summaryrefslogtreecommitdiff
path: root/includes/WebRequest.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/WebRequest.php')
-rw-r--r--includes/WebRequest.php525
1 files changed, 397 insertions, 128 deletions
diff --git a/includes/WebRequest.php b/includes/WebRequest.php
index 877f7cf6..940b693f 100644
--- a/includes/WebRequest.php
+++ b/includes/WebRequest.php
@@ -1,35 +1,28 @@
<?php
/**
* Deal with importing all those nasssty globals and things
+ *
+ * Copyright © 2003 Brion Vibber <brion@pobox.com>
+ * http://www.mediawiki.org/
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * http://www.gnu.org/copyleft/gpl.html
+ *
+ * @file
*/
-# Copyright (C) 2003 Brion Vibber <brion@pobox.com>
-# http://www.mediawiki.org/
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License along
-# with this program; if not, write to the Free Software Foundation, Inc.,
-# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-# http://www.gnu.org/copyleft/gpl.html
-
-
-/**
- * Some entry points may use this file without first enabling the
- * autoloader.
- */
-if ( !function_exists( '__autoload' ) ) {
- require_once( dirname(__FILE__) . '/normal/UtfNormal.php' );
-}
-
/**
* The WebRequest class encapsulates getting at data passed in the
* URL or via a POSTed form, handling remove of "magic quotes" slashes,
@@ -44,7 +37,12 @@ if ( !function_exists( '__autoload' ) ) {
*/
class WebRequest {
protected $data, $headers = array();
- private $_response;
+
+ /**
+ * Lazy-init response object
+ * @var WebResponse
+ */
+ private $response;
public function __construct() {
/// @todo Fixme: this preemptive de-quoting can interfere with other web libraries
@@ -67,6 +65,11 @@ class WebRequest {
public function interpolateTitle() {
global $wgUsePathInfo;
+ // bug 16019: title interpolation on API queries is useless and possible harmful
+ if ( defined( 'MW_API' ) ) {
+ return;
+ }
+
if ( $wgUsePathInfo ) {
// PATH_INFO is mangled due to http://bugs.php.net/bug.php?id=31892
// And also by Apache 2.x, double slashes are converted to single slashes.
@@ -160,6 +163,7 @@ class WebRequest {
/**
* Recursively strips slashes from the given array;
* used for undoing the evil that is magic_quotes_gpc.
+ *
* @param $arr array: will be modified
* @return array the original array
*/
@@ -195,6 +199,7 @@ class WebRequest {
/**
* Recursively normalizes UTF-8 strings in the given array.
+ *
* @param $data string or array
* @return cleaned-up version of the given
* @private
@@ -214,9 +219,9 @@ class WebRequest {
/**
* Fetch a value from the given array or return $default if it's not set.
*
- * @param $arr array
- * @param $name string
- * @param $default mixed
+ * @param $arr Array
+ * @param $name String
+ * @param $default Mixed
* @return mixed
*/
private function getGPCVal( $arr, $name, $default ) {
@@ -247,9 +252,9 @@ class WebRequest {
* non-freeform text inputs (e.g. predefined internal text keys
* selected by a drop-down menu). For freeform input, see getText().
*
- * @param $name string
- * @param $default string: optional default (or NULL)
- * @return string
+ * @param $name String
+ * @param $default String: optional default (or NULL)
+ * @return String
*/
public function getVal( $name, $default = null ) {
$val = $this->getGPCVal( $this->data, $name, $default );
@@ -265,9 +270,10 @@ class WebRequest {
/**
* Set an aribtrary value into our get/post data.
- * @param $key string Key name to use
- * @param $value mixed Value to set
- * @return mixed old value if one was present, null otherwise
+ *
+ * @param $key String: key name to use
+ * @param $value Mixed: value to set
+ * @return Mixed: old value if one was present, null otherwise
*/
public function setVal( $key, $value ) {
$ret = isset( $this->data[$key] ) ? $this->data[$key] : null;
@@ -280,9 +286,9 @@ class WebRequest {
* If source was scalar, will return an array with a single element.
* If no source and no default, returns NULL.
*
- * @param $name string
- * @param $default array: optional default (or NULL)
- * @return array
+ * @param $name String
+ * @param $default Array: optional default (or NULL)
+ * @return Array
*/
public function getArray( $name, $default = null ) {
$val = $this->getGPCVal( $this->data, $name, $default );
@@ -299,9 +305,9 @@ class WebRequest {
* If no source and no default, returns NULL.
* If an array is returned, contents are guaranteed to be integers.
*
- * @param $name string
- * @param $default array: option default (or NULL)
- * @return array of ints
+ * @param $name String
+ * @param $default Array: option default (or NULL)
+ * @return Array of ints
*/
public function getIntArray( $name, $default = null ) {
$val = $this->getArray( $name, $default );
@@ -315,9 +321,10 @@ class WebRequest {
* Fetch an integer value from the input or return $default if not set.
* Guaranteed to return an integer; non-numeric input will typically
* return 0.
- * @param $name string
- * @param $default int
- * @return int
+ *
+ * @param $name String
+ * @param $default Integer
+ * @return Integer
*/
public function getInt( $name, $default = 0 ) {
return intval( $this->getVal( $name, $default ) );
@@ -327,8 +334,9 @@ class WebRequest {
* Fetch an integer value from the input or return null if empty.
* Guaranteed to return an integer or null; non-numeric input will
* typically return null.
- * @param $name string
- * @return int
+ *
+ * @param $name String
+ * @return Integer
*/
public function getIntOrNull( $name ) {
$val = $this->getVal( $name );
@@ -341,20 +349,35 @@ class WebRequest {
* Fetch a boolean value from the input or return $default if not set.
* Guaranteed to return true or false, with normal PHP semantics for
* boolean interpretation of strings.
- * @param $name string
- * @param $default bool
- * @return bool
+ *
+ * @param $name String
+ * @param $default Boolean
+ * @return Boolean
*/
public function getBool( $name, $default = false ) {
- return $this->getVal( $name, $default ) ? true : false;
+ return (bool)$this->getVal( $name, $default );
+ }
+
+ /**
+ * Fetch a boolean value from the input or return $default if not set.
+ * Unlike getBool, the string "false" will result in boolean false, which is
+ * useful when interpreting information sent from JavaScript.
+ *
+ * @param $name String
+ * @param $default Boolean
+ * @return Boolean
+ */
+ public function getFuzzyBool( $name, $default = false ) {
+ return $this->getBool( $name, $default ) && strcasecmp( $this->getVal( $name ), 'false' ) !== 0;
}
/**
* Return true if the named value is set in the input, whatever that
* value is (even "0"). Return false if the named value is not set.
* Example use is checking for the presence of check boxes in forms.
- * @param $name string
- * @return bool
+ *
+ * @param $name String
+ * @return Boolean
*/
public function getCheck( $name ) {
# Checkboxes and buttons are only present when clicked
@@ -365,15 +388,15 @@ class WebRequest {
/**
* Fetch a text string from the given array or return $default if it's not
- * set. \r is stripped from the text, and with some language modules there
- * is an input transliteration applied. This should generally be used for
- * form <textarea> and <input> fields. Used for user-supplied freeform text
- * input (for which input transformations may be required - e.g. Esperanto
- * x-coding).
+ * set. Carriage returns are stripped from the text, and with some language
+ * modules there is an input transliteration applied. This should generally
+ * be used for form <textarea> and <input> fields. Used for user-supplied
+ * freeform text input (for which input transformations may be required - e.g.
+ * Esperanto x-coding).
*
- * @param $name string
- * @param $default string: optional
- * @return string
+ * @param $name String
+ * @param $default String: optional
+ * @return String
*/
public function getText( $name, $default = '' ) {
global $wgContLang;
@@ -410,7 +433,7 @@ class WebRequest {
* Note that values retrieved by the object may come from the
* GET URL etc even on a POST request.
*
- * @return bool
+ * @return Boolean
*/
public function wasPosted() {
return $_SERVER['REQUEST_METHOD'] == 'POST';
@@ -425,15 +448,32 @@ class WebRequest {
* during the current request (in which case the cookie will
* be sent back to the client at the end of the script run).
*
- * @return bool
+ * @return Boolean
*/
public function checkSessionCookie() {
- return isset( $_COOKIE[session_name()] );
+ return isset( $_COOKIE[ session_name() ] );
+ }
+
+ /**
+ * Get a cookie from the $_COOKIE jar
+ *
+ * @param $key String: the name of the cookie
+ * @param $prefix String: a prefix to use for the cookie name, if not $wgCookiePrefix
+ * @param $default Mixed: what to return if the value isn't found
+ * @return Mixed: cookie value or $default if the cookie not set
+ */
+ public function getCookie( $key, $prefix = null, $default = null ) {
+ if( $prefix === null ) {
+ global $wgCookiePrefix;
+ $prefix = $wgCookiePrefix;
+ }
+ return $this->getGPCVal( $_COOKIE, $prefix . $key , $default );
}
/**
* Return the path portion of the request URI.
- * @return string
+ *
+ * @return String
*/
public function getRequestURL() {
if( isset( $_SERVER['REQUEST_URI']) && strlen($_SERVER['REQUEST_URI']) ) {
@@ -468,7 +508,8 @@ class WebRequest {
/**
* Return the request URI with the canonical service and hostname.
- * @return string
+ *
+ * @return String
*/
public function getFullRequestURL() {
global $wgServer;
@@ -478,7 +519,8 @@ class WebRequest {
/**
* Take an arbitrary query and rewrite the present URL to include it
* @param $query String: query string fragment; do not include initial '?'
- * @return string
+ *
+ * @return String
*/
public function appendQuery( $query ) {
global $wgTitle;
@@ -502,8 +544,9 @@ class WebRequest {
/**
* HTML-safe version of appendQuery().
+ *
* @param $query String: query string fragment; do not include initial '?'
- * @return string
+ * @return String
*/
public function escapeAppendQuery( $query ) {
return htmlspecialchars( $this->appendQuery( $query ) );
@@ -515,10 +558,11 @@ class WebRequest {
/**
* Appends or replaces value of query variables.
+ *
* @param $array Array of values to replace/add to query
* @param $onlyquery Bool: whether to only return the query string and not
* the complete URL
- * @return string
+ * @return String
*/
public function appendQueryArray( $array, $onlyquery = false ) {
global $wgTitle;
@@ -542,53 +586,59 @@ class WebRequest {
global $wgUser;
$limit = $this->getInt( 'limit', 0 );
- if( $limit < 0 ) $limit = 0;
+ if( $limit < 0 ) {
+ $limit = 0;
+ }
if( ( $limit == 0 ) && ( $optionname != '' ) ) {
$limit = (int)$wgUser->getOption( $optionname );
}
- if( $limit <= 0 ) $limit = $deflimit;
- if( $limit > 5000 ) $limit = 5000; # We have *some* limits...
+ if( $limit <= 0 ) {
+ $limit = $deflimit;
+ }
+ if( $limit > 5000 ) {
+ $limit = 5000; # We have *some* limits...
+ }
$offset = $this->getInt( 'offset', 0 );
- if( $offset < 0 ) $offset = 0;
+ if( $offset < 0 ) {
+ $offset = 0;
+ }
return array( $limit, $offset );
}
/**
* Return the path to the temporary file where PHP has stored the upload.
+ *
* @param $key String:
* @return string or NULL if no such file.
*/
public function getFileTempname( $key ) {
- if( !isset( $_FILES[$key] ) ) {
- return null;
- }
- return $_FILES[$key]['tmp_name'];
+ $file = new WebRequestUpload( $this, $key );
+ return $file->getTempName();
}
/**
* Return the size of the upload, or 0.
+ *
+ * @deprecated
* @param $key String:
* @return integer
*/
public function getFileSize( $key ) {
- if( !isset( $_FILES[$key] ) ) {
- return 0;
- }
- return $_FILES[$key]['size'];
+ $file = new WebRequestUpload( $this, $key );
+ return $file->getSize();
}
/**
* Return the upload error or 0
+ *
* @param $key String:
* @return integer
*/
public function getUploadError( $key ) {
- if( !isset( $_FILES[$key] ) || !isset( $_FILES[$key]['error'] ) ) {
- return 0/*UPLOAD_ERR_OK*/;
- }
- return $_FILES[$key]['error'];
+ $file = new WebRequestUpload( $this, $key );
+ return $file->getError();
}
/**
@@ -603,31 +653,33 @@ class WebRequest {
* @return string or NULL if no such file.
*/
public function getFileName( $key ) {
- global $wgContLang;
- if( !isset( $_FILES[$key] ) ) {
- return null;
- }
- $name = $_FILES[$key]['name'];
+ $file = new WebRequestUpload( $this, $key );
+ return $file->getName();
+ }
- # Safari sends filenames in HTML-encoded Unicode form D...
- # Horrid and evil! Let's try to make some kind of sense of it.
- $name = Sanitizer::decodeCharReferences( $name );
- $name = $wgContLang->normalize( $name );
- wfDebug( "WebRequest::getFileName() '" . $_FILES[$key]['name'] . "' normalized to '$name'\n" );
- return $name;
+ /**
+ * Return a WebRequestUpload object corresponding to the key
+ *
+ * @param @key string
+ * @return WebRequestUpload
+ */
+ public function getUpload( $key ) {
+ return new WebRequestUpload( $this, $key );
}
/**
* Return a handle to WebResponse style object, for setting cookies,
* headers and other stuff, for Request being worked on.
+ *
+ * @return WebResponse
*/
public function response() {
/* Lazy initialization of response object for this request */
- if ( !is_object( $this->_response ) ) {
+ if ( !is_object( $this->response ) ) {
$class = ( $this instanceof FauxRequest ) ? 'FauxResponse' : 'WebResponse';
- $this->_response = new $class();
+ $this->response = new $class();
}
- return $this->_response;
+ return $this->response;
}
/**
@@ -649,6 +701,9 @@ class WebRequest {
}
} else {
$name = 'HTTP_' . str_replace( '-', '_', $name );
+ if ( $name === 'HTTP_CONTENT_LENGTH' && !isset( $_SERVER[$name] ) ) {
+ $name = 'CONTENT_LENGTH';
+ }
if ( isset( $_SERVER[$name] ) ) {
return $_SERVER[$name];
} else {
@@ -657,27 +712,86 @@ class WebRequest {
}
}
- /*
+ /**
* Get data from $_SESSION
- * @param $key String Name of key in $_SESSION
- * @return mixed
+ *
+ * @param $key String: name of key in $_SESSION
+ * @return Mixed
*/
public function getSessionData( $key ) {
- if( !isset( $_SESSION[$key] ) )
+ if( !isset( $_SESSION[$key] ) ) {
return null;
+ }
return $_SESSION[$key];
}
/**
* Set session data
- * @param $key String Name of key in $_SESSION
- * @param $data mixed
+ *
+ * @param $key String: name of key in $_SESSION
+ * @param $data Mixed
*/
public function setSessionData( $key, $data ) {
$_SESSION[$key] = $data;
}
/**
+ * Check if Internet Explorer will detect an incorrect cache extension in
+ * PATH_INFO or QUERY_STRING. If the request can't be allowed, show an error
+ * message or redirect to a safer URL. Returns true if the URL is OK, and
+ * false if an error message has been shown and the request should be aborted.
+ */
+ public function checkUrlExtension( $extWhitelist = array() ) {
+ global $wgScriptExtension;
+ $extWhitelist[] = ltrim( $wgScriptExtension, '.' );
+ if ( IEUrlExtension::areServerVarsBad( $_SERVER, $extWhitelist ) ) {
+ if ( !$this->wasPosted() ) {
+ $newUrl = IEUrlExtension::fixUrlForIE6(
+ $this->getFullRequestURL(), $extWhitelist );
+ if ( $newUrl !== false ) {
+ $this->doSecurityRedirect( $newUrl );
+ return false;
+ }
+ }
+ wfHttpError( 403, 'Forbidden',
+ 'Invalid file extension found in the path info or query string.' );
+
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Attempt to redirect to a URL with a QUERY_STRING that's not dangerous in
+ * IE 6. Returns true if it was successful, false otherwise.
+ */
+ protected function doSecurityRedirect( $url ) {
+ header( 'Location: ' . $url );
+ header( 'Content-Type: text/html' );
+ $encUrl = htmlspecialchars( $url );
+ echo <<<HTML
+<html>
+<head>
+<title>Security redirect</title>
+</head>
+<body>
+<h1>Security redirect</h1>
+<p>
+We can't serve non-HTML content from the URL you have requested, because
+Internet Explorer would interpret it as an incorrect and potentially dangerous
+content type.</p>
+<p>Instead, please use <a href="$encUrl">this URL</a>, which is the same as the URL you have requested, except that
+"&amp;*" is appended. This prevents Internet Explorer from seeing a bogus file
+extension.
+</p>
+</body>
+</html>
+HTML;
+ echo "\n";
+ return true;
+ }
+
+ /**
* Returns true if the PATH_INFO ends with an extension other than a script
* extension. This could confuse IE for scripts that send arbitrary data which
* is not HTML but may be detected as such.
@@ -695,30 +809,163 @@ class WebRequest {
*/
public function isPathInfoBad() {
global $wgScriptExtension;
+ $extWhitelist[] = ltrim( $wgScriptExtension, '.' );
+ return IEUrlExtension::areServerVarsBad( $_SERVER, $extWhitelist );
+ }
+
+ /**
+ * Parse the Accept-Language header sent by the client into an array
+ * @return array( languageCode => q-value ) sorted by q-value in descending order
+ * May contain the "language" '*', which applies to languages other than those explicitly listed.
+ * This is aligned with rfc2616 section 14.4
+ */
+ public function getAcceptLang() {
+ // Modified version of code found at http://www.thefutureoftheweb.com/blog/use-accept-language-header
+ $acceptLang = $this->getHeader( 'Accept-Language' );
+ if ( !$acceptLang ) {
+ return array();
+ }
+
+ // Return the language codes in lower case
+ $acceptLang = strtolower( $acceptLang );
+
+ // Break up string into pieces (languages and q factors)
+ $lang_parse = null;
+ preg_match_all( '/([a-z]{1,8}(-[a-z]{1,8})?|\*)\s*(;\s*q\s*=\s*(1|0(\.[0-9]+)?)?)?/',
+ $acceptLang, $lang_parse );
- if ( isset( $_SERVER['QUERY_STRING'] )
- && preg_match( '/\.[^\\/:*?"<>|%]+(#|\?|$)/i', $_SERVER['QUERY_STRING'] ) )
- {
- // Bug 28235
- // Block only Internet Explorer, and requests with missing UA
- // headers that could be IE users behind a privacy proxy.
- if ( !isset( $_SERVER['HTTP_USER_AGENT'] )
- || preg_match( '/; *MSIE/', $_SERVER['HTTP_USER_AGENT'] ) )
- {
- return true;
+ if ( !count( $lang_parse[1] ) ) {
+ return array();
+ }
+
+ // Create a list like "en" => 0.8
+ $langs = array_combine( $lang_parse[1], $lang_parse[4] );
+ // Set default q factor to 1
+ foreach ( $langs as $lang => $val ) {
+ if ( $val === '' ) {
+ $langs[$lang] = 1;
+ } else if ( $val == 0 ) {
+ unset($langs[$lang]);
}
}
- if ( !isset( $_SERVER['PATH_INFO'] ) ) {
- return false;
+ // Sort list
+ arsort( $langs, SORT_NUMERIC );
+ return $langs;
+ }
+}
+
+/**
+ * Object to access the $_FILES array
+ */
+class WebRequestUpload {
+ protected $request;
+ protected $doesExist;
+ protected $fileInfo;
+
+ /**
+ * Constructor. Should only be called by WebRequest
+ *
+ * @param $request WebRequest The associated request
+ * @param $key string Key in $_FILES array (name of form field)
+ */
+ public function __construct( $request, $key ) {
+ $this->request = $request;
+ $this->doesExist = isset( $_FILES[$key] );
+ if ( $this->doesExist ) {
+ $this->fileInfo = $_FILES[$key];
}
- $pi = $_SERVER['PATH_INFO'];
- $dotPos = strrpos( $pi, '.' );
- if ( $dotPos === false ) {
- return false;
+ }
+
+ /**
+ * Return whether a file with this name was uploaded.
+ *
+ * @return bool
+ */
+ public function exists() {
+ return $this->doesExist;
+ }
+
+ /**
+ * Return the original filename of the uploaded file
+ *
+ * @return mixed Filename or null if non-existent
+ */
+ public function getName() {
+ if ( !$this->exists() ) {
+ return null;
+ }
+
+ global $wgContLang;
+ $name = $this->fileInfo['name'];
+
+ # Safari sends filenames in HTML-encoded Unicode form D...
+ # Horrid and evil! Let's try to make some kind of sense of it.
+ $name = Sanitizer::decodeCharReferences( $name );
+ $name = $wgContLang->normalize( $name );
+ wfDebug( __METHOD__ . ": {$this->fileInfo['name']} normalized to '$name'\n" );
+ return $name;
+ }
+
+ /**
+ * Return the file size of the uploaded file
+ *
+ * @return int File size or zero if non-existent
+ */
+ public function getSize() {
+ if ( !$this->exists() ) {
+ return 0;
+ }
+
+ return $this->fileInfo['size'];
+ }
+
+ /**
+ * Return the path to the temporary file
+ *
+ * @return mixed Path or null if non-existent
+ */
+ public function getTempName() {
+ if ( !$this->exists() ) {
+ return null;
+ }
+
+ return $this->fileInfo['tmp_name'];
+ }
+
+ /**
+ * Return the upload error. See link for explanation
+ * http://www.php.net/manual/en/features.file-upload.errors.php
+ *
+ * @return int One of the UPLOAD_ constants, 0 if non-existent
+ */
+ public function getError() {
+ if ( !$this->exists() ) {
+ return 0; # UPLOAD_ERR_OK
}
- $ext = substr( $pi, $dotPos );
- return !in_array( $ext, array( $wgScriptExtension, '.php', '.php5' ) );
+
+ return $this->fileInfo['error'];
+ }
+
+ /**
+ * Returns whether this upload failed because of overflow of a maximum set
+ * in php.ini
+ *
+ * @return bool
+ */
+ public function isIniSizeOverflow() {
+ if ( $this->getError() == UPLOAD_ERR_INI_SIZE ) {
+ # PHP indicated that upload_max_filesize is exceeded
+ return true;
+ }
+
+ $contentLength = $this->request->getHeader( 'CONTENT_LENGTH' );
+ if ( $contentLength > wfShorthandToInteger( ini_get( 'post_max_size' ) ) ) {
+ # post_max_size is exceeded
+ return true;
+ }
+
+ return false;
}
}
@@ -730,12 +977,12 @@ class WebRequest {
class FauxRequest extends WebRequest {
private $wasPosted = false;
private $session = array();
- private $response;
/**
* @param $data Array of *non*-urlencoded key => value pairs, the
* fake GET/POST values
* @param $wasPosted Bool: whether to treat the data as POST
+ * @param $session Mixed: session array or null
*/
public function __construct( $data, $wasPosted = false, $session = null ) {
if( is_array( $data ) ) {
@@ -774,7 +1021,25 @@ class FauxRequest extends WebRequest {
}
public function appendQuery( $query ) {
- $this->notImplemented( __METHOD__ );
+ global $wgTitle;
+ $basequery = '';
+ foreach( $this->data as $var => $val ) {
+ if ( $var == 'title' ) {
+ continue;
+ }
+ if ( is_array( $val ) ) {
+ /* This will happen given a request like
+ * http://en.wikipedia.org/w/index.php?title[]=Special:Userlogin&returnto[]=Main_Page
+ */
+ continue;
+ }
+ $basequery .= '&' . urlencode( $var ) . '=' . urlencode( $val );
+ }
+ $basequery .= '&' . $query;
+
+ # Trim the extra &
+ $basequery = substr( $basequery, 1 );
+ return $wgTitle->getLocalURL( $basequery );
}
public function getHeader( $name ) {
@@ -791,10 +1056,14 @@ class FauxRequest extends WebRequest {
}
public function setSessionData( $key, $data ) {
- $this->notImplemented( __METHOD__ );
+ $this->session[$key] = $data;
}
- public function isPathInfoBad() {
+ public function isPathInfoBad( $extWhitelist = array() ) {
return false;
}
+
+ public function checkUrlExtension( $extWhitelist = array() ) {
+ return true;
+ }
}