X-Git-Url: https://git.cyclocoop.org/%242?a=blobdiff_plain;f=includes%2FWebRequest.php;h=76d94b2e19343fe6170b5844989214f950dbb49e;hb=c9318edc2dd531d3d31e233665b92c2e303bdf01;hp=ed10615b0c1e9a5ab803e742dde7731efd727a60;hpb=fe94275c8fcfc248a5eae857dde7c5772d993ab5;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/WebRequest.php b/includes/WebRequest.php
index ed10615b0c..76d94b2e19 100644
--- a/includes/WebRequest.php
+++ b/includes/WebRequest.php
@@ -275,8 +275,18 @@ class WebRequest {
 	public static function getRequestId() {
 		// This method is called from various error handlers and should be kept simple.
 
-		if ( !self::$reqId ) {
-			self::$reqId = $_SERVER['UNIQUE_ID'] ?? wfRandomString( 24 );
+		if ( self::$reqId ) {
+			return self::$reqId;
+		}
+
+		global $wgAllowExternalReqID;
+
+		self::$reqId = $_SERVER['UNIQUE_ID'] ?? wfRandomString( 24 );
+		if ( $wgAllowExternalReqID ) {
+			$id = RequestContext::getMain()->getRequest()->getHeader( 'X-Request-Id' );
+			if ( $id ) {
+				self::$reqId = $id;
+			}
 		}
 
 		return self::$reqId;
@@ -382,17 +392,15 @@ class WebRequest {
 	 */
 	private function getGPCVal( $arr, $name, $default ) {
 		# PHP is so nice to not touch input data, except sometimes:
-		# https://secure.php.net/variables.external#language.variables.external.dot-in-names
+		# https://www.php.net/variables.external#language.variables.external.dot-in-names
 		# Work around PHP *feature* to avoid *bugs* elsewhere.
 		$name = strtr( $name, '.', '_' );
 		if ( isset( $arr[$name] ) ) {
 			$data = $arr[$name];
-			if ( isset( $_GET[$name] ) && !is_array( $data ) ) {
+			if ( isset( $_GET[$name] ) && is_string( $data ) ) {
 				# Check for alternate/legacy character encoding.
 				$contLang = MediaWikiServices::getInstance()->getContentLanguage();
-				if ( $contLang ) {
-					$data = $contLang->checkTitleEncoding( $data );
-				}
+				$data = $contLang->checkTitleEncoding( $data );
 			}
 			$data = $this->normalizeUnicode( $data );
 			return $data;
@@ -851,12 +859,19 @@ class WebRequest {
 	 * in HTML or other output.
 	 *
 	 * If $wgServer is protocol-relative, this will return a fully
-	 * qualified URL with the protocol that was used for this request.
+	 * qualified URL with the protocol of this request object.
 	 *
 	 * @return string
 	 */
 	public function getFullRequestURL() {
-		return wfGetServerUrl( PROTO_CURRENT ) . $this->getRequestURL();
+		// Pass an explicit PROTO constant instead of PROTO_CURRENT so that we
+		// do not rely on state from the global $wgRequest object (which it would,
+		// via wfGetServerUrl/wfExpandUrl/$wgRequest->protocol).
+		if ( $this->getProtocol() === 'http' ) {
+			return wfGetServerUrl( PROTO_HTTP ) . $this->getRequestURL();
+		} else {
+			return wfGetServerUrl( PROTO_HTTPS ) . $this->getRequestURL();
+		}
 	}
 
 	/**
@@ -1309,7 +1324,7 @@ HTML;
 	 *
 	 * This means that the client is not requesting any state changes and that database writes
 	 * are not inherently required. Ideally, no visible updates would happen at all. If they
-	 * must, then they should not be publically attributed to the end user.
+	 * must, then they should not be publicly attributed to the end user.
 	 *
 	 * In more detail:
 	 *   - Cache populations and refreshes MAY occur.