Issues in RawAction.php - All Issues - Inspection of "Daily Inspection: Merge "Add GENDER support to pro..." - wikimedia/mediawiki - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Branch — master (939199)

unknown

created 2016-11-04 17:19 UTC

includes/actions/RawAction.php (1 issue)

Labels

Bug 1

Severity

Major 1

Gabriel Wicke 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Raw page text accessor
 *
 * Copyright © 2004 Gabriel Wicke <[email protected]>
 * http://wikidev.net/
 *
 * Based on HistoryAction and SpecialExport
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 * http://www.gnu.org/copyleft/gpl.html
 *
 * @author Gabriel Wicke <[email protected]>
 * @file
 */

/**
 * A simple method to retrieve the plain source of an article,
 * using "action=raw" in the GET request string.
 *
 * @ingroup Actions
 */
class RawAction extends FormlessAction {
	public function getName() {
		return 'raw';
	}

	public function requiresWrite() {
		return false;
	}

	public function requiresUnblock() {
		return false;
	}

	function onView() {
		$this->getOutput()->disable();
		$request = $this->getRequest();
		$response = $request->response();
		$config = $this->context->getConfig();

		if ( !$request->checkUrlExtension() ) {
			return;
		}

		if ( $this->getOutput()->checkLastModified( $this->page->getTouched() ) ) {
class A
{
    public function foo() { }
}

class B extends A
{
    public function bar() { }
}

/**
 * @param A|B $x
 */
function someFunction($x)
{
    $x->foo(); // This call is fine as the method exists in A and B.
    $x->bar(); // This method only exists in B and might cause an error.
}
			return; // Client cache fresh and headers sent, nothing more to do.
		}

		$gen = $request->getVal( 'gen' );
		if ( $gen == 'css' || $gen == 'js' ) {
			$this->gen = true;
		}

		$contentType = $this->getContentType();

		$maxage = $request->getInt( 'maxage', $config->get( 'SquidMaxage' ) );
		$smaxage = $request->getIntOrNull( 'smaxage' );
		if ( $smaxage === null ) {
			if ( $contentType == 'text/css' || $contentType == 'text/javascript' ) {
				// CSS/JS raw content has its own CDN max age configuration.
				// Note: Title::getCdnUrls() includes action=raw for css/js pages,
				// so if using the canonical url, this will get HTCP purges.
				$smaxage = intval( $config->get( 'ForcedRawSMaxage' ) );
			} else {
				// No CDN cache for anything else
				$smaxage = 0;
			}
		}

		// Set standard Vary headers so cache varies on cookies and such (T125283)
		$response->header( $this->getOutput()->getVaryHeader() );
		if ( $config->get( 'UseKeyHeader' ) ) {
			$response->header( $this->getOutput()->getKeyHeader() );
		}

		$response->header( 'Content-type: ' . $contentType . '; charset=UTF-8' );
		// Output may contain user-specific data;
		// vary generated content for open sessions on private wikis
		$privateCache = !User::isEveryoneAllowed( 'read' ) &&
			( $smaxage == 0 || MediaWiki\Session\SessionManager::getGlobalSession()->isPersistent() );
		// Don't accidentally cache cookies if user is logged in (T55032)
		$privateCache = $privateCache || $this->getUser()->isLoggedIn();
		$mode = $privateCache ? 'private' : 'public';
		$response->header(
			'Cache-Control: ' . $mode . ', s-maxage=' . $smaxage . ', max-age=' . $maxage
		);

		$text = $this->getRawText();

		// Don't return a 404 response for CSS or JavaScript;
		// 404s aren't generally cached and it would create
		// extra hits when user CSS/JS are on and the user doesn't
		// have the pages.
		if ( $text === false && $contentType == 'text/x-wiki' ) {
			$response->statusHeader( 404 );
		}

		if ( !Hooks::run( 'RawPageViewBeforeOutput', [ &$this, &$text ] ) ) {
			wfDebug( __METHOD__ . ": RawPageViewBeforeOutput hook broke raw page output.\n" );
		}

		echo $text;
	}

	/**
	 * Get the text that should be returned, or false if the page or revision
	 * was not found.
	 *
	 * @return string|bool
	 */
	public function getRawText() {
		global $wgParser;

		$text = false;
		$title = $this->getTitle();
		$request = $this->getRequest();

		// If it's a MediaWiki message we can just hit the message cache
		if ( $request->getBool( 'usemsgcache' ) && $title->getNamespace() == NS_MEDIAWIKI ) {
			// The first "true" is to use the database, the second is to use
			// the content langue and the last one is to specify the message
			// key already contains the language in it ("/de", etc.).
			$text = MessageCache::singleton()->get( $title->getDBkey(), true, true, true );
			// If the message doesn't exist, return a blank
			if ( $text === false ) {
				$text = '';
			}
		} else {
			// Get it from the DB
			$rev = Revision::newFromTitle( $title, $this->getOldId() );
			if ( $rev ) {
				$lastmod = wfTimestamp( TS_RFC2822, $rev->getTimestamp() );
				$request->response()->header( "Last-modified: $lastmod" );

				// Public-only due to cache headers
				$content = $rev->getContent();

				if ( $content === null ) {
					// revision not found (or suppressed)
					$text = false;
				} elseif ( !$content instanceof TextContent ) {
					// non-text content
					wfHttpError( 415, "Unsupported Media Type", "The requested page uses the content model `"
						. $content->getModel() . "` which is not supported via this interface." );
					die();
				} else {
					// want a section?
					$section = $request->getIntOrNull( 'section' );
					if ( $section !== null ) {
						$content = $content->getSection( $section );
					}

					if ( $content === null || $content === false ) {
						// section not found (or section not supported, e.g. for JS and CSS)
						$text = false;
					} else {
						$text = $content->getNativeData();
					}
				}
			}
		}

		if ( $text !== false && $text !== '' && $request->getVal( 'templates' ) === 'expand' ) {
			$text = $wgParser->preprocess(
				$text,
				$title,
				ParserOptions::newFromContext( $this->getContext() )
			);
		}

		return $text;
	}

	/**
	 * Get the ID of the revision that should used to get the text.
	 *
	 * @return int
	 */
	public function getOldId() {
		$oldid = $this->getRequest()->getInt( 'oldid' );
		switch ( $this->getRequest()->getText( 'direction' ) ) {
			case 'next':
				# output next revision, or nothing if there isn't one
				$nextid = 0;
				if ( $oldid ) {
					$nextid = $this->getTitle()->getNextRevisionID( $oldid );
				}
				$oldid = $nextid ?: -1;
				break;
			case 'prev':
				# output previous revision, or nothing if there isn't one
				if ( !$oldid ) {
					# get the current revision so we can get the penultimate one
					$oldid = $this->page->getLatest();
				}
				$previd = $this->getTitle()->getPreviousRevisionID( $oldid );
				$oldid = $previd ?: -1;
				break;
			case 'cur':
				$oldid = 0;
				break;
		}

		return $oldid;
	}

	/**
	 * Get the content type to use for the response
	 *
	 * @return string
	 */
	public function getContentType() {
		$ctype = $this->getRequest()->getVal( 'ctype' );

		if ( $ctype == '' ) {
			$gen = $this->getRequest()->getVal( 'gen' );
			if ( $gen == 'js' ) {
				$ctype = 'text/javascript';
			} elseif ( $gen == 'css' ) {
				$ctype = 'text/css';
			}
		}

		$allowedCTypes = [ 'text/x-wiki', 'text/javascript', 'text/css', 'application/x-zope-edit' ];
		if ( $ctype == '' || !in_array( $ctype, $allowedCTypes ) ) {
			$ctype = 'text/x-wiki';
		}

		return $ctype;
	}
}


Branch — master (939199)

includes/actions/RawAction.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

1			<?php
2			/**
3			* Raw page text accessor
4			*
5			* Copyright © 2004 Gabriel Wicke <[email protected]>
6			* http://wikidev.net/
7			*
8			* Based on HistoryAction and SpecialExport
9			*
10			* This program is free software; you can redistribute it and/or modify
11			* it under the terms of the GNU General Public License as published by
12			* the Free Software Foundation; either version 2 of the License, or
13			* (at your option) any later version.
14			*
15			* This program is distributed in the hope that it will be useful,
16			* but WITHOUT ANY WARRANTY; without even the implied warranty of
17			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18			* GNU General Public License for more details.
19			*
20			* You should have received a copy of the GNU General Public License along
21			* with this program; if not, write to the Free Software Foundation, Inc.,
22			* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
23			* http://www.gnu.org/copyleft/gpl.html
24			*
25			* @author Gabriel Wicke <[email protected]>
26			* @file
27			*/
28
29			/**
30			* A simple method to retrieve the plain source of an article,
31			* using "action=raw" in the GET request string.
32			*
33			* @ingroup Actions
34			*/
35			class RawAction extends FormlessAction {
36			public function getName() {
37			return 'raw';
38			}
39
40			public function requiresWrite() {
41			return false;
42			}
43
44			public function requiresUnblock() {
45			return false;
46			}
47
48			function onView() {
49			$this->getOutput()->disable();
50			$request = $this->getRequest();
51			$response = $request->response();
52			$config = $this->context->getConfig();
53
54			if ( !$request->checkUrlExtension() ) {
55			return;
56			}
57
58			if ( $this->getOutput()->checkLastModified( $this->page->getTouched() ) ) {
			0 ignored issues – show Bug introduced 2016-02-23 18:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `getTouched` does only exist in `Article and CategoryPage... ImagePage and WikiPage`, but not in `Page`. It seems like the method you are trying to call exists only in some of the possible types. Let’s take a look at an example: class A { public function foo() { } } class B extends A { public function bar() { } } /** * @param A\|B $x / function someFunction($x) { $x->foo(); // This call is fine as the method exists in A and B. $x->bar(); // This method only exists in B and might cause an error. } Available Fixes Add an additional type-check: /* * @param A\|B $x / function someFunction($x) { $x->foo(); if ($x instanceof B) { $x->bar(); } } Only allow a single type to be passed if the variable comes from a parameter: function someFunction(B $x) { /* ... */ } Loading history...
59			return; // Client cache fresh and headers sent, nothing more to do.
60			}
61
62			$gen = $request->getVal( 'gen' );
63			if ( $gen == 'css' \|\| $gen == 'js' ) {
64			$this->gen = true;
65			}
66
67			$contentType = $this->getContentType();
68
69			$maxage = $request->getInt( 'maxage', $config->get( 'SquidMaxage' ) );
70			$smaxage = $request->getIntOrNull( 'smaxage' );
71			if ( $smaxage === null ) {
72			if ( $contentType == 'text/css' \|\| $contentType == 'text/javascript' ) {
73			// CSS/JS raw content has its own CDN max age configuration.
74			// Note: Title::getCdnUrls() includes action=raw for css/js pages,
75			// so if using the canonical url, this will get HTCP purges.
76			$smaxage = intval( $config->get( 'ForcedRawSMaxage' ) );
77			} else {
78			// No CDN cache for anything else
79			$smaxage = 0;
80			}
81			}
82
83			// Set standard Vary headers so cache varies on cookies and such (T125283)
84			$response->header( $this->getOutput()->getVaryHeader() );
85			if ( $config->get( 'UseKeyHeader' ) ) {
86			$response->header( $this->getOutput()->getKeyHeader() );
87			}
88
89			$response->header( 'Content-type: ' . $contentType . '; charset=UTF-8' );
90			// Output may contain user-specific data;
91			// vary generated content for open sessions on private wikis
92			$privateCache = !User::isEveryoneAllowed( 'read' ) &&
93			( $smaxage == 0 \|\| MediaWiki\Session\SessionManager::getGlobalSession()->isPersistent() );
94			// Don't accidentally cache cookies if user is logged in (T55032)
95			$privateCache = $privateCache \|\| $this->getUser()->isLoggedIn();
96			$mode = $privateCache ? 'private' : 'public';
97			$response->header(
98			'Cache-Control: ' . $mode . ', s-maxage=' . $smaxage . ', max-age=' . $maxage
99			);
100
101			$text = $this->getRawText();
102
103			// Don't return a 404 response for CSS or JavaScript;
104			// 404s aren't generally cached and it would create
105			// extra hits when user CSS/JS are on and the user doesn't
106			// have the pages.
107			if ( $text === false && $contentType == 'text/x-wiki' ) {
108			$response->statusHeader( 404 );
109			}
110
111			if ( !Hooks::run( 'RawPageViewBeforeOutput', [ &$this, &$text ] ) ) {
112			wfDebug( __METHOD__ . ": RawPageViewBeforeOutput hook broke raw page output.\n" );
113			}
114
115			echo $text;
116			}
117
118			/**
119			* Get the text that should be returned, or false if the page or revision
120			* was not found.
121			*
122			* @return string\|bool
123			*/
124			public function getRawText() {
125			global $wgParser;
126
127			$text = false;
128			$title = $this->getTitle();
129			$request = $this->getRequest();
130
131			// If it's a MediaWiki message we can just hit the message cache
132			if ( $request->getBool( 'usemsgcache' ) && $title->getNamespace() == NS_MEDIAWIKI ) {
133			// The first "true" is to use the database, the second is to use
134			// the content langue and the last one is to specify the message
135			// key already contains the language in it ("/de", etc.).
136			$text = MessageCache::singleton()->get( $title->getDBkey(), true, true, true );
137			// If the message doesn't exist, return a blank
138			if ( $text === false ) {
139			$text = '';
140			}
141			} else {
142			// Get it from the DB
143			$rev = Revision::newFromTitle( $title, $this->getOldId() );
144			if ( $rev ) {
145			$lastmod = wfTimestamp( TS_RFC2822, $rev->getTimestamp() );
146			$request->response()->header( "Last-modified: $lastmod" );
147
148			// Public-only due to cache headers
149			$content = $rev->getContent();
150
151			if ( $content === null ) {
152			// revision not found (or suppressed)
153			$text = false;
154			} elseif ( !$content instanceof TextContent ) {
155			// non-text content
156			wfHttpError( 415, "Unsupported Media Type", "The requested page uses the content model `"
157			. $content->getModel() . "` which is not supported via this interface." );
158			die();
159			} else {
160			// want a section?
161			$section = $request->getIntOrNull( 'section' );
162			if ( $section !== null ) {
163			$content = $content->getSection( $section );
164			}
165
166			if ( $content === null \|\| $content === false ) {
167			// section not found (or section not supported, e.g. for JS and CSS)
168			$text = false;
169			} else {
170			$text = $content->getNativeData();
171			}
172			}
173			}
174			}
175
176			if ( $text !== false && $text !== '' && $request->getVal( 'templates' ) === 'expand' ) {
177			$text = $wgParser->preprocess(
178			$text,
179			$title,
180			ParserOptions::newFromContext( $this->getContext() )
181			);
182			}
183
184			return $text;
185			}
186
187			/**
188			* Get the ID of the revision that should used to get the text.
189			*
190			* @return int
191			*/
192			public function getOldId() {
193			$oldid = $this->getRequest()->getInt( 'oldid' );
194			switch ( $this->getRequest()->getText( 'direction' ) ) {
195			case 'next':
196			# output next revision, or nothing if there isn't one
197			$nextid = 0;
198			if ( $oldid ) {
199			$nextid = $this->getTitle()->getNextRevisionID( $oldid );
200			}
201			$oldid = $nextid ?: -1;
202			break;
203			case 'prev':
204			# output previous revision, or nothing if there isn't one
205			if ( !$oldid ) {
206			# get the current revision so we can get the penultimate one
207			$oldid = $this->page->getLatest();
208			}
209			$previd = $this->getTitle()->getPreviousRevisionID( $oldid );
210			$oldid = $previd ?: -1;
211			break;
212			case 'cur':
213			$oldid = 0;
214			break;
215			}
216
217			return $oldid;
218			}
219
220			/**
221			* Get the content type to use for the response
222			*
223			* @return string
224			*/
225			public function getContentType() {
226			$ctype = $this->getRequest()->getVal( 'ctype' );
227
228			if ( $ctype == '' ) {
229			$gen = $this->getRequest()->getVal( 'gen' );
230			if ( $gen == 'js' ) {
231			$ctype = 'text/javascript';
232			} elseif ( $gen == 'css' ) {
233			$ctype = 'text/css';
234			}
235			}
236
237			$allowedCTypes = [ 'text/x-wiki', 'text/javascript', 'text/css', 'application/x-zope-edit' ];
238			if ( $ctype == '' \|\| !in_array( $ctype, $allowedCTypes ) ) {
239			$ctype = 'text/x-wiki';
240			}
241
242			return $ctype;
243			}
244			}
245

wikimedia / mediawiki

Branch — master (939199)

includes/actions/RawAction.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Duplication Side-by-Side

Filter issues like