OutputHandler.php ➔ wfDoContentLength() - Code Metrics - wikimedia/mediawiki - Measure and Improve Code Quality continuously with Scrutinizer

OutputHandler.php ➔ wfDoContentLength() A
last analyzed 2016-11-13 17:42 UTC

↳ Parent: Project

Complexity

Conditions	4
Paths	2

Size

Total Lines	8
Code Lines	5

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	4
eloc	5
nc	2
nop	1
dl	0
loc	8
rs	9.2
c	0
b	0
f	0

<?php
/**
 * Functions to be used with PHP's output buffer.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 * http://www.gnu.org/copyleft/gpl.html
 *
 * @file
 */

/**
 * Standard output handler for use with ob_start
 *
 * @param string $s
 *
 * @return string
 */
function wfOutputHandler( $s ) {
	global $wgDisableOutputCompression, $wgValidateAllHtml, $wgMangleFlashPolicy;
	if ( $wgMangleFlashPolicy ) {
		$s = wfMangleFlashPolicy( $s );
	}
	if ( $wgValidateAllHtml ) {
		$headers = headers_list();
		$isHTML = false;
		foreach ( $headers as $header ) {
			$parts = explode( ':', $header, 2 );
			if ( count( $parts ) !== 2 ) {
				continue;
			}
			$name = strtolower( trim( $parts[0] ) );
			$value = trim( $parts[1] );
			if ( $name == 'content-type' && ( strpos( $value, 'text/html' ) === 0
				|| strpos( $value, 'application/xhtml+xml' ) === 0 )
			) {
				$isHTML = true;
				break;
			}
		}
		if ( $isHTML ) {
			$s = wfHtmlValidationHandler( $s );
		}
	}
	if ( !$wgDisableOutputCompression && !ini_get( 'zlib.output_compression' ) ) {
		if ( !defined( 'MW_NO_OUTPUT_COMPRESSION' ) ) {
			$s = wfGzipHandler( $s );
		}
		if ( !ini_get( 'output_handler' ) ) {
			wfDoContentLength( strlen( $s ) );
		}
	}
	return $s;
}

/**
 * Get the "file extension" that some client apps will estimate from
 * the currently-requested URL.
 * This isn't on WebRequest because we need it when things aren't initialized
 * @private
 *
 * @return string
 */
function wfRequestExtension() {
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
	/// @todo FIXME: this sort of dupes some code in WebRequest::getRequestUrl()
	if ( isset( $_SERVER['REQUEST_URI'] ) ) {
		// Strip the query string...
		list( $path ) = explode( '?', $_SERVER['REQUEST_URI'], 2 );
	} elseif ( isset( $_SERVER['SCRIPT_NAME'] ) ) {
		// Probably IIS. QUERY_STRING appears separately.
		$path = $_SERVER['SCRIPT_NAME'];
	} else {
		// Can't get the path from the server? :(
		return '';
	}

	$period = strrpos( $path, '.' );
	if ( $period !== false ) {
		return strtolower( substr( $path, $period ) );
	}
	return '';
}

/**
 * Handler that compresses data with gzip if allowed by the Accept header.
 * Unlike ob_gzhandler, it works for HEAD requests too.
 *
 * @param string $s
 *
 * @return string
 */
function wfGzipHandler( $s ) {
	if ( !function_exists( 'gzencode' ) ) {
		wfDebug( __FUNCTION__ . "() skipping compression (gzencode unavailable)\n" );
		return $s;
	}
	if ( headers_sent() ) {
		wfDebug( __FUNCTION__ . "() skipping compression (headers already sent)\n" );
		return $s;
	}

	$ext = wfRequestExtension();
	if ( $ext == '.gz' || $ext == '.tgz' ) {
		// Don't do gzip compression if the URL path ends in .gz or .tgz
		// This confuses Safari and triggers a download of the page,
		// even though it's pretty clearly labeled as viewable HTML.
		// Bad Safari! Bad!
		return $s;
	}

	if ( wfClientAcceptsGzip() ) {
		wfDebug( __FUNCTION__ . "() is compressing output\n" );
		header( 'Content-Encoding: gzip' );
		$s = gzencode( $s, 6 );
	}

	// Set vary header if it hasn't been set already
	$headers = headers_list();
	$foundVary = false;
	foreach ( $headers as $header ) {
		$headerName = strtolower( substr( $header, 0, 5 ) );
		if ( $headerName == 'vary:' ) {
			$foundVary = true;
			break;
		}
	}
	if ( !$foundVary ) {
		header( 'Vary: Accept-Encoding' );
		global $wgUseKeyHeader;
		if ( $wgUseKeyHeader ) {
			header( 'Key: Accept-Encoding;match=gzip' );
		}
	}
	return $s;
}

/**
 * Mangle flash policy tags which open up the site to XSS attacks.
 *
 * @param string $s
 *
 * @return string
 */
function wfMangleFlashPolicy( $s ) {
	# Avoid weird excessive memory usage in PCRE on big articles
	if ( preg_match( '/\<\s*cross-domain-policy(?=\s|\>)/i', $s ) ) {
		return preg_replace( '/\<(\s*)(cross-domain-policy(?=\s|\>))/i', '<$1NOT-$2', $s );
	} else {
		return $s;
	}
}

/**
 * Add a Content-Length header if possible. This makes it cooperate with CDN better.
 *
 * @param int $length
 */
function wfDoContentLength( $length ) {
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
	if ( !headers_sent()
		&& isset( $_SERVER['SERVER_PROTOCOL'] )
		&& $_SERVER['SERVER_PROTOCOL'] == 'HTTP/1.0'
	) {
		header( "Content-Length: $length" );
	}
}

/**
 * Replace the output with an error if the HTML is not valid
 *
 * @param string $s
 *
 * @return string
 */
function wfHtmlValidationHandler( $s ) {

	$errors = '';
	if ( MWTidy::checkErrors( $s, $errors ) ) {
		return $s;
	}

	header( 'Cache-Control: no-cache' );

	$out = Html::element( 'h1', null, 'HTML validation error' );
	$out .= Html::openElement( 'ul' );

	$error = strtok( $errors, "\n" );
	$badLines = [];
	while ( $error !== false ) {
		if ( preg_match( '/^line (\d+)/', $error, $m ) ) {
			$lineNum = intval( $m[1] );
			$badLines[$lineNum] = true;
			$out .= Html::rawElement( 'li', null,
				Html::element( 'a', [ 'href' => "#line-{$lineNum}" ], $error ) ) . "\n";
		}
		$error = strtok( "\n" );
	}

	$out .= Html::closeElement( 'ul' );
	$out .= Html::element( 'pre', null, $errors );
	$out .= Html::openElement( 'ol' ) . "\n";
	$line = strtok( $s, "\n" );
	$i = 1;
	while ( $line !== false ) {
		$attrs = [];
		if ( isset( $badLines[$i] ) ) {
			$attrs['class'] = 'highlight';
			$attrs['id'] = "line-$i";
		}
		$out .= Html::element( 'li', $attrs, $line ) . "\n";
		$line = strtok( "\n" );
		$i++;
	}
	$out .= Html::closeElement( 'ol' );

	$style = <<<CSS
.highlight { background-color: #ffc }
li { white-space: pre }
CSS;

	$out = Html::htmlHeader( [ 'lang' => 'en', 'dir' => 'ltr' ] ) .
		Html::rawElement( 'head', null,
			Html::element( 'title', null, 'HTML validation error' ) .
			Html::inlineStyle( $style ) ) .
		Html::rawElement( 'body', null, $out ) .
		Html::closeElement( 'html' );

	return $out;
}


1			<?php
2			/**
3			* Functions to be used with PHP's output buffer.
4			*
5			* This program is free software; you can redistribute it and/or modify
6			* it under the terms of the GNU General Public License as published by
7			* the Free Software Foundation; either version 2 of the License, or
8			* (at your option) any later version.
9			*
10			* This program is distributed in the hope that it will be useful,
11			* but WITHOUT ANY WARRANTY; without even the implied warranty of
12			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13			* GNU General Public License for more details.
14			*
15			* You should have received a copy of the GNU General Public License along
16			* with this program; if not, write to the Free Software Foundation, Inc.,
17			* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18			* http://www.gnu.org/copyleft/gpl.html
19			*
20			* @file
21			*/
22
23			/**
24			* Standard output handler for use with ob_start
25			*
26			* @param string $s
27			*
28			* @return string
29			*/
30			function wfOutputHandler( $s ) {
31			global $wgDisableOutputCompression, $wgValidateAllHtml, $wgMangleFlashPolicy;
32			if ( $wgMangleFlashPolicy ) {
33			$s = wfMangleFlashPolicy( $s );
34			}
35			if ( $wgValidateAllHtml ) {
36			$headers = headers_list();
37			$isHTML = false;
38			foreach ( $headers as $header ) {
39			$parts = explode( ':', $header, 2 );
40			if ( count( $parts ) !== 2 ) {
41			continue;
42			}
43			$name = strtolower( trim( $parts[0] ) );
44			$value = trim( $parts[1] );
45			if ( $name == 'content-type' && ( strpos( $value, 'text/html' ) === 0
46			\|\| strpos( $value, 'application/xhtml+xml' ) === 0 )
47			) {
48			$isHTML = true;
49			break;
50			}
51			}
52			if ( $isHTML ) {
53			$s = wfHtmlValidationHandler( $s );
54			}
55			}
56			if ( !$wgDisableOutputCompression && !ini_get( 'zlib.output_compression' ) ) {
57			if ( !defined( 'MW_NO_OUTPUT_COMPRESSION' ) ) {
58			$s = wfGzipHandler( $s );
59			}
60			if ( !ini_get( 'output_handler' ) ) {
61			wfDoContentLength( strlen( $s ) );
62			}
63			}
64			return $s;
65			}
66
67			/**
68			* Get the "file extension" that some client apps will estimate from
69			* the currently-requested URL.
70			* This isn't on WebRequest because we need it when things aren't initialized
71			* @private
72			*
73			* @return string
74			*/
75			function wfRequestExtension() {
			0 ignored issues – show Coding Style introduced 2016-01-16 18:00 UTC by Report Bug Copy Issue Report `wfRequestExtension` uses the super-global variable `$_SERVER` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
76			/// @todo FIXME: this sort of dupes some code in WebRequest::getRequestUrl()
77			if ( isset( $_SERVER['REQUEST_URI'] ) ) {
78			// Strip the query string...
79			list( $path ) = explode( '?', $_SERVER['REQUEST_URI'], 2 );
80			} elseif ( isset( $_SERVER['SCRIPT_NAME'] ) ) {
81			// Probably IIS. QUERY_STRING appears separately.
82			$path = $_SERVER['SCRIPT_NAME'];
83			} else {
84			// Can't get the path from the server? :(
85			return '';
86			}
87
88			$period = strrpos( $path, '.' );
89			if ( $period !== false ) {
90			return strtolower( substr( $path, $period ) );
91			}
92			return '';
93			}
94
95			/**
96			* Handler that compresses data with gzip if allowed by the Accept header.
97			* Unlike ob_gzhandler, it works for HEAD requests too.
98			*
99			* @param string $s
100			*
101			* @return string
102			*/
103			function wfGzipHandler( $s ) {
104			if ( !function_exists( 'gzencode' ) ) {
105			wfDebug( __FUNCTION__ . "() skipping compression (gzencode unavailable)\n" );
106			return $s;
107			}
108			if ( headers_sent() ) {
109			wfDebug( __FUNCTION__ . "() skipping compression (headers already sent)\n" );
110			return $s;
111			}
112
113			$ext = wfRequestExtension();
114			if ( $ext == '.gz' \|\| $ext == '.tgz' ) {
115			// Don't do gzip compression if the URL path ends in .gz or .tgz
116			// This confuses Safari and triggers a download of the page,
117			// even though it's pretty clearly labeled as viewable HTML.
118			// Bad Safari! Bad!
119			return $s;
120			}
121
122			if ( wfClientAcceptsGzip() ) {
123			wfDebug( __FUNCTION__ . "() is compressing output\n" );
124			header( 'Content-Encoding: gzip' );
125			$s = gzencode( $s, 6 );
126			}
127
128			// Set vary header if it hasn't been set already
129			$headers = headers_list();
130			$foundVary = false;
131			foreach ( $headers as $header ) {
132			$headerName = strtolower( substr( $header, 0, 5 ) );
133			if ( $headerName == 'vary:' ) {
134			$foundVary = true;
135			break;
136			}
137			}
138			if ( !$foundVary ) {
139			header( 'Vary: Accept-Encoding' );
140			global $wgUseKeyHeader;
141			if ( $wgUseKeyHeader ) {
142			header( 'Key: Accept-Encoding;match=gzip' );
143			}
144			}
145			return $s;
146			}
147
148			/**
149			* Mangle flash policy tags which open up the site to XSS attacks.
150			*
151			* @param string $s
152			*
153			* @return string
154			*/
155			function wfMangleFlashPolicy( $s ) {
156			# Avoid weird excessive memory usage in PCRE on big articles
157			if ( preg_match( '/\<\s*cross-domain-policy(?=\s\|\>)/i', $s ) ) {
158			return preg_replace( '/\<(\s*)(cross-domain-policy(?=\s\|\>))/i', '<$1NOT-$2', $s );
159			} else {
160			return $s;
161			}
162			}
163
164			/**
165			* Add a Content-Length header if possible. This makes it cooperate with CDN better.
166			*
167			* @param int $length
168			*/
169			function wfDoContentLength( $length ) {
			0 ignored issues – show Coding Style introduced 2016-01-16 18:00 UTC by Report Bug Copy Issue Report `wfDoContentLength` uses the super-global variable `$_SERVER` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
170			if ( !headers_sent()
171			&& isset( $_SERVER['SERVER_PROTOCOL'] )
172			&& $_SERVER['SERVER_PROTOCOL'] == 'HTTP/1.0'
173			) {
174			header( "Content-Length: $length" );
175			}
176			}
177
178			/**
179			* Replace the output with an error if the HTML is not valid
180			*
181			* @param string $s
182			*
183			* @return string
184			*/
185			function wfHtmlValidationHandler( $s ) {
186
187			$errors = '';
188			if ( MWTidy::checkErrors( $s, $errors ) ) {
189			return $s;
190			}
191
192			header( 'Cache-Control: no-cache' );
193
194			$out = Html::element( 'h1', null, 'HTML validation error' );
195			$out .= Html::openElement( 'ul' );
196
197			$error = strtok( $errors, "\n" );
198			$badLines = [];
199			while ( $error !== false ) {
200			if ( preg_match( '/^line (\d+)/', $error, $m ) ) {
201			$lineNum = intval( $m[1] );
202			$badLines[$lineNum] = true;
203			$out .= Html::rawElement( 'li', null,
204			Html::element( 'a', [ 'href' => "#line-{$lineNum}" ], $error ) ) . "\n";
205			}
206			$error = strtok( "\n" );
207			}
208
209			$out .= Html::closeElement( 'ul' );
210			$out .= Html::element( 'pre', null, $errors );
211			$out .= Html::openElement( 'ol' ) . "\n";
212			$line = strtok( $s, "\n" );
213			$i = 1;
214			while ( $line !== false ) {
215			$attrs = [];
216			if ( isset( $badLines[$i] ) ) {
217			$attrs['class'] = 'highlight';
218			$attrs['id'] = "line-$i";
219			}
220			$out .= Html::element( 'li', $attrs, $line ) . "\n";
221			$line = strtok( "\n" );
222			$i++;
223			}
224			$out .= Html::closeElement( 'ol' );
225
226			$style = <<<CSS
227			.highlight { background-color: #ffc }
228			li { white-space: pre }
229			CSS;
230
231			$out = Html::htmlHeader( [ 'lang' => 'en', 'dir' => 'ltr' ] ) .
232			Html::rawElement( 'head', null,
233			Html::element( 'title', null, 'HTML validation error' ) .
234			Html::inlineStyle( $style ) ) .
235			Html::rawElement( 'body', null, $out ) .
236			Html::closeElement( 'html' );
237
238			return $out;
239			}
240

wikimedia / mediawiki

OutputHandler.php ➔ wfDoContentLength() A last analyzed 2016-11-13 17:42 UTC

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like

OutputHandler.php ➔ wfDoContentLength() A
last analyzed 2016-11-13 17:42 UTC