Difference between revisions for Users / Eo Ny / dev





Revision 1 as of 05/05/2026 19:06
7 05/05/2026 19:23 WikiAdmin 6 05/05/2026 19:21 EoNy 5 05/05/2026 19:11 EoNy 4 05/05/2026 19:10 EoNy 3 05/05/2026 19:10 EoNy 2 05/05/2026 19:08 EoNy 1 05/05/2026 19:06 EoNy

(19.7 KiB)
EoNy
 Next edit →
Revision 8 as of 05/05/2026 19:24
18 05/21/2026 16:12 WikiAdmin 17 05/18/2026 15:15 WikiAdmin 16 05/18/2026 05:05 WikiAdmin 15 05/18/2026 05:04 WikiAdmin 14 05/17/2026 21:10 WikiAdmin 13 05/05/2026 19:29 EoNy 12 05/05/2026 19:28 WikiAdmin 11 05/05/2026 19:28 WikiAdmin 10 05/05/2026 19:27 WikiAdmin 9 05/05/2026 19:25 WikiAdmin 8 05/05/2026 19:24 WikiAdmin 7 05/05/2026 19:23 WikiAdmin 6 05/05/2026 19:21 EoNy 5 05/05/2026 19:11 EoNy 4 05/05/2026 19:10 EoNy 3 05/05/2026 19:10 EoNy 2 05/05/2026 19:08 EoNy

(15.2 KiB) -4,648
WikiAdmin

Version1 Version2
12 12
13 === Class Properties === 13 === Class Properties ===
14 14
15 ==== Public Properties ==== 15 ====Public Properties====
16 16
17 #| 17 #|
18 *| Property | Type | Description |* 18 *| Property | Type | Description |*
21 || ##$ip## | string | Client's real IP address (accounts for proxies) || 21 || ##$ip## | string | Client's real IP address (accounts for proxies) ||
22 || ##$sess## | Session | Reference to the Session object || 22 || ##$sess## | Session | Reference to the Session object ||
23 || ##$method## | string | Current HTTP method/request type || 23 || ##$method## | string | Current HTTP method/request type ||
24 || ==== Private Properties ==== || 24 |#
25 || Property | Type | Description || 25
26 || ---------- | ------ | ------------- || 26 ==== Private Properties ====
27 || ##$db## | object | Database connection reference || 27
28 || ##$tls_mark## | string | Cookie name for TLS session marking || 28
29 || ##$page## | string | Current page name being processed || 29 === Constructor ===
30 || ##$hash## | string | SHA1 hash of the page name || 30
31 || ##$query## | string | Encoded query string || 31 %%php
32 || ##$lang## | string | Current language code ||    
33 || ##$file## | string | Cache file path ||    
34 || ##$caching## | int | Flag indicating if page should be cached (0 or 1) ||    
35 || ---- ||    
36 || === Constructor === ||    
37 || %%php    
38 public function __construct(&$db) 32 public function __construct(&$db)
39 %% || 33 %%
40 || **Purpose:** Initializes the Http object and sets up HTTP session handling. || 34
41 || **Parameters:** || 35 **Purpose:** Initializes the Http object and sets up HTTP session handling.
42 || - ##$db## - Database object reference || 36
43 || **Initialization Steps:** || 37 **Parameters:**
44 || 1. Stores database reference || 38   - ##$db## - Database object reference
45 || 2. Extracts and normalizes REQUEST_URI || 39
46 || 3. Detects TLS/HTTPS session status || 40 **Initialization Steps:**
47 || 4. Determines client's real IP address || 41   1. Stores database reference
48 || 5. Sets up TLS mark cookie name || 42   2. Extracts and normalizes REQUEST_URI
49 || 6. Enforces TLS session upgrade if needed || 43   3. Detects TLS/HTTPS session status
50 || **Example:** || 44   4. Determines client's real IP address
51 || %%php 45   5. Sets up TLS mark cookie name
    46   6. Enforces TLS session upgrade if needed
    47
    48 **Example:**
    49 %%php
52 $http = new Http($db); 50 $http = new Http($db);
53 %% || 51 %%
54 || ---- || 52
55 || === Core Methods === || 53 ----
56 || ==== Session Management ==== || 54
57 || ===== ##session($route): void## ===== || 55 === Core Methods ===
58 || Initializes the session handler (file-based or database-based). || 56
59 || **Parameters:** || 57 ==== Session Management ====
60 || - ##$route## (int) - Routing flag: || 58
61 || - Bit 2 (##$route & 2##): Enable static mode for files/freecap (disables replay prevention and ID regeneration) || 59 ===== ##session($route): void## =====
62 || **Features:** || 60 Initializes the session handler (file-based or database-based).
63 || - Selects storage backend (file or database) || 61
64 || - Configures cookie settings (security, path, httponly) || 62 **Parameters:**
65 || - Binds IP and TLS validation || 63   - ##$route## (int) - Routing flag:
66 || - Recovers diagnostic logs from previous session || 64   - Bit 2 (##$route & 2##): Enable static mode for files/freecap (disables replay prevention and ID regeneration)
67 || **Example:** || 65
68 || %%php 66 **Features:**
    67   - Selects storage backend (file or database)
    68   - Configures cookie settings (security, path, httponly)
    69   - Binds IP and TLS validation
    70   - Recovers diagnostic logs from previous session
    71
    72 **Example:**
    73 %%php
69 $http->session(0); // Normal session 74 $http->session(0); // Normal session
70 $http->session(2); // Static file serving mode 75 $http->session(2); // Static file serving mode
71 %% || 76 %%
72 || ---- || 77
73 || ==== Caching System ==== || 78 ----
74 || ===== ##check_cache($page, $method): void## ===== || 79
75 || Determines if a page can be cached and prepares the cache check. || 80 ==== Caching System ====
76 || **Parameters:** || 81
77 || - ##$page## (string) - Page name to cache || 82 ===== ##check_cache($page, $method): void## =====
78 || - ##$method## (string) - Request method/action (e.g., 'show', 'edit') || 83 Determines if a page can be cached and prepares the cache check.
79 || **Caching Rules:** || 84
80 || - ✅ Enabled for GET requests only || 85 **Parameters:**
81 || - ✅ Disabled for POST requests || 86   - ##$page## (string) - Page name to cache
82 || - ❌ Never cached for 'edit' or 'watch' methods || 87   - ##$method## (string) - Request method/action (e.g., 'show', 'edit')
83 || - ✅ Only cached for anonymous users (no logged-in users) || 88
84 || **Example:** || 89 **Caching Rules:**
85 || %%php 90   - ✅ Enabled for GET requests only
    91   - ✅ Disabled for POST requests
    92   - ❌ Never cached for 'edit' or 'watch' methods
    93   - ✅ Only cached for anonymous users (no logged-in users)
    94
    95 **Example:**
    96 %%php
86 $http->check_cache('HomePage', 'show'); 97 $http->check_cache('HomePage', 'show');
87 %% || 98 %%
88 || ---- || 99
89 || ===== ##store_cache(): void## ===== || 100 ----
90 || Saves the generated page content to cache file. || 101
91 || **Features:** || 102 ===== ##store_cache(): void## =====
92 || - Retrieves output buffer content || 103 Saves the generated page content to cache file.
93 || - Saves to cache file with proper permissions || 104
94 || - Records cache metadata in database || 105 **Features:**
95 || - Only executes if caching flag is set and user is anonymous || 106   - Retrieves output buffer content
96 || **Example:** || 107   - Saves to cache file with proper permissions
97 || %%php 108   - Records cache metadata in database
    109   - Only executes if caching flag is set and user is anonymous
    110
    111 **Example:**
    112 %%php
98 // Called at end of page rendering 113 // Called at end of page rendering
99 $http->store_cache(); 114 $http->store_cache();
100 %% || 115 %%
101 || ---- || 116
102 || ===== ##invalidate_page($page): int## ===== || 117 ----
103 || Invalidates all cached versions of a page. || 118
104 || **Parameters:** || 119 ===== ##invalidate_page($page): int## =====
105 || - ##$page## (string) - Page name to invalidate || 120 Invalidates all cached versions of a page.
106 || **Returns:** || 121
107 || - Number of cache entries invalidated || 122 **Parameters:**
108 || **Process:** || 123   - ##$page## (string) - Page name to invalidate
109 || 1. Finds all cached versions (different methods/languages) || 124
110 || 2. Touches files to past timestamp (faster than deletion) || 125 **Returns:**
111 || 3. Removes entries from cache metadata table || 126   - Number of cache entries invalidated
112 || 4. Returns count of invalidated caches || 127
113 || **Example:** || 128 **Process:**
114 || %%php 129   1. Finds all cached versions (different methods/languages)
    130   2. Touches files to past timestamp (faster than deletion)
    131   3. Removes entries from cache metadata table
    132   4. Returns count of invalidated caches
    133
    134 **Example:**
    135 %%php
115 $count = $http->invalidate_page('HomePage'); 136 $count = $http->invalidate_page('HomePage');
116 echo "Invalidated $count cache entries"; 137 echo "Invalidated $count cache entries";
117 %% || 138 %%
118 || ---- || 139
119 || ==== TLS/HTTPS Security ==== || 140 ----
120 || ===== ##secure_base_url(): void## ===== || 141
121 || Switches base URL from HTTP to HTTPS. || 142 ==== TLS/HTTPS Security ====
122 || **Purpose:** || 143
123 || - Ensures all subsequent URLs use HTTPS || 144 ===== ##secure_base_url(): void## =====
124 || - Stores original HTTP URL for fallback || 145 Switches base URL from HTTP to HTTPS.
125 || - Called when TLS session is detected || 146
126 || **Example:** || 147 **Purpose:**
127 || %%php 148   - Ensures all subsequent URLs use HTTPS
    149   - Stores original HTTP URL for fallback
    150   - Called when TLS session is detected
    151
    152 **Example:**
    153 %%php
128 $http->secure_base_url(); 154 $http->secure_base_url();
129 // $db->base_url now uses https:// 155 // $db->base_url now uses https://
130 %% || 156 %%
131 || ---- || 157
132 || ===== ##ensure_tls($url): void## ===== || 158 ----
133 || Enforces HTTPS for a specific URL and redirects if necessary. || 159
134 || **Parameters:** || 160 ===== ##ensure_tls($url): void## =====
135 || - ##$url## (string) - URL to secure || 161 Enforces HTTPS for a specific URL and redirects if necessary.
136 || **Behavior:** || 162
137 || - If not already HTTPS and TLS is enabled, forces HTTPS redirect || 163 **Parameters:**
138 || - Handles both relative and absolute URLs || 164   - ##$url## (string) - URL to secure
139 || - Converts relative URLs using current server name || 165
140 || **Example:** || 166 **Behavior:**
141 || %%php 167   - If not already HTTPS and TLS is enabled, forces HTTPS redirect
    168   - Handles both relative and absolute URLs
    169   - Converts relative URLs using current server name
    170
    171 **Example:**
    172 %%php
142 $http->ensure_tls('/secure/payment'); 173 $http->ensure_tls('/secure/payment');
143 %% || 174 %%
144 || ---- || 175
145 || ==== IP Address Detection ==== || 176 ----
146 || ===== ##real_ip(): string## (Private) ===== || 177
147 || Detects client's real IP address accounting for proxies. || 178 ==== IP Address Detection ====
148 || **Proxy Headers Checked (in order):** || 179
149 || 1. ##HTTP_X_CLUSTER_CLIENT_IP## || 180 ===== ##real_ip(): string## (Private) =====
150 || 2. ##HTTP_X_FORWARDED_FOR## (or custom header) || 181 Detects client's real IP address accounting for proxies.
151 || 3. ##HTTP_CLIENT_IP## || 182
152 || 4. ##HTTP_X_REMOTE_ADDR## || 183 **Proxy Headers Checked (in order):**
153 || 5. ##REMOTE_ADDR## (fallback) || 184   1. ##HTTP_X_CLUSTER_CLIENT_IP##
154 || **Features:** || 185   2. ##HTTP_X_FORWARDED_FOR## (or custom header)
155 || - Filters out private/reserved IP ranges || 186   3. ##HTTP_CLIENT_IP##
156 || - Respects configured reverse proxy addresses || 187   4. ##HTTP_X_REMOTE_ADDR##
157 || - Returns ##'0.0.0.0'## as fallback || 188   5. ##REMOTE_ADDR## (fallback)
158 || **Configuration in Database:** || 189
159 || - ##reverse_proxy_addresses## - Comma/space-separated proxy IPs || 190 **Features:**
160 || - ##reverse_proxy_header## - Custom header name (default: ##X-Forwarded-For##) || 191   - Filters out private/reserved IP ranges
161 || **Example:** || 192   - Respects configured reverse proxy addresses
162 || %%php 193   - Returns ##'0.0.0.0'## as fallback
    194
    195 **Configuration in Database:**
    196   - ##reverse_proxy_addresses## - Comma/space-separated proxy IPs
    197   - ##reverse_proxy_header## - Custom header name (default: ##X-Forwarded-For##)
    198
    199 **Example:**
    200 %%php
163 $client_ip = $http->ip; // e.g., "203.0.113.42" 201 $client_ip = $http->ip; // e.g., "203.0.113.42"
164 %% || 202 %%
165 || ---- || 203
166 || ==== HTTPS Detection ==== || 204 ----
167 || ===== ##tls_session(): bool## (Private) ===== || 205
168 || Detects if current connection uses HTTPS/TLS. || 206 ==== HTTPS Detection ====
169 || **Checks (any being true = HTTPS):** || 207
170 || - ##$_SERVER['HTTPS']## is 'on' || 208 ===== ##tls_session(): bool## (Private) =====
171 || - ##$_SERVER['SERVER_PORT']## is 443 || 209 Detects if current connection uses HTTPS/TLS.
172 || - ##$_SERVER['HTTP_X_FORWARDED_PROTO']## is 'https' || 210
173 || - ##$_SERVER['HTTP_X_FORWARDED_SSL']## is 'on' || 211 **Checks (any being true = HTTPS):**
174 || - ##$_SERVER['HTTP_X_FORWARDED_PORT']## is 443 || 212   - ##$_SERVER['HTTPS']## is 'on'
175 || ---- || 213   - ##$_SERVER['SERVER_PORT']## is 443
176 || ==== Security Headers ==== || 214   - ##$_SERVER['HTTP_X_FORWARDED_PROTO']## is 'https'
177 || ===== ##http_security_headers(): void## ===== || 215   - ##$_SERVER['HTTP_X_FORWARDED_SSL']## is 'on'
178 || Sets security-related HTTP headers. || 216   - ##$_SERVER['HTTP_X_FORWARDED_PORT']## is 443
179 || **Headers Set:** || 217
180 || Header | Purpose | Config Key || 218 ----
181 || -------- | --------- | ------------ || 219
182 || Content-Security-Policy | XSS/injection protection | ##csp## || 220 ==== Security Headers ====
183 || Permissions-Policy | Control browser features | ##permissions_policy## || 221
184 || Referrer-Policy | Control referrer information | ##referrer_policy## || 222 ===== ##http_security_headers(): void## =====
185 || Strict-Transport-Security | Force HTTPS | Auto (TLS only) || 223
186 || X-Frame-Options | Clickjacking protection | Hardcoded: ##SAMEORIGIN## || 224
187 || X-Content-Type-Options | MIME sniffing prevention | Hardcoded: ##nosniff## || 225 ==== HTTP Methods ====
188 || **CSP Configuration Options:** || 226
189 || - ##0## - Disabled || 227 ===== ##redirect($url, $permanent = false): void## =====
190 || - ##1## - Default policy (from ##csp.conf##) || 228 Performs an HTTP redirect.
191 || - ##2## - Custom policy (from ##csp_custom.conf##) || 229
192 || **Example:** || 230 **Parameters:**
193 || %%php 231   - ##$url## (string) - Target URL
194 $http->http_security_headers(); 232   - ##$permanent## (bool) - Use 301 (permanent) vs 302 (temporary)
195 %% || 233
196 || ---- || 234 **Features:**
197 || ==== HTTP Methods ==== || 235   - Decodes ##&## entities to prevent broken redirects
198 || ===== ##redirect($url, $permanent = false): void## ===== || 236   - Only works if headers not yet sent
199 || Performs an HTTP redirect. || 237   - Uses output buffering to work anywhere in page processing
200 || **Parameters:** || 238
201 || - ##$url## (string) - Target URL || 239 **Example:**
202 || - ##$permanent## (bool) - Use 301 (permanent) vs 302 (temporary) || 240 %%php
203 || **Features:** ||    
204 || - Decodes ##&## entities to prevent broken redirects ||    
205 || - Only works if headers not yet sent ||    
206 || - Uses output buffering to work anywhere in page processing ||    
207 || **Example:** ||    
208 || %%php    
209 $http->redirect('http://example.com/new-page', true); // 301 241 $http->redirect('http://example.com/new-page', true); // 301
210 $http->redirect('/wiki/HomePage'); // 302 242 $http->redirect('/wiki/HomePage'); // 302
211 %% || 243 %%
212 || ---- || 244
213 || ===== ##terminate(): void## ===== || 245 ----
214 || Safe exit/die with cleanup. || 246
215 || **Cleanup Operations:** || 247 ===== ##terminate(): void## =====
216 || - Saves diagnostic logs to session flash data || 248 Safe exit/die with cleanup.
217 || - Ends script execution || 249
218 || **Example:** || 250 **Cleanup Operations:**
219 || %%php 251   - Saves diagnostic logs to session flash data
    252   - Ends script execution
    253
    254 **Example:**
    255 %%php
220 $http->terminate(); 256 $http->terminate();
221 %% || 257 %%
222 || ---- || 258
223 || ===== ##status($code): void## ===== || 259 ----
224 || Sets HTTP response status code. || 260
225 || **Supported Status Codes:** || 261 ===== ##status($code): void## =====
226 || %%php 262 Sets HTTP response status code.
    263
    264 **Supported Status Codes:**
    265 %%php
227 200 => 'OK' 266 200 => 'OK'
228 206 => 'Partial Content' 267 206 => 'Partial Content'
229 301 => 'Moved Permanently' 268 301 => 'Moved Permanently'
240 500 => 'Internal Server Error' 279 500 => 'Internal Server Error'
241 501 => 'Not Implemented' 280 501 => 'Not Implemented'
242 503 => 'Service Unavailable' 281 503 => 'Service Unavailable'
243 %% || 282 %%
244 || **Example:** || 283
245 || %%php 284 **Example:**
    285 %%php
246 $http->status(404); // Send 404 Not Found 286 $http->status(404); // Send 404 Not Found
247 %% || 287 %%
248 || ---- || 288
249 || ==== Caching Control ==== || 289 ----
250 || ===== ##no_cache($client_only = true): void## ===== || 290
251 || Disables caching of the current page. || 291 ==== Caching Control ====
252 || **Parameters:** || 292
253 || - ##$client_only## (bool, default: TRUE) || 293 ===== ##no_cache($client_only = true): void## =====
254 || - ##TRUE##: Disable browser cache only || 294 Disables caching of the current page.
255 || - ##FALSE##: Disable both browser and server cache || 295
256 || **Headers Set:** || 296 **Parameters:**
257 || - ##Last-Modified: <current-time>## (always fresh) || 297   - ##$client_only## (bool, default: TRUE)
258 || - ##Cache-Control: no-store## || 298   - ##TRUE##: Disable browser cache only
259 || **Example:** || 299   - ##FALSE##: Disable both browser and server cache
260 || %%php 300
    301 **Headers Set:**
    302   - ##Last-Modified: <current-time>## (always fresh)
    303   - ##Cache-Control: no-store##
    304
    305 **Example:**
    306 %%php
261 $http->no_cache(); // Client-side only 307 $http->no_cache(); // Client-side only
262 $http->no_cache(false); // Both client & server 308 $http->no_cache(false); // Both client & server
263 %% || 309 %%
264 || ---- || 310
265 || ===== ##cache_promisc(): void## ===== || 311 ----
266 || Marks page as publicly cacheable. || 312
267 || **Headers Set:** || 313 ===== ##cache_promisc(): void## =====
268 || - ##Cache-Control: public## || 314 Marks page as publicly cacheable.
269 || **Example:** || 315
270 || %%php 316 **Headers Set:**
    317   - ##Cache-Control: public##
    318
    319 **Example:**
    320 %%php
271 $http->cache_promisc(); 321 $http->cache_promisc();
272 %% || 322 %%
273 || ---- || 323
274 || ==== Language Negotiation ==== || 324 ----
275 || ===== ##user_agent_language(): string## ===== || 325
276 || Determines best language based on browser preferences. || 326 ==== Language Negotiation ====
277 || **Features:** || 327
278 || - Follows RFC 9110 section 12.5.4 (HTTP Accept-Language) || 328 ===== ##user_agent_language(): string## =====
279 || - Parses ##Accept-Language## header with quality factors || 329 Determines best language based on browser preferences.
280 || - Attempts exact match first, then language fallback || 330
281 || - Falls back to default system language || 331 **Features:**
282 || **Example Header:** || 332   - Follows RFC 9110 section 12.5.4 (HTTP Accept-Language)
283 || %% 333   - Parses ##Accept-Language## header with quality factors
    334   - Attempts exact match first, then language fallback
    335   - Falls back to default system language
    336
    337 **Example Header:**
    338 %%
284 Accept-Language: en-US,en;q=0.9,de;q=0.8 339 Accept-Language: en-US,en;q=0.9,de;q=0.8
285 %% || 340 %%
286 || **Returns:** || 341
287 || - Language code (e.g., 'en', 'en-US', 'de') || 342 **Returns:**
288 || ---- || 343   - Language code (e.g., 'en', 'en-US', 'de')
289 || ===== ##available_languages($subset = true): array## ===== || 344
290 || Returns list of available language translations. || 345 ----
291 || **Parameters:** || 346
292 || - ##$subset## (bool, default: TRUE) || 347 ===== ##available_languages($subset = true): array## =====
293 || - ##TRUE##: Only allowed languages || 348 Returns list of available language translations.
294 || - ##FALSE##: All available languages || 349
295 || **Features:** || 350 **Parameters:**
296 || - Scans ##LANG_DIR## for language files || 351   - ##$subset## (bool, default: TRUE)
297 || - Filters by ##allowed_languages## config if set || 352   - ##TRUE##: Only allowed languages
298 || - Caches result in session || 353   - ##FALSE##: All available languages
299 || - System language always included || 354
300 || **Returns:** || 355 **Features:**
301 || - Associative array: ##['en' => 'en', 'de' => 'de', ...]## || 356   - Scans ##LANG_DIR## for language files
302 || **Example:** || 357   - Filters by ##allowed_languages## config if set
303 || %%php 358   - Caches result in session
    359   - System language always included
    360
    361 **Returns:**
    362   - Associative array: ##['en' => 'en', 'de' => 'de', ...]##
    363
    364 **Example:**
    365 %%php
304 $all_langs = $http->available_languages(false); 366 $all_langs = $http->available_languages(false);
305 $allowed = $http->available_languages(true); 367 $allowed = $http->available_languages(true);
306 %% || 368 %%
307 || ---- || 369
308 || ==== File Serving ==== || 370 ----
309 || ===== ##sendfile($path, $filename = null, $age = null): void## ===== || 371
310 || Serves files with proper HTTP headers and caching. || 372 ==== File Serving ====
311 || **Parameters:** || 373
312 || - ##$path## (string) - File path (or HTTP_XXX constant for error pages) || 374 ===== ##sendfile($path, $filename = null, $age = null): void## =====
313 || - ##$filename## (string, optional) - Custom download filename || 375 Serves files with proper HTTP headers and caching.
314 || - ##$age## (int, optional) - Cache age in days || 376
315 || **Features:** || 377 **Parameters:**
316 || - HTTP range request support (partial file downloads) || 378   - ##$path## (string) - File path (or HTTP_XXX constant for error pages)
317 || - ETag and Last-Modified conditional requests || 379   - ##$filename## (string, optional) - Custom download filename
318 || - Proper MIME type detection || 380   - ##$age## (int, optional) - Cache age in days
319 || - Content-Security-Policy for special file types || 381
320 || - Streaming for large files || 382 **Features:**
321 || - GZip compression for text files || 383   - HTTP range request support (partial file downloads)
322 || **Special Paths:** || 384   - ETag and Last-Modified conditional requests
323 || %%php 385   - Proper MIME type detection
    386   - Content-Security-Policy for special file types
    387   - Streaming for large files
    388   - GZip compression for text files
    389
    390 **Special Paths:**
    391 %%php
324 $http->sendfile(404); // Serves file defined by HTTP_404 constant 392 $http->sendfile(404); // Serves file defined by HTTP_404 constant
325 $http->sendfile(403); // Serves file defined by HTTP_403 constant 393 $http->sendfile(403); // Serves file defined by HTTP_403 constant
326 %% || 394 %%
327 || **Example:** || 395
328 || %%php 396 **Example:**
    397 %%php
329 $http->sendfile('uploads/document.pdf', 'my-document.pdf', 30); 398 $http->sendfile('uploads/document.pdf', 'my-document.pdf', 30);
330 %% || 399 %%
331 || ---- || 400
332 || ===== ##mime_type($path): string## ===== || 401 ----
333 || Returns MIME type for a file. || 402
334 || **Returns:** || 403 ===== ##mime_type($path): string## =====
335 || - MIME type string (e.g., 'application/pdf') || 404 Returns MIME type for a file.
336 || - Default: ##'application/octet-stream'## || 405
337 || **Example:** || 406 **Returns:**
338 || %%php 407   - MIME type string (e.g., 'application/pdf')
    408   - Default: ##'application/octet-stream'##
    409
    410 **Example:**
    411 %%php
339 $mime = $http->mime_type('file.pdf'); // 'application/pdf' 412 $mime = $http->mime_type('file.pdf'); // 'application/pdf'
340 %% || 413 %%
341 || ---- || 414
342 || ===== ##mime_types(): array## (Private) ===== || 415 ----
343 || Loads and caches MIME types from configuration. || 416
344 || **Features:** || 417 ===== ##mime_types(): array## (Private) =====
345 || - Reads from ##config/mime.types## || 418 Loads and caches MIME types from configuration.
346 || - Caches to ##cache/config/mime.types## || 419
347 || - Reloads if config is updated || 420 **Features:**
348 || ---- || 421   - Reads from ##config/mime.types##
349 || ==== Compression ==== || 422   - Caches to ##cache/config/mime.types##
350 || ===== ##gzip(): void## ===== || 423   - Reloads if config is updated
351 || Compresses HTTP response with gzip/x-gzip. || 424
352 || **Features:** || 425 ----
353 || - Manually implements gzip (not relying on zlib.output_compression) || 426
354 || - Produces correct ##Content-Length## header || 427 ==== Compression ====
355 || - Only compresses if: || 428
356 || - 860 bytes < content < 1 MB || 429 ===== ##gzip(): void## =====
357 || - Client accepts compression || 430 Compresses HTTP response with gzip/x-gzip.
358 || - Headers not already sent || 431
359 || **Example:** || 432 **Features:**
360 || %%php 433   - Manually implements gzip (not relying on zlib.output_compression)
    434   - Produces correct ##Content-Length## header
    435   - Only compresses if:
    436   - 860 bytes < content < 1 MB
    437   - Client accepts compression
    438   - Headers not already sent
    439
    440 **Example:**
    441 %%php
361 $http->gzip(); 442 $http->gzip();
362 %% || 443 %%
363 || ---- || 444
364 || ==== Utility Methods ==== || 445 ----
365 || ===== ##parse_str($str): array## (Private) ===== || 446
366 || Parses URL-encoded strings with special character handling. || 447 ==== Utility Methods ====
367 || **Purpose:** || 448
368 || - Safely handles special characters in query/form data || 449 ===== ##parse_str($str): array## (Private) =====
369 || - Converts encoding properly || 450 Parses URL-encoded strings with special character handling.
370 || **Example:** || 451
371 || %%php 452 **Purpose:**
    453   - Safely handles special characters in query/form data
    454   - Converts encoding properly
    455
    456 **Example:**
    457 %%php
372 $data = $http->parse_str('name=John&age=30'); 458 $data = $http->parse_str('name=John&age=30');
373 %% || 459 %%
374 || ---- || 460
375 || ===== ##request_uri(): string## (Private) ===== || 461 ----
376 || Extracts and normalizes REQUEST_URI from server. || 462
377 || **Normalization:** || 463 ===== ##request_uri(): string## (Private) =====
378 || - Removes base URL prefix || 464 Extracts and normalizes REQUEST_URI from server.
379 || - Removes spaces || 465
380 || - Collapses multiple slashes || 466 **Normalization:**
381 || - Removes ##..## path traversal attempts || 467   - Removes base URL prefix
382 || - Removes leading/trailing slashes || 468   - Removes spaces
383 || ---- || 469   - Collapses multiple slashes
384 || ===== ##cut_prefix($prefix, $path): string## (Private) ===== || 470   - Removes ##..## path traversal attempts
385 || Removes prefix from path (case-insensitive). || 471   - Removes leading/trailing slashes
386 || ---- || 472
387 || ===== ##get_header_conf($file_name): string## (Private) ===== || 473 ----
388 || Loads security header configuration from files. || 474
389 || **Files Supported:** || 475 ===== ##cut_prefix($prefix, $path): string## (Private) =====
390 || - ##csp.conf## / ##csp_custom.conf## || 476 Removes prefix from path (case-insensitive).
391 || - ##permissions_policy.conf## / ##permissions_policy_custom.conf## || 477
392 || ---- || 478 ----
393 || === Configuration Dependencies === || 479
394 || The class relies on these database configuration settings: || 480 ===== ##get_header_conf($file_name): string## (Private) =====
395 || Setting | Type | Purpose || 481 Loads security header configuration from files.
396 || --------- | ------ | --------- || 482
397 || ##base_url## | string | Wiki's base URL || 483 **Files Supported:**
398 || ##tls## | bool | Enable HTTPS enforcement || 484   - ##csp.conf## / ##csp_custom.conf##
399 || ##cache## | bool | Enable page caching || 485   - ##permissions_policy.conf## / ##permissions_policy_custom.conf##
400 || ##cache_ttl## | int | Cache lifetime in seconds || 486
401 || ##session_store## | int | 1=File, 0=Database || 487 ----
402 || ##system_seed_hash## | string | Session encryption seed || 488
403 || ##cookie_prefix## | string | Session cookie prefix || 489 === Configuration Dependencies ===
404 || ##cookie_path## | string | Cookie path || 490
405 || ##allow_persistent_cookie## | bool | Allow persistent login || 491
406 || ##session_length## | int | Session lifetime in seconds || 492
407 || ##reverse_proxy_addresses## | string | Comma/space-separated proxy IPs || 493 === Constants Used ===
408 || ##reverse_proxy_header## | string | Custom X-Forwarded header || 494
409 || ##language## | string | Default language code || 495
410 || ##multilanguage## | bool | Enable language negotiation ||    
411 || ##allowed_languages## | string | Comma/space-separated allowed langs ||    
412 || ##enable_security_headers## | bool | Send security headers ||    
413 || ##csp## | int | CSP setting (0/1/2) ||    
414 || ##permissions_policy## | int | Permissions-Policy setting (0/1/2) ||    
415 || ##referrer_policy## | int | Referrer-Policy setting (0-8) ||    
416 || ---- ||    
417 || === Constants Used === ||    
418 || Constant | Type | Purpose ||    
419 || ---------- | ------ | --------- ||    
420 || ##IN_WACKO## | bool | Security check (exit if not defined) ||    
421 || ##CHMOD_SAFE## | int | File permissions for cache files ||    
422 || ##CHMOD_FILE## | int | File permissions for config cache ||    
423 || ##CACHE_PAGE_DIR## | string | Page cache directory ||    
424 || ##CACHE_SESSION_DIR## | string | Session cache directory ||    
425 || ##CACHE_CONFIG_DIR## | string | Config cache directory ||    
426 || ##CONFIG_DIR## | string | Configuration directory ||    
427 || ##LANG_DIR## | string | Language files directory ||    
428 || ##DAYSECS## | int | Seconds in a day (86400) ||    
429 || ##HTTP_404## | string | Path to 404 error page ||    
430 || ##HTTP_403## | string | Path to 403 error page ||    
431 |#    
432    
433 ----    
434 496
435 === Workflow Examples === 497 === Workflow Examples ===
436 498