} elseif ( $curid ) {
// URLs like this are generated by RC, because rc_title isn't always accurate
$ret = Title::newFromID( $curid );
- } elseif ( $title == '' && $action != 'delete' ) {
- $ret = Title::newMainPage();
} else {
$ret = Title::newFromURL( $title );
// Alias NS_MEDIA page URLs to NS_FILE...we only use NS_MEDIA
$wgContLang->findVariantLink( $title, $ret );
}
}
- // For non-special titles, check for implicit titles
- if ( is_null( $ret ) || !$ret->isSpecialPage() ) {
+
+ // If title is not provided, always allow oldid and diff to set the title.
+ // If title is provided, allow oldid and diff to override the title, unless
+ // we are talking about a special page which might use these parameters for
+ // other purposes.
+ if ( $ret === null || !$ret->isSpecialPage() ) {
// We can have urls with just ?diff=,?oldid= or even just ?diff=
$oldid = $request->getInt( 'oldid' );
$oldid = $oldid ? $oldid : $request->getInt( 'diff' );
}
}
+ // Use the main page as default title if nothing else has been provided
+ if ( $ret === null && strval( $title ) === '' && $action !== 'delete' ) {
+ $ret = Title::newMainPage();
+ }
+
if ( $ret === null || ( $ret->getDBkey() == '' && $ret->getInterwiki() == '' ) ) {
$ret = SpecialPage::getTitleFor( 'Badtitle' );
}
$output->redirect( $article );
} else {
wfProfileOut( __METHOD__ );
- throw new MWException( "Shouldn't happen: MediaWiki::initializeArticle() returned neither an object nor a URL" );
+ throw new MWException( "Shouldn't happen: MediaWiki::initializeArticle()"
+ . " returned neither an object nor a URL" );
}
}
$act = $this->getAction();
- $action = Action::factory( $act, $page );
+ $action = Action::factory( $act, $page, $this->context );
+
if ( $action instanceof Action ) {
# Let Squid cache things if we can purge them.
if ( $wgUseSquid &&
$request = $this->context->getRequest();
- if ( $request->getCookie( 'forceHTTPS' )
- && $request->detectProtocol() == 'http'
- && $request->getMethod() == 'GET'
+ // If the user has forceHTTPS set to true, or if the user
+ // is in a group requiring HTTPS, or if they have the HTTPS
+ // preference set, redirect them to HTTPS.
+ if (
+ (
+ $request->getCookie( 'forceHTTPS', '' ) ||
+ // check for prefixed version for currently logged in users
+ $request->getCookie( 'forceHTTPS' ) ||
+ // Avoid checking the user and groups unless it's enabled.
+ (
+ $this->context->getUser()->isLoggedIn()
+ && $this->context->getUser()->requiresHTTPS()
+ )
+ ) &&
+ $request->detectProtocol() == 'http'
) {
- $redirUrl = $request->getFullRequestURL();
- $redirUrl = str_replace( 'http://', 'https://', $redirUrl );
+ $oldUrl = $request->getFullRequestURL();
+ $redirUrl = str_replace( 'http://', 'https://', $oldUrl );
+
+ if ( $request->wasPosted() ) {
+ // This is weird and we'd hope it almost never happens. This
+ // means that a POST came in via HTTP and policy requires us
+ // redirecting to HTTPS. It's likely such a request is going
+ // to fail due to post data being lost, but let's try anyway
+ // and just log the instance.
+ //
+ // @todo @fixme See if we could issue a 307 or 308 here, need
+ // to see how clients (automated & browser) behave when we do
+ wfDebugLog( 'RedirectedPosts', "Redirected from HTTP to HTTPS: $oldUrl" );
+ }
// Setup dummy Title, otherwise OutputPage::redirect will fail
$title = Title::newFromText( NS_MAIN, 'REDIR' );
$this->context->setTitle( $title );
$output = $this->context->getOutput();
+ // Since we only do this redir to change proto, always send a vary header
+ $output->addVaryHeader( 'X-Forwarded-Proto' );
$output->redirect( $redirUrl );
$output->output();
wfProfileOut( __METHOD__ );