From: Alexandre Emsenhuber <ialex.wiki@gmail.com>
Date: Sun, 22 Jul 2012 18:27:26 +0000 (+0200)
Subject: Use WebRequest instead of $_SERVER in ApiMain.
X-Git-Tag: 1.31.0-rc.0~22858^2
X-Git-Url: http://git.cyclocoop.org/%7B%24admin_url%7Dcompta/comptes/journal.php?a=commitdiff_plain;h=7429d512b7905128038733c0f19a3fbbc25a2eae;p=lhc%2Fweb%2Fwiklou.git

Use WebRequest instead of $_SERVER in ApiMain.

Change-Id: I964534089e85ec1e9ccf567efa66b05a1a3a7462
---

diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php
index 05f6652c2d..341df24470 100644
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@@ -422,15 +422,22 @@ class ApiMain extends ApiBase {
 	 */
 	protected function handleCORS() {
 		global $wgCrossSiteAJAXdomains, $wgCrossSiteAJAXdomainExceptions;
-		$response = $this->getRequest()->response();
+
 		$originParam = $this->getParameter( 'origin' ); // defaults to null
 		if ( $originParam === null ) {
 			// No origin parameter, nothing to do
 			return true;
 		}
+
+		$request = $this->getRequest();
+		$response = $request->response();
 		// Origin: header is a space-separated list of origins, check all of them
-		$originHeader = isset( $_SERVER['HTTP_ORIGIN'] ) ? $_SERVER['HTTP_ORIGIN'] : '';
-		$origins = explode( ' ', $originHeader );
+		$originHeader = $request->getHeader( 'Origin' );
+		if ( $originHeader === false ) {
+			$origins = array();
+		} else {
+			$origins = explode( ' ', $originHeader );
+		}
 		if ( !in_array( $originParam, $origins ) ) {
 			// origin parameter set but incorrect
 			// Send a 403 response