($name)));
149
150			// Now ucword the header and add back the dash => Clear-Site-Data
151			return str_replace(' ', '-', ucwords($name));
152			}
153
154			/**
155			* Set the http header code, like 404, 200, 301, etc.
156			* Only output if the content type is empty
157			*
158			* @param int $httpCode
159			* @return $this
160			*/
161			public function httpCode($httpCode): self
162			{
163			$this->httpCode = (int) $httpCode;
164
165			return $this;
166			}
167
168			/**
169			* Sets the context type based on if this is an image or not. Calls
170			* setDownloadFileNameHeader to set the proper content disposition.
171			*
172			* @param string $mime_type
173			* @param string $fileName
174			* @param string $disposition 'attachment' or 'inline';
175			* @return $this
176			*/
177			public function setAttachmentFileParams($mime_type, $fileName, $disposition = 'attachment'): self
178			{
179			// If an image, set the content type to the image/type defined in the mime_type
180			if (!empty($mime_type) && strpos($mime_type, 'image/') === 0)
181			{
182			$this->contentType($mime_type, '');
183			}
184			// Otherwise, arbitrary binary data
185			else
186			{
187			$this->contentType('application/octet-stream', '');
188			}
189
190			// Set the content disposition and name
191			$this->setDownloadFileNameHeader($fileName, $disposition);
192
193			return $this;
194			}
195
196			/**
197			* Set the proper filename header accounting for UTF-8 characters in the name
198			*
199			* @param string $fileName That would be the name
200			* @param string $disposition 'inline' or 'attachment'
201			*/
202			private function setDownloadFileNameHeader($fileName, $disposition = false): void
203			{
204			$type = ($disposition ? 'inline' : 'attachment');
205
206			$fileName = str_replace('"', '', $fileName);
207
208			// Send as UTF-8 if the name requires that
209			$altName = '';
210			if (preg_match('~[\x80-\xFF]~', $fileName))
211			{
212			$altName = "; filename*=UTF-8''" . rawurlencode($fileName);
213			}
214
215			$this->header('Content-Disposition', $type . '; filename="' . $fileName . '"' . $altName);
216			}
217
218			/**
219			* Sets the content type and character set. Replaces an existing one if called multiple times
220			* so the last call to this method will be what is output.
221			*
222			* @param string\|null $contentType
223			* @param string\|null $charset
224			* @return $this
225			*/
226			public function contentType($contentType, $charset = null): self
227			{
228			$this->contentType = $contentType;
229
230			if ($charset !== null)
231			{
232			$this->charset($charset);
233			}
234
235			return $this;
236			}
237
238			/**
239			* Sets the character set in use, defaults to utf-8
240			*
241			* @param string $charset
242			* @return $this
243			*/
244			public function charset($charset): self
245			{
246			$this->charset = $charset;
247
248			return $this;
249			}
250
251			/**
252			* Removes a single header if set or all headers if we need to restart
253			* the process, such as during an error or other.
254			*
255			* @param string $name
256			* @return $this
257			*/
258			public function removeHeader($name): self
259			{
260			// Full reset like nothing had been sent
261			if ($name === 'all')
262			{
263			$this->headers = [];
264			$this->specialHeaders = [];
265			$this->contentType = '';
266			$this->charset = 'UTF-8';
267			$this->httpCode = 200;
268			}
269
270			// Or remove a specific header
271			$name = $this->standardizeHeaderName($name);
272			unset($this->headers[$name]);
273
274			return $this;
275			}
276
277			/**
278			* Send the collection of headers using standard php header() function. If you need to send
279			* a response header, set the return code via httpCode with no contentType header set.
280			*/
281			public function sendHeaders(): void
282			{
283			if (headers_sent())
284			{
285			return;
286			}
287
288			foreach ($this->headers as $header => $value)
289			{
290			header("$header: $value", true);
291			}
292
293			foreach ($this->specialHeaders as $header)
294			{
295			header($header, true);
296			}
297
298			if ($this->contentType)
299			{
300			header('Content-Type: ' . $this->contentType . ($this->charset ? '; charset=' . $this->charset : ''), true, $this->httpCode);
301			}
302			else
303			{
304			$this->setResponse();
305			}
306			}
307
308			/**
309			* Sets the HTTP response header based on the provided HTTP status code.
310			* If the status code is not in the predefined list, defaults to 500 Internal Server Error.
311			*
312			* @return void
313			*/
314			public function setResponse(): void
315			{
316			$responseHeaders = [
317			200 => '200 OK',
318			206 => '206 Partial Content',
319			301 => '301 Moved Permanently',
320			302 => '302 Found',
321			304 => '304 Not Modified',
322			400 => '400 Bad Request',
323			403 => '403 Forbidden',
324			404 => '404 Not Found',
325			406 => '406 Not Acceptable',
326			410 => '403 Gone',
327			416 => '416 Requested Range Not Satisfiable',
328			500 => '500 Internal Server Error',
329			503 => '503 Service Temporarily Unavailable',
330			];
331
332			if (!isset($responseHeaders[$this->httpCode]))
333			{
334			$this->httpCode = 500;
335			}
336
337			header(detectServer()->getProtocol() . ' ' . $responseHeaders[$this->httpCode]);
338			}
339
340			/**
341			* Retrieve the sole instance of this class.
342			*
343			* @return Headers
344			*/
345			public static function instance(): Headers
346			{
347			if (self::$instance === null)
348			{
349			self::$instance = new Headers();
350			}
351
352			return self::$instance;
353			}
354			}
355

elkarte / Elkarte

Issues (1697)

sources/ElkArte/Http/Headers.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like