www/wiki/includes/HeaderCallback.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

<?php

namespace MediaWiki;

class HeaderCallback {
	private static $headersSentException;
	private static $messageSent = false;

	/**
	 * Register a callback to be called when headers are sent. There can only
	 * be one of these handlers active, so all relevant actions have to be in
	 * here.
	 */
	public static function register() {
		header_register_callback( [ __CLASS__, 'callback' ] );
	}

	/**
	 * The callback, which is called by the transport
	 */
	public static function callback() {
		// Prevent caching of responses with cookies (T127993)
		$headers = [];
		foreach ( headers_list() as $header ) {
			list( $name, $value ) = explode( ':', $header, 2 );
			$headers[strtolower( trim( $name ) )][] = trim( $value );
		}

		if ( isset( $headers['set-cookie'] ) ) {
			$cacheControl = isset( $headers['cache-control'] )
				? implode( ', ', $headers['cache-control'] )
				: '';

			if ( !preg_match( '/(?:^|,)\s*(?:private|no-cache|no-store)\s*(?:$|,)/i',
				$cacheControl )
			) {
				header( 'Expires: Thu, 01 Jan 1970 00:00:00 GMT' );
				header( 'Cache-Control: private, max-age=0, s-maxage=0' );
				\MediaWiki\Logger\LoggerFactory::getInstance( 'cache-cookies' )->warning(
					'Cookies set on {url} with Cache-Control "{cache-control}"', [
						'url' => \WebRequest::getGlobalRequestURL(),
						'cookies' => $headers['set-cookie'],
						'cache-control' => $cacheControl ?: '<not set>',
					]
				);
			}
		}

		// Save a backtrace for logging in case it turns out that headers were sent prematurely
		self::$headersSentException = new \Exception( 'Headers already sent from this point' );
	}

	/**
	 * Log a warning message if headers have already been sent. This can be
	 * called before flushing the output.
	 */
	public static function warnIfHeadersSent() {
		if ( headers_sent() && !self::$messageSent ) {
			self::$messageSent = true;
			\MWDebug::warning( 'Headers already sent, should send headers earlier than ' .
				wfGetCaller( 3 ) );
			$logger = \MediaWiki\Logger\LoggerFactory::getInstance( 'headers-sent' );
			$logger->error( 'Warning: headers were already sent from the location below', [
				'exception' => self::$headersSentException,
				'detection-trace' => new \Exception( 'Detected here' ),
			] );
		}
	}
}