use MediaWiki\Session\SessionId;
use MediaWiki\Session\SessionManager;
+// The point of this class is to be a wrapper around super globals
+// phpcs:disable MediaWiki.Usage.SuperGlobalsUsage.SuperGlobals
+
/**
* The WebRequest class encapsulates getting at data passed in the
* URL or via a POSTed form stripping illegal input characters and
$a = parse_url( $url );
Wikimedia\restoreWarnings();
if ( $a ) {
- $path = isset( $a['path'] ) ? $a['path'] : '';
+ $path = $a['path'] ?? '';
global $wgScript;
if ( $path == $wgScript && $want !== 'all' ) {
$router->add( $wgActionPaths, [ 'action' => '$key' ] );
}
- global $wgVariantArticlePath, $wgContLang;
+ global $wgVariantArticlePath;
if ( $wgVariantArticlePath ) {
$router->add( $wgVariantArticlePath,
[ 'variant' => '$2' ],
- [ '$2' => $wgContLang->getVariants() ]
+ [ '$2' => MediaWikiServices::getInstance()->getContentLanguage()->
+ getVariants() ]
);
}
public static function getRequestId() {
// This method is called from various error handlers and should be kept simple.
- if ( !self::$reqId ) {
- self::$reqId = isset( $_SERVER['UNIQUE_ID'] )
- ? $_SERVER['UNIQUE_ID'] : wfRandomString( 24 );
+ if ( self::$reqId ) {
+ return self::$reqId;
+ }
+
+ global $wgAllowExternalReqID;
+
+ self::$reqId = $_SERVER['UNIQUE_ID'] ?? wfRandomString( 24 );
+ if ( $wgAllowExternalReqID ) {
+ $id = RequestContext::getMain()->getRequest()->getHeader( 'X-Request-Id' );
+ if ( $id ) {
+ self::$reqId = $id;
+ }
}
return self::$reqId;
/**
* Check for title, action, and/or variant data in the URL
* and interpolate it into the GET variables.
- * This should only be run after $wgContLang is available,
+ * This should only be run after the content language is available,
* as we may need the list of language variants to determine
* available variant URLs.
*/
$data[$key] = $this->normalizeUnicode( $val );
}
} else {
- global $wgContLang;
- $data = isset( $wgContLang ) ?
- $wgContLang->normalize( $data ) :
+ $contLang = MediaWikiServices::getInstance()->getContentLanguage();
+ $data = $contLang ? $contLang->normalize( $data ) :
UtfNormal\Validator::cleanUp( $data );
}
return $data;
*/
private function getGPCVal( $arr, $name, $default ) {
# PHP is so nice to not touch input data, except sometimes:
- # https://secure.php.net/variables.external#language.variables.external.dot-in-names
+ # https://www.php.net/variables.external#language.variables.external.dot-in-names
# Work around PHP *feature* to avoid *bugs* elsewhere.
$name = strtr( $name, '.', '_' );
if ( isset( $arr[$name] ) ) {
- global $wgContLang;
$data = $arr[$name];
- if ( isset( $_GET[$name] ) && !is_array( $data ) ) {
+ if ( isset( $_GET[$name] ) && is_string( $data ) ) {
# Check for alternate/legacy character encoding.
- if ( isset( $wgContLang ) ) {
- $data = $wgContLang->checkTitleEncoding( $data );
- }
+ $contLang = MediaWikiServices::getInstance()->getContentLanguage();
+ $data = $contLang->checkTitleEncoding( $data );
}
$data = $this->normalizeUnicode( $data );
return $data;
* @return mixed Old value if one was present, null otherwise
*/
public function setVal( $key, $value ) {
- $ret = isset( $this->data[$key] ) ? $this->data[$key] : null;
+ $ret = $this->data[$key] ?? null;
$this->data[$key] = $value;
return $ret;
}
* If no source and no default, returns null.
*
* @param string $name
- * @param array $default Optional default (or null)
+ * @param array|null $default Optional default (or null)
* @return array|null
*/
public function getArray( $name, $default = null ) {
* If an array is returned, contents are guaranteed to be integers.
*
* @param string $name
- * @param array $default Option default (or null)
+ * @param array|null $default Option default (or null)
* @return array Array of ints
*/
public function getIntArray( $name, $default = null ) {
return $_GET;
}
+ /**
+ * Get the values passed via POST.
+ * No transformation is performed on the values.
+ *
+ * @since 1.32
+ * @codeCoverageIgnore
+ * @return array
+ */
+ public function getPostValues() {
+ return $_POST;
+ }
+
/**
* Return the contents of the Query with no decoding. Use when you need to
* know exactly what was sent, e.g. for an OAuth signature over the elements.
* @return string
*/
public function getMethod() {
- return isset( $_SERVER['REQUEST_METHOD'] ) ? $_SERVER['REQUEST_METHOD'] : 'GET';
+ return $_SERVER['REQUEST_METHOD'] ?? 'GET';
}
/**
* Get a cookie from the $_COOKIE jar
*
* @param string $key The name of the cookie
- * @param string $prefix A prefix to use for the cookie name, if not $wgCookiePrefix
- * @param mixed $default What to return if the value isn't found
+ * @param string|null $prefix A prefix to use for the cookie name, if not $wgCookiePrefix
+ * @param mixed|null $default What to return if the value isn't found
* @return mixed Cookie value or $default if the cookie not set
*/
public function getCookie( $key, $prefix = null, $default = null ) {
* in HTML or other output.
*
* If $wgServer is protocol-relative, this will return a fully
- * qualified URL with the protocol that was used for this request.
+ * qualified URL with the protocol of this request object.
*
* @return string
*/
public function getFullRequestURL() {
- return wfExpandUrl( $this->getRequestURL(), PROTO_CURRENT );
+ // Pass an explicit PROTO constant instead of PROTO_CURRENT so that we
+ // do not rely on state from the global $wgRequest object (which it would,
+ // via wfGetServerUrl/wfExpandUrl/$wgRequest->protocol).
+ if ( $this->getProtocol() === 'http' ) {
+ return wfGetServerUrl( PROTO_HTTP ) . $this->getRequestURL();
+ } else {
+ return wfGetServerUrl( PROTO_HTTPS ) . $this->getRequestURL();
+ }
}
/**
*
* This means that the client is not requesting any state changes and that database writes
* are not inherently required. Ideally, no visible updates would happen at all. If they
- * must, then they should not be publically attributed to the end user.
+ * must, then they should not be publicly attributed to the end user.
*
* In more detail:
* - Cache populations and refreshes MAY occur.