ContentNegotiator::setEnabled() - Code Metrics - Inspection of "ENH PHP 8.1 compatibility" - silverstripe/silverstripe-framework - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — 4 (#10222)

by Steve

created 2022-04-07 04:08 UTC

ContentNegotiator::setEnabled() A

↳ Parent: ContentNegotiator

Complexity

Conditions	1
Paths	1

Size

Total Lines	3
Code Lines	1

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	1
eloc	1
nc	1
nop	1
dl	0
loc	3
rs	10
c	0
b	0
f	0

<?php

namespace SilverStripe\Control;

use SilverStripe\Core\Config\Config;
use SilverStripe\Core\Config\Configurable;
use SilverStripe\Core\Injector\Injectable;

/**
 * The content negotiator performs "text/html" or "application/xhtml+xml" switching. It does this through
 * the public static function ContentNegotiator::process(). By default, ContentNegotiator will comply to
 * the Accept headers the clients sends along with the HTTP request, which is most likely
 * "application/xhtml+xml" (see "Order of selection" below).
 *
 * Order of selection between html or xhtml is as follows:
 * - if PHP has already sent the HTTP headers, default to "html" (we can't send HTTP Content-Type headers
 *   any longer)
 * - if a GET variable ?forceFormat is set, it takes precedence (for testing purposes)
 * - if the user agent is detected as W3C Validator we always deliver "xhtml"
 * - if an HTTP Accept header is sent from the client, we respect its order (this is the most common case)
 * - if none of the above matches, fallback is "html"
 *
 * ContentNegotiator doesn't enable you to send content as a true XML document through the "text/xml"
 * or "application/xhtml+xml" Content-Type.
 *
 * Please see http://webkit.org/blog/68/understanding-html-xml-and-xhtml/ for further information.
 *
 * @todo Check for correct XHTML doctype in xhtml()
 * @todo Allow for other HTML4 doctypes (e.g. Transitional) in html()
 * @todo Make content replacement and doctype setting two separately configurable behaviours
 *
 * Some developers might know what they're doing and don't want ContentNegotiator messing with their
 * HTML4 doctypes, but still find it useful to have self-closing tags removed.
 */
class ContentNegotiator
{
    use Injectable;
    use Configurable;

    /**
     * @config
     * @var string
     */
    private static $content_type = '';


    /**
     * @config
     * @var string
     */
    private static $encoding = 'utf-8';


    /**
     * @config
     * @var bool
     */
    private static $enabled = false;


    /**
     * @var bool
     */
    protected static $current_enabled = null;

    /**
     * @config
     * @var string
     */
    private static $default_format = 'html';


    /**
     * Returns true if negotiation is enabled for the given response. By default, negotiation is only
     * enabled for pages that have the xml header.
     *
     * @param HTTPResponse $response
     * @return bool
     */
    public static function enabled_for($response)
    {
        $contentType = $response->getHeader("Content-Type");

        // Disable content negotiation for other content types
        if ($contentType
            && substr((string) $contentType, 0, 9) != 'text/html'
            && substr((string) $contentType, 0, 21) != 'application/xhtml+xml'
        ) {
            return false;
        }

        if (ContentNegotiator::getEnabled()) {
            return true;
        } else {
            return (substr((string) $response->getBody(), 0, 5) == '<' . '?xml');
        }
    }

    /**
     * Gets the current enabled status, if it is not set this will fallback to config
     *
     * @return bool
     */
    public static function getEnabled()
    {
        if (isset(static::$current_enabled)) {
            return static::$current_enabled;
        }
        return Config::inst()->get(static::class, 'enabled');
    }

    /**
     * Sets the current enabled status
     *
     * @param bool $enabled
     */
    public static function setEnabled($enabled)
    {
        static::$current_enabled = $enabled;
    }

    /**
     * @param HTTPResponse $response
     */
    public static function process(HTTPResponse $response)
    {
        if (!self::enabled_for($response)) {
            return;
        }

        $mimes = [
            "xhtml" => "application/xhtml+xml",
            "html" => "text/html",
        ];
        $q = [];
        if (headers_sent()) {
            $chosenFormat = static::config()->get('default_format');
        } elseif (isset($_GET['forceFormat'])) {
            $chosenFormat = $_GET['forceFormat'];
        } else {
            // The W3C validator doesn't send an HTTP_ACCEPT header, but it can support xhtml. We put this
            // special case in here so that designers don't get worried that their templates are HTML4.
            if (isset($_SERVER['HTTP_USER_AGENT']) && substr($_SERVER['HTTP_USER_AGENT'], 0, 14) == 'W3C_Validator/') {
                $chosenFormat = "xhtml";
            } else {
                foreach ($mimes as $format => $mime) {
                    $regExp = '/' . str_replace(['+', '/'], ['\+', '\/'], $mime ?: '') . '(;q=(\d+\.\d+))?/i';
                    if (isset($_SERVER['HTTP_ACCEPT']) && preg_match((string) $regExp, $_SERVER['HTTP_ACCEPT'], $matches)) {
                        $preference = isset($matches[2]) ? $matches[2] : 1;
                        if (!isset($q[$preference])) {
                            $q[$preference] = $format;
                        }
                    }
                }

                if ($q) {

                    // Get the preferred format
                    krsort($q);
                    $chosenFormat = reset($q);
                } else {
                    $chosenFormat = Config::inst()->get(static::class, 'default_format');
                }
            }
        }

        $negotiator = new ContentNegotiator();
        $negotiator->$chosenFormat($response);
    }

    /**
     * Check user defined content type and use it, if it's empty use the strict application/xhtml+xml.
     * Replaces a few common tags and entities with their XHTML representations (<br>, <img>, &nbsp;
     * <input>, checked, selected).
     *
     * @param HTTPResponse $response
     *
     * @todo Search for more xhtml replacement
     */
    public function xhtml(HTTPResponse $response)
    {
        $content = $response->getBody();
        $encoding = Config::inst()->get('SilverStripe\\Control\\ContentNegotiator', 'encoding');

        $contentType = Config::inst()->get('SilverStripe\\Control\\ContentNegotiator', 'content_type');
        if (empty($contentType)) {
            $response->addHeader("Content-Type", "application/xhtml+xml; charset=" . $encoding);
        } else {
            $response->addHeader("Content-Type", $contentType . "; charset=" . $encoding);
        }
        $response->addHeader("Vary", "Accept");

        // Fix base tag
        $content = preg_replace(
            '/<base href="([^"]*)"><!--\[if[[^\]*]\] \/><!\[endif\]-->/',
            '<base href="$1" />',
            $content ?: ''
        );

        $content = str_replace('&nbsp;', '&#160;', $content ?: '');
        $content = str_replace('<br>', '<br />', $content ?: '');
        $content = str_replace('<hr>', '<hr />', $content ?: '');
        $content = preg_replace('#(<img[^>]*[^/>])>#i', '\\1/>', $content ?: '');
        $content = preg_replace('#(<input[^>]*[^/>])>#i', '\\1/>', $content ?: '');
        $content = preg_replace('#(<param[^>]*[^/>])>#i', '\\1/>', $content ?: '');
        $content = preg_replace("#(\<option[^>]*[\s]+selected)(?!\s*\=)#si", "$1=\"selected\"$2", $content ?: '');
        $content = preg_replace("#(\<input[^>]*[\s]+checked)(?!\s*\=)#si", "$1=\"checked\"$2", $content ?: '');

        $response->setBody($content);
    }

    /**
     * Performs the following replacements:
     * - Check user defined content type and use it, if it's empty use the text/html.
     * - If find a XML header replaces it and existing doctypes with HTML4.01 Strict.
     * - Replaces self-closing tags like <img /> with unclosed solitary tags like <img>.
     * - Replaces all occurrences of "application/xhtml+xml" with "text/html" in the template.
     * - Removes "xmlns" attributes and any <?xml> Pragmas.
     *
     * @param HTTPResponse $response
     */
    public function html(HTTPResponse $response)
    {
        $encoding = $this->config()->get('encoding');
        $contentType = $this->config()->get('content_type');
        if (empty($contentType)) {
            $response->addHeader("Content-Type", "text/html; charset=" . $encoding);
        } else {
            $response->addHeader("Content-Type", $contentType . "; charset=" . $encoding);
        }
        $response->addHeader("Vary", "Accept");

        $content = $response->getBody();
        $hasXMLHeader = (substr((string) $content, 0, 5) == '<' . '?xml');

        // Fix base tag
        $content = preg_replace(
            '/<base href="([^"]*)" \/>/',
            '<base href="$1"><!--[if lte IE 6]></base><![endif]-->',
            $content ?: ''
        );

        $content = preg_replace("#<\\?xml[^>]+\\?>\n?#", '', $content ?: '');
        $content = str_replace(
            ['/>', 'xml:lang', 'application/xhtml+xml'],
            ['>', 'lang', 'text/html'],
            $content ?: ''
        );

        // Only replace the doctype in templates with the xml header
        if ($hasXMLHeader) {
            $content = preg_replace(
                '/<!DOCTYPE[^>]+>/',
                '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">',
                $content ?: ''
            );
        }
        $content = preg_replace('/<html xmlns="[^"]+"/', '<html ', $content ?: '');

        $response->setBody($content);
    }
}


1			<?php
2
3			namespace SilverStripe\Control;
4
5			use SilverStripe\Core\Config\Config;
6			use SilverStripe\Core\Config\Configurable;
7			use SilverStripe\Core\Injector\Injectable;
8
9			/**
10			* The content negotiator performs "text/html" or "application/xhtml+xml" switching. It does this through
11			* the public static function ContentNegotiator::process(). By default, ContentNegotiator will comply to
12			* the Accept headers the clients sends along with the HTTP request, which is most likely
13			* "application/xhtml+xml" (see "Order of selection" below).
14			*
15			* Order of selection between html or xhtml is as follows:
16			* - if PHP has already sent the HTTP headers, default to "html" (we can't send HTTP Content-Type headers
17			* any longer)
18			* - if a GET variable ?forceFormat is set, it takes precedence (for testing purposes)
19			* - if the user agent is detected as W3C Validator we always deliver "xhtml"
20			* - if an HTTP Accept header is sent from the client, we respect its order (this is the most common case)
21			* - if none of the above matches, fallback is "html"
22			*
23			* ContentNegotiator doesn't enable you to send content as a true XML document through the "text/xml"
24			* or "application/xhtml+xml" Content-Type.
25			*
26			* Please see http://webkit.org/blog/68/understanding-html-xml-and-xhtml/ for further information.
27			*
28			* @todo Check for correct XHTML doctype in xhtml()
29			* @todo Allow for other HTML4 doctypes (e.g. Transitional) in html()
30			* @todo Make content replacement and doctype setting two separately configurable behaviours
31			*
32			* Some developers might know what they're doing and don't want ContentNegotiator messing with their
33			* HTML4 doctypes, but still find it useful to have self-closing tags removed.
34			*/
35			class ContentNegotiator
36			{
37			use Injectable;
38			use Configurable;
39
40			/**
41			* @config
42			* @var string
43			*/
44			private static $content_type = '';
			0 ignored issues – show introduced 2017-11-28 04:26 UTC by Report Bug Copy Issue Report The private property `$content_type` is not used, and could be removed. Loading history...
45
46			/**
47			* @config
48			* @var string
49			*/
50			private static $encoding = 'utf-8';
			0 ignored issues – show introduced 2017-11-28 04:26 UTC by Report Bug Copy Issue Report The private property `$encoding` is not used, and could be removed. Loading history...
51
52			/**
53			* @config
54			* @var bool
55			*/
56			private static $enabled = false;
			0 ignored issues – show introduced 2017-11-28 04:26 UTC by Report Bug Copy Issue Report The private property `$enabled` is not used, and could be removed. Loading history...
57
58			/**
59			* @var bool
60			*/
61			protected static $current_enabled = null;
62
63			/**
64			* @config
65			* @var string
66			*/
67			private static $default_format = 'html';
			0 ignored issues – show introduced 2017-11-28 04:26 UTC by Report Bug Copy Issue Report The private property `$default_format` is not used, and could be removed. Loading history...
68
69			/**
70			* Returns true if negotiation is enabled for the given response. By default, negotiation is only
71			* enabled for pages that have the xml header.
72			*
73			* @param HTTPResponse $response
74			* @return bool
75			*/
76			public static function enabled_for($response)
77			{
78			$contentType = $response->getHeader("Content-Type");
79
80			// Disable content negotiation for other content types
81			if ($contentType
82			&& substr((string) $contentType, 0, 9) != 'text/html'
83			&& substr((string) $contentType, 0, 21) != 'application/xhtml+xml'
84			) {
85			return false;
86			}
87
88			if (ContentNegotiator::getEnabled()) {
89			return true;
90			} else {
91			return (substr((string) $response->getBody(), 0, 5) == '<' . '?xml');
92			}
93			}
94
95			/**
96			* Gets the current enabled status, if it is not set this will fallback to config
97			*
98			* @return bool
99			*/
100			public static function getEnabled()
101			{
102			if (isset(static::$current_enabled)) {
103			return static::$current_enabled;
104			}
105			return Config::inst()->get(static::class, 'enabled');
106			}
107
108			/**
109			* Sets the current enabled status
110			*
111			* @param bool $enabled
112			*/
113			public static function setEnabled($enabled)
114			{
115			static::$current_enabled = $enabled;
116			}
117
118			/**
119			* @param HTTPResponse $response
120			*/
121			public static function process(HTTPResponse $response)
122			{
123			if (!self::enabled_for($response)) {
124			return;
125			}
126
127			$mimes = [
128			"xhtml" => "application/xhtml+xml",
129			"html" => "text/html",
130			];
131			$q = [];
132			if (headers_sent()) {
133			$chosenFormat = static::config()->get('default_format');
134			} elseif (isset($_GET['forceFormat'])) {
135			$chosenFormat = $_GET['forceFormat'];
136			} else {
137			// The W3C validator doesn't send an HTTP_ACCEPT header, but it can support xhtml. We put this
138			// special case in here so that designers don't get worried that their templates are HTML4.
139			if (isset($_SERVER['HTTP_USER_AGENT']) && substr($_SERVER['HTTP_USER_AGENT'], 0, 14) == 'W3C_Validator/') {
140			$chosenFormat = "xhtml";
141			} else {
142			foreach ($mimes as $format => $mime) {
143			$regExp = '/' . str_replace(['+', '/'], ['\+', '\/'], $mime ?: '') . '(;q=(\d+\.\d+))?/i';
144			if (isset($_SERVER['HTTP_ACCEPT']) && preg_match((string) $regExp, $_SERVER['HTTP_ACCEPT'], $matches)) {
145			$preference = isset($matches[2]) ? $matches[2] : 1;
146			if (!isset($q[$preference])) {
147			$q[$preference] = $format;
148			}
149			}
150			}
151
152			if ($q) {
			0 ignored issues – show introduced 2018-10-19 16:08 UTC by Report Bug Copy Issue Report `$q` is of type `mixed`, thus it always evaluated to `false`. Loading history...
153			// Get the preferred format
154			krsort($q);
155			$chosenFormat = reset($q);
156			} else {
157			$chosenFormat = Config::inst()->get(static::class, 'default_format');
158			}
159			}
160			}
161
162			$negotiator = new ContentNegotiator();
163			$negotiator->$chosenFormat($response);
164			}
165
166			/**
167			* Check user defined content type and use it, if it's empty use the strict application/xhtml+xml.
168			* Replaces a few common tags and entities with their XHTML representations (<br>, <img>,
169			* <input>, checked, selected).
170			*
171			* @param HTTPResponse $response
172			*
173			* @todo Search for more xhtml replacement
174			*/
175			public function xhtml(HTTPResponse $response)
176			{
177			$content = $response->getBody();
178			$encoding = Config::inst()->get('SilverStripe\\Control\\ContentNegotiator', 'encoding');
179
180			$contentType = Config::inst()->get('SilverStripe\\Control\\ContentNegotiator', 'content_type');
181			if (empty($contentType)) {
182			$response->addHeader("Content-Type", "application/xhtml+xml; charset=" . $encoding);
183			} else {
184			$response->addHeader("Content-Type", $contentType . "; charset=" . $encoding);
185			}
186			$response->addHeader("Vary", "Accept");
187
188			// Fix base tag
189			$content = preg_replace(
190			'/<base href="([^"])"><!--\[if[[^\]]\] \/><!\[endif\]-->/',
191			'<base href="$1" />',
192			$content ?: ''
193			);
194
195			$content = str_replace(' ', ' ', $content ?: '');
196			$content = str_replace('<br>', '<br />', $content ?: '');
197			$content = str_replace('<hr>', '<hr />', $content ?: '');
198			$content = preg_replace('#(<img[^>]*[^/>])>#i', '\\1/>', $content ?: '');
199			$content = preg_replace('#(<input[^>]*[^/>])>#i', '\\1/>', $content ?: '');
200			$content = preg_replace('#(<param[^>]*[^/>])>#i', '\\1/>', $content ?: '');
201			$content = preg_replace("#(\<option[^>][\s]+selected)(?!\s\=)#si", "$1=\"selected\"$2", $content ?: '');
202			$content = preg_replace("#(\<input[^>][\s]+checked)(?!\s\=)#si", "$1=\"checked\"$2", $content ?: '');
203
204			$response->setBody($content);
205			}
206
207			/**
208			* Performs the following replacements:
209			* - Check user defined content type and use it, if it's empty use the text/html.
210			* - If find a XML header replaces it and existing doctypes with HTML4.01 Strict.
211			* - Replaces self-closing tags like <img /> with unclosed solitary tags like <img>.
212			* - Replaces all occurrences of "application/xhtml+xml" with "text/html" in the template.
213			* - Removes "xmlns" attributes and any <?xml> Pragmas.
214			*
215			* @param HTTPResponse $response
216			*/
217			public function html(HTTPResponse $response)
218			{
219			$encoding = $this->config()->get('encoding');
220			$contentType = $this->config()->get('content_type');
221			if (empty($contentType)) {
222			$response->addHeader("Content-Type", "text/html; charset=" . $encoding);
223			} else {
224			$response->addHeader("Content-Type", $contentType . "; charset=" . $encoding);
225			}
226			$response->addHeader("Vary", "Accept");
227
228			$content = $response->getBody();
229			$hasXMLHeader = (substr((string) $content, 0, 5) == '<' . '?xml');
230
231			// Fix base tag
232			$content = preg_replace(
233			'/<base href="([^"]*)" \/>/',
234			'<base href="$1"><!--[if lte IE 6]></base><![endif]-->',
235			$content ?: ''
236			);
237
238			$content = preg_replace("#<\\?xml[^>]+\\?>\n?#", '', $content ?: '');
239			$content = str_replace(
240			['/>', 'xml:lang', 'application/xhtml+xml'],
241			['>', 'lang', 'text/html'],
242			$content ?: ''
243			);
244
245			// Only replace the doctype in templates with the xml header
246			if ($hasXMLHeader) {
247			$content = preg_replace(
248			'/<!DOCTYPE[^>]+>/',
249			'<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">',
250			$content ?: ''
251			);
252			}
253			$content = preg_replace('/<html xmlns="[^"]+"/', '<html ', $content ?: '');
254
255			$response->setBody($content);
256			}
257			}
258

silverstripe / silverstripe-framework

Pull Request — 4 (#10222)

ContentNegotiator::setEnabled() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like