HTTP Class Technical Documentation (diff)

Difference between revisions for Users / Eo Ny / dev

Version1		Version2
1	== HTTP Class Technical Documentation ==	1	== HTTP Class Technical Documentation ==
2		2
		3	{{toc numerate=1}}
3	=== Overview ===	4	=== Overview ===
4		5
5	The ##Http## class (##src/class/http.php##) is a core component of the WackoWiki system responsible for handling HTTP request/response processing, session management, caching, and security features. This class acts as a bridge between the web server and the wiki engine.	6	The ##Http## class (##src/class/http.php##) is a core component of the WackoWiki system responsible for handling HTTP request/response processing, session management, caching, and security features. This class acts as a bridge between the web server and the wiki engine.
…	…	…	…
12		13
13	=== Class Properties ===	14	=== Class Properties ===
14		15
15	==== ~~Public Properties~~ ====	16	====Public Properties====
16		17
17	#\|	18	#\|
18	\| Property \| Type \| Description \|	19	\| Property \| Type \| Description \|
…	…	…	…
21	\|\| ##$ip## \| string \| Client's real IP address (accounts for proxies) \|\|	22	\|\| ##$ip## \| string \| Client's real IP address (accounts for proxies) \|\|
22	\|\| ##$sess## \| Session \| Reference to the Session object \|\|	23	\|\| ##$sess## \| Session \| Reference to the Session object \|\|
23	\|\| ##$method## \| string \| Current HTTP method/request type \|\|	24	\|\| ##$method## \| string \| Current HTTP method/request type \|\|
24	\|\| ==== Private Properties ==== \|\|	25	\|#
25	\|\| Property \| Type \| Description \|\|	26
26	\|\| ---------- \| ------ \| ------------- \|\|	27	====Private Properties====
		28
		29	#\|
		30	\| Property \| Type \| Description \|
27	\|\| ##$db## \| object \| Database connection reference \|\|	31	\|\| ##$db## \| object \| Database connection reference \|\|
28	\|\| ##$tls_mark## \| string \| Cookie name for TLS session marking \|\|	32	\|\| ##$tls_mark## \| string \| Cookie name for TLS session marking \|\|
29	\|\| ##$page## \| string \| Current page name being processed \|\|	33	\|\| ##$page## \| string \| Current page name being processed \|\|
…	…	…	…
32	\|\| ##$lang## \| string \| Current language code \|\|	36	\|\| ##$lang## \| string \| Current language code \|\|
33	\|\| ##$file## \| string \| Cache file path \|\|	37	\|\| ##$file## \| string \| Cache file path \|\|
34	\|\| ##$caching## \| int \| Flag indicating if page should be cached (0 or 1) \|\|	38	\|\| ##$caching## \| int \| Flag indicating if page should be cached (0 or 1) \|\|
35	\|\| ---- \|\|	39	\|#
36	\|\| === Constructor === \|\|	40
37	\|\| %%php	41	----
		42	=== Constructor ===
		43
		44	%%(hl php)
38	public function __construct(&$db)	45	public function __construct(&$db)
39	%% \|\|	46	%%
40	\|\| Purpose: Initializes the Http object and sets up HTTP session handling. \|\|	47
41	\|\| Parameters: \|\|	48	Purpose: Initializes the Http object and sets up HTTP session handling.
42	\|\| - ##$db## - Database object reference \|\|	49
43	\|\| Initialization Steps: \|\|	50	Parameters:
44	\|\| 1. Stores database reference \|\|	51	- ##$db## - Database object reference
45	\|\| 2. Extracts and normalizes REQUEST_URI \|\|	52
46	\|\| 3. Detects TLS/HTTPS session status \|\|	53	Initialization Steps:
47	\|\| 4. Determines client's real IP address \|\|	54	1. Stores database reference
48	\|\| 5. Sets up TLS mark cookie name \|\|	55	2. Extracts and normalizes REQUEST_URI
49	\|\| 6. Enforces TLS session upgrade if needed \|\|	56	3. Detects TLS/HTTPS session status
50	\|\| Example: \|\|	57	4. Determines client's real IP address
51	\|\| %%php	58	5. Sets up TLS mark cookie name
		59	6. Enforces TLS session upgrade if needed
		60
		61	Example:
		62	%%(hl php)
52	$http = new Http($db);	63	$http = new Http($db);
53	%% \|\|	64	%%
54	\|\| ---- \|\|	65
55	\|\| === Core Methods === \|\|	66	----
56	\|\| ==== Session Management ==== \|\|	67
57	\|\| ===== ##session($route): void## ===== \|\|	68	=== Core Methods ===
58	\|\| Initializes the session handler (file-based or database-based). \|\|	69
59	\|\| Parameters: \|\|	70	==== Session Management ====
60	\|\| - ##$route## (int) - Routing flag: \|\|	71
61	\|\| - Bit 2 (##$route & 2##): Enable static mode for files/freecap (disables replay prevention and ID regeneration) \|\|	72	===== ##session($route): void## =====
62	\|\| Features: \|\|	73	Initializes the session handler (file-based or database-based).
63	\|\| - Selects storage backend (file or database) \|\|	74
64	\|\| - Configures cookie settings (security, path, httponly) \|\|	75	Parameters:
65	\|\| - Binds IP and TLS validation \|\|	76	- ##$route## (int) - Routing flag:
66	\|\| - Recovers diagnostic logs from previous session \|\|	77	- Bit 2 (##$route & 2##): Enable static mode for files/freecap (disables replay prevention and ID regeneration)
67	\|\| Example: \|\|	78
68	\|\| %%php	79	Features:
		80	- Selects storage backend (file or database)
		81	- Configures cookie settings (security, path, httponly)
		82	- Binds IP and TLS validation
		83	- Recovers diagnostic logs from previous session
		84
		85	Example:
		86	%%(hl php)
69	$http->session(0); // Normal session	87	$http->session(0); // Normal session
70	$http->session(2); // Static file serving mode	88	$http->session(2); // Static file serving mode
71	%% \|\|	89	%%
72	\|\| ---- \|\|	90
73	\|\| ==== Caching System ==== \|\|	91	----
74	\|\| ===== ##check_cache($page, $method): void## ===== \|\|	92
75	\|\| Determines if a page can be cached and prepares the cache check. \|\|	93	==== Caching System ====
76	\|\| Parameters: \|\|	94
77	\|\| - ##$page## (string) - Page name to cache \|\|	95	===== ##check_cache($page, $method): void## =====
78	\|\| - ##$method## (string) - Request method/action (e.g., 'show', 'edit') \|\|	96	Determines if a page can be cached and prepares the cache check.
79	\|\| Caching Rules: \|\|	97
80	\|\| - ✅ Enabled for GET requests only \|\|	98	Parameters:
81	\|\| - ✅ Disabled for POST requests \|\|	99	- ##$page## (string) - Page name to cache
82	\|\| - ❌ Never cached for 'edit' or 'watch' methods \|\|	100	- ##$method## (string) - Request method/action (e.g., 'show', 'edit')
83	\|\| - ✅ Only cached for anonymous users (no logged-in users) \|\|	101
84	\|\| Example: \|\|	102	Caching Rules:
85	\|\| %%php	103	- ✅ Enabled for GET requests only
		104	- ✅ Disabled for POST requests
		105	- ❌ Never cached for 'edit' or 'watch' methods
		106	- ✅ Only cached for anonymous users (no logged-in users)
		107
		108	Example:
		109	%%(hl php)
86	$http->check_cache('HomePage', 'show');	110	$http->check_cache('HomePage', 'show');
87	%% \|\|	111	%%
88	\|\| ---- \|\|	112
89	\|\| ===== ##store_cache(): void## ===== \|\|	113	----
90	\|\| Saves the generated page content to cache file. \|\|	114
91	\|\| Features: \|\|	115	=====##store_cache(): void##=====
92	\|\| - Retrieves output buffer content \|\|	116	Saves the generated page content to cache file.
93	\|\| - Saves to cache file with proper permissions \|\|	117
94	\|\| - Records cache metadata in database \|\|	118	Features:
95	\|\| - Only executes if caching flag is set and user is anonymous \|\|	119	- Retrieves output buffer content
96	\|\| Example: \|\|	120	- Saves to cache file with proper permissions
97	\|\| %%php	121	- Records cache metadata in database
		122	- Only executes if caching flag is set and user is anonymous
		123
		124	Example:
		125	%%(hl php)
98	// Called at end of page rendering	126	// Called at end of page rendering
99	$http->store_cache();	127	$http->store_cache();
100	%% \|\|	128	%%
101	\|\| ---- \|\|	129
102	\|\| ===== ##invalidate_page($page): int## ===== \|\|	130	----
103	\|\| Invalidates all cached versions of a page. \|\|	131
104	\|\| Parameters: \|\|	132	===== ##invalidate_page($page): int## =====
105	\|\| - ##$page## (string) - Page name to invalidate \|\|	133	Invalidates all cached versions of a page.
106	\|\| Returns: \|\|	134
107	\|\| - Number of cache entries invalidated \|\|	135	Parameters:
108	\|\| Process: \|\|	136	- ##$page## (string) - Page name to invalidate
109	\|\| 1. Finds all cached versions (different methods/languages) \|\|	137
110	\|\| 2. Touches files to past timestamp (faster than deletion) \|\|	138	Returns:
111	\|\| 3. Removes entries from cache metadata table \|\|	139	- Number of cache entries invalidated
112	\|\| 4. Returns count of invalidated caches \|\|	140
113	\|\| Example: \|\|	141	Process:
114	\|\| %%php	142	1. Finds all cached versions (different methods/languages)
		143	2. Touches files to past timestamp (faster than deletion)
		144	3. Removes entries from cache metadata table
		145	4. Returns count of invalidated caches
		146
		147	Example:
		148	%%(hl php)
115	$count = $http->invalidate_page('HomePage');	149	$count = $http->invalidate_page('HomePage');
116	echo "Invalidated $count cache entries";	150	echo "Invalidated $count cache entries";
117	%% \|\|	151	%%
118	\|\| ---- \|\|	152
119	\|\| ==== TLS/HTTPS Security ==== \|\|	153	----
120	\|\| ===== ##secure_base_url(): void## ===== \|\|	154
121	\|\| Switches base URL from HTTP to HTTPS. \|\|	155	==== TLS/HTTPS Security ====
122	\|\| Purpose: \|\|	156
123	\|\| - Ensures all subsequent URLs use HTTPS \|\|	157	===== ##secure_base_url(): void## =====
124	\|\| - Stores original HTTP URL for fallback \|\|	158	Switches base URL from HTTP to HTTPS.
125	\|\| - Called when TLS session is detected \|\|	159
126	\|\| Example: \|\|	160	Purpose:
127	\|\| %%php	161	- Ensures all subsequent URLs use HTTPS
		162	- Stores original HTTP URL for fallback
		163	- Called when TLS session is detected
		164
		165	Example:
		166	%%(hl php)
128	$http->secure_base_url();	167	$http->secure_base_url();
129	// $db->base_url now uses https://	168	// $db->base_url now uses https://
130	%% \|\|	169	%%
131	\|\| ---- \|\|	170
132	\|\| ===== ##ensure_tls($url): void## ===== \|\|	171	----
133	\|\| Enforces HTTPS for a specific URL and redirects if necessary. \|\|	172
134	\|\| Parameters: \|\|	173	===== ##ensure_tls($url): void## =====
135	\|\| - ##$url## (string) - URL to secure \|\|	174	Enforces HTTPS for a specific URL and redirects if necessary.
136	\|\| Behavior: \|\|	175
137	\|\| - If not already HTTPS and TLS is enabled, forces HTTPS redirect \|\|	176	Parameters:
138	\|\| - Handles both relative and absolute URLs \|\|	177	- ##$url## (string) - URL to secure
139	\|\| - Converts relative URLs using current server name \|\|	178
140	\|\| Example: \|\|	179	Behavior:
141	\|\| %%php	180	- If not already HTTPS and TLS is enabled, forces HTTPS redirect
		181	- Handles both relative and absolute URLs
		182	- Converts relative URLs using current server name
		183
		184	Example:
		185	%%(hl php)
142	$http->ensure_tls('/secure/payment');	186	$http->ensure_tls('/secure/payment');
143	%% \|\|	187	%%
144	\|\| ---- \|\|	188
145	\|\| ==== IP Address Detection ==== \|\|	189	----
146	\|\| ===== ##real_ip(): string## (Private) ===== \|\|	190
147	\|\| Detects client's real IP address accounting for proxies. \|\|	191	==== IP Address Detection ====
148	\|\| Proxy Headers Checked (in order): \|\|	192
149	\|\| 1. ##HTTP_X_CLUSTER_CLIENT_IP## \|\|	193	===== ##real_ip(): string## (Private) =====
150	\|\| 2. ##HTTP_X_FORWARDED_FOR## (or custom header) \|\|	194	Detects client's real IP address accounting for proxies.
151	\|\| 3. ##HTTP_CLIENT_IP## \|\|	195
152	\|\| 4. ##HTTP_X_REMOTE_ADDR## \|\|	196	Proxy Headers Checked (in order):
153	\|\| 5. ##REMOTE_ADDR## (fallback) \|\|	197	1. ##HTTP_X_CLUSTER_CLIENT_IP##
154	\|\| Features: \|\|	198	2. ##HTTP_X_FORWARDED_FOR## (or custom header)
155	\|\| - Filters out private/reserved IP ranges \|\|	199	3. ##HTTP_CLIENT_IP##
156	\|\| - Respects configured reverse proxy addresses \|\|	200	4. ##HTTP_X_REMOTE_ADDR##
157	\|\| - Returns ##'0.0.0.0'## as fallback \|\|	201	5. ##REMOTE_ADDR## (fallback)
158	\|\| Configuration in Database: \|\|	202
159	\|\| - ##reverse_proxy_addresses## - Comma/space-separated proxy IPs \|\|	203	Features:
160	\|\| - ##reverse_proxy_header## - Custom header name (default: ##X-Forwarded-For##) \|\|	204	- Filters out private/reserved IP ranges
161	\|\| Example: \|\|	205	- Respects configured reverse proxy addresses
162	\|\| %%php	206	- Returns ##'0.0.0.0'## as fallback
		207
		208	Configuration in Database:
		209	- ##reverse_proxy_addresses## - Comma/space-separated proxy IPs
		210	- ##reverse_proxy_header## - Custom header name (default: ##X-Forwarded-For##)
		211
		212	Example:
		213	%%(hl php)
163	$client_ip = $http->ip; // e.g., "203.0.113.42"	214	$client_ip = $http->ip; // e.g., "203.0.113.42"
164	%% \|\|	215	%%
165	\|\| ---- \|\|	216
166	\|\| ==== HTTPS Detection ==== \|\|	217	----
167	\|\| ===== ##tls_session(): bool## (Private) ===== \|\|	218
168	\|\| Detects if current connection uses HTTPS/TLS. \|\|	219	==== HTTPS Detection ====
169	\|\| Checks (any being true = HTTPS): \|\|	220
170	\|\| - ##$_SERVER['HTTPS']## is 'on' \|\|	221	===== ##tls_session(): bool## (Private) =====
171	\|\| - ##$_SERVER['SERVER_PORT']## is 443 \|\|	222	Detects if current connection uses HTTPS/TLS.
172	\|\| - ##$_SERVER['HTTP_X_FORWARDED_PROTO']## is 'https' \|\|	223
173	\|\| - ##$_SERVER['HTTP_X_FORWARDED_SSL']## is 'on' \|\|	224	Checks (any being true = HTTPS):
174	\|\| - ##$_SERVER['HTTP_X_FORWARDED_PORT']## is 443 \|\|	225	- ##$_SERVER['HTTPS']## is 'on'
175	\|\| ---- \|\|	226	- ##$_SERVER['SERVER_PORT']## is 443
176	\|\| ==== Security Headers ==== \|\|	227	- ##$_SERVER['HTTP_X_FORWARDED_PROTO']## is 'https'
177	\|\| ===== ##http_security_headers(): void## ===== \|\|	228	- ##$_SERVER['HTTP_X_FORWARDED_SSL']## is 'on'
178	\|\| Sets security-related HTTP headers. \|\|	229	- ##$_SERVER['HTTP_X_FORWARDED_PORT']## is 443
179	\|\| Headers Set: \|\|	230
180	\|\| Header \| Purpose \| Config Key \|\|	231	----
181	\|\| -------- \| --------- \| ------------ \|\|	232
		233	==== Security Headers ====
		234
		235	=====##http_security_headers(): void##=====
		236
		237	Sets security-related HTTP headers.
		238
		239	Headers Set:
		240
		241	#\|
		242	\| Header \| Purpose \| Config Key \|
182	\|\| Content-Security-Policy \| XSS/injection protection \| ##csp## \|\|	243	\|\| Content-Security-Policy \| XSS/injection protection \| ##csp## \|\|
183	\|\| Permissions-Policy \| Control browser features \| ##permissions_policy## \|\|	244	\|\| Permissions-Policy \| Control browser features \| ##permissions_policy## \|\|
184	\|\| Referrer-Policy \| Control referrer information \| ##referrer_policy## \|\|	245	\|\| Referrer-Policy \| Control referrer information \| ##referrer_policy## \|\|
185	\|\| Strict-Transport-Security \| Force HTTPS \| Auto (TLS only) \|\|	246	\|\| Strict-Transport-Security \| Force HTTPS \| Auto (TLS only) \|\|
186	\|\| X-Frame-Options \| Clickjacking protection \| Hardcoded: ##SAMEORIGIN## \|\|	247	\|\| X-Frame-Options \| Clickjacking protection \| Hardcoded: ##SAMEORIGIN## \|\|
187	\|\| X-Content-Type-Options \| MIME sniffing prevention \| Hardcoded: ##nosniff## \|\|	248	\|\| X-Content-Type-Options \| MIME sniffing prevention \| Hardcoded: ##nosniff## \|\|
188	\|\| CSP Configuration Options: \|\|	249	\|#
189	\|\| - ##0## - Disabled \|\|	250
190	\|\| - ##1## - Default policy (from ##csp.conf##) \|\|	251	CSP Configuration Options:
191	\|\| - ##2## - Custom policy (from ##csp_custom.conf##) \|\|	252	- ##0## - Disabled
192	\|\| Example: \|\|	253	- ##1## - Default policy (from ##csp.conf##)
193	\|\| %%php	254	- ##2## - Custom policy (from ##csp_custom.conf##)
		255
		256	Example:
		257	%%(hl php)
194	$http->http_security_headers();	258	$http->http_security_headers();
195	%% \|\|	259	%%
196	\|\| ---- \|\|	260
197	\|\| ==== HTTP Methods ==== \|\|	261	----
198	\|\| ===== ##redirect($url, $permanent = false): void## ===== \|\|	262	==== HTTP Methods ====
199	\|\| Performs an HTTP redirect. \|\|	263
200	\|\| Parameters: \|\|	264	===== ##redirect($url, $permanent = false): void## =====
201	\|\| - ##$url## (string) - Target URL \|\|	265	Performs an HTTP redirect.
202	\|\| - ##$permanent## (bool) - Use 301 (permanent) vs 302 (temporary) \|\|	266
203	\|\| Features: \|\|	267	Parameters:
204	\|\| - Decodes ##&## entities to prevent broken redirects \|\|	268	- ##$url## (string) - Target URL
205	\|\| - Only works if headers not yet sent \|\|	269	- ##$permanent## (bool) - Use 301 (permanent) vs 302 (temporary)
206	\|\| - Uses output buffering to work anywhere in page processing \|\|	270
207	\|\| Example: \|\|	271	Features:
208	\|\| %%php	272	- Decodes ##&## entities to prevent broken redirects
		273	- Only works if headers not yet sent
		274	- Uses output buffering to work anywhere in page processing
		275
		276	Example:
		277	%%(hl php)
209	$http->redirect('http://example.com/new-page', true); // 301	278	$http->redirect('http://example.com/new-page', true); // 301
210	$http->redirect('/wiki/HomePage'); // 302	279	$http->redirect('/wiki/HomePage'); // 302
211	%% \|\|	280	%%
212	\|\| ---- \|\|	281
213	\|\| ===== ##terminate(): void## ===== \|\|	282	----
214	\|\| Safe exit/die with cleanup. \|\|	283
215	\|\| Cleanup Operations: \|\|	284	===== ##terminate(): void## =====
216	\|\| - Saves diagnostic logs to session flash data \|\|	285	Safe exit/die with cleanup.
217	\|\| - Ends script execution \|\|	286
218	\|\| Example: \|\|	287	Cleanup Operations:
219	\|\| %%php	288	- Saves diagnostic logs to session flash data
		289	- Ends script execution
		290
		291	Example:
		292	%%(hl php)
220	$http->terminate();	293	$http->terminate();
221	%% \|\|	294	%%
222	\|\| ---- \|\|	295
223	\|\| ===== ##status($code): void## ===== \|\|	296	----
224	\|\| Sets HTTP response status code. \|\|	297
225	\|\| Supported Status Codes: \|\|	298	===== ##status($code): void## =====
226	\|\| %%php	299	Sets HTTP response status code.
		300
		301	Supported Status Codes:
		302	%%(hl php)
227	200 => 'OK'	303	200 => 'OK'
228	206 => 'Partial Content'	304	206 => 'Partial Content'
229	301 => 'Moved Permanently'	305	301 => 'Moved Permanently'
…	…	…	…
240	500 => 'Internal Server Error'	316	500 => 'Internal Server Error'
241	501 => 'Not Implemented'	317	501 => 'Not Implemented'
242	503 => 'Service Unavailable'	318	503 => 'Service Unavailable'
243	%% \|\|	319	%%
244	\|\| Example: \|\|	320
245	\|\| %%php	321	Example:
		322	%%(hl php)
246	$http->status(404); // Send 404 Not Found	323	$http->status(404); // Send 404 Not Found
247	%% \|\|	324	%%
248	\|\| ---- \|\|	325
249	\|\| ==== Caching Control ==== \|\|	326	----
250	\|\| ===== ##no_cache($client_only = true): void## ===== \|\|	327
251	\|\| Disables caching of the current page. \|\|	328	==== Caching Control ====
252	\|\| Parameters: \|\|	329
253	\|\| - ##$client_only## (bool, default: TRUE) \|\|	330	===== ##no_cache($client_only = true): void## =====
254	\|\| - ##TRUE##: Disable browser cache only \|\|	331	Disables caching of the current page.
255	\|\| - ##FALSE##: Disable both browser and server cache \|\|	332
256	\|\| Headers Set: \|\|	333	Parameters:
257	\|\| - ##Last-Modified: <current-time>## (always fresh) \|\|	334	- ##$client_only## (bool, default: TRUE)
258	\|\| - ##Cache-Control: no-store## \|\|	335	- ##TRUE##: Disable browser cache only
259	\|\| Example: \|\|	336	- ##FALSE##: Disable both browser and server cache
260	\|\| %%php	337
		338	Headers Set:
		339	- ##Last-Modified: <current-time>## (always fresh)
		340	- ##Cache-Control: no-store##
		341
		342	Example:
		343	%%(hl php)
261	$http->no_cache(); // Client-side only	344	$http->no_cache(); // Client-side only
262	$http->no_cache(false); // Both client & server	345	$http->no_cache(false); // Both client & server
263	%% \|\|	346	%%
264	\|\| ---- \|\|	347
265	\|\| ===== ##cache_promisc(): void## ===== \|\|	348	----
266	\|\| Marks page as publicly cacheable. \|\|	349
267	\|\| Headers Set: \|\|	350	===== ##cache_promisc(): void## =====
268	\|\| - ##Cache-Control: public## \|\|	351	Marks page as publicly cacheable.
269	\|\| Example: \|\|	352
270	\|\| %%php	353	Headers Set:
		354	- ##Cache-Control: public##
		355
		356	Example:
		357	%%(hl php)
271	$http->cache_promisc();	358	$http->cache_promisc();
272	%% \|\|	359	%%
273	\|\| ---- \|\|	360
274	\|\| ==== Language Negotiation ==== \|\|	361	----
275	\|\| ===== ##user_agent_language(): string## ===== \|\|	362
276	\|\| Determines best language based on browser preferences. \|\|	363	==== Language Negotiation ====
277	\|\| Features: \|\|	364
278	\|\| - Follows RFC 9110 section 12.5.4 (HTTP Accept-Language) \|\|	365	===== ##user_agent_language(): string## =====
279	\|\| - Parses ##Accept-Language## header with quality factors \|\|	366	Determines best language based on browser preferences.
280	\|\| - Attempts exact match first, then language fallback \|\|	367
281	\|\| - Falls back to default system language \|\|	368	Features:
282	\|\| Example Header: \|\|	369	- Follows RFC 9110 section 12.5.4 (HTTP Accept-Language)
283	\|\| %%	370	- Parses ##Accept-Language## header with quality factors
		371	- Attempts exact match first, then language fallback
		372	- Falls back to default system language
		373
		374	Example Header:
		375	%%
284	Accept-Language: en-US,en;q=0.9,de;q=0.8	376	Accept-Language: en-US,en;q=0.9,de;q=0.8
285	%% \|\|	377	%%
286	\|\| Returns: \|\|	378
287	\|\| - Language code (e.g., 'en', 'en-US', 'de') \|\|	379	Returns:
288	\|\| ---- \|\|	380	- Language code (e.g., 'en', 'en-US', 'de')
289	\|\| ===== ##available_languages($subset = true): array## ===== \|\|	381
290	\|\| Returns list of available language translations. \|\|	382	----
291	\|\| Parameters: \|\|	383
292	\|\| - ##$subset## (bool, default: TRUE) \|\|	384	===== ##available_languages($subset = true): array## =====
293	\|\| - ##TRUE##: Only allowed languages \|\|	385	Returns list of available language translations.
294	\|\| - ##FALSE##: All available languages \|\|	386
295	\|\| Features: \|\|	387	Parameters:
296	\|\| - Scans ##LANG_DIR## for language files \|\|	388	- ##$subset## (bool, default: TRUE)
297	\|\| - Filters by ##allowed_languages## config if set \|\|	389	- ##TRUE##: Only allowed languages
298	\|\| - Caches result in session \|\|	390	- ##FALSE##: All available languages
299	\|\| - System language always included \|\|	391
300	\|\| Returns: \|\|	392	Features:
301	\|\| - Associative array: ##['en' => 'en', 'de' => 'de', ...]## \|\|	393	- Scans ##LANG_DIR## for language files
302	\|\| Example: \|\|	394	- Filters by ##allowed_languages## config if set
303	\|\| %%php	395	- Caches result in session
		396	- System language always included
		397
		398	Returns:
		399	- Associative array: ##['en' => 'en', 'de' => 'de', ...]##
		400
		401	Example:
		402	%%(hl php)
304	$all_langs = $http->available_languages(false);	403	$all_langs = $http->available_languages(false);
305	$allowed = $http->available_languages(true);	404	$allowed = $http->available_languages(true);
306	%% \|\|	405	%%
307	\|\| ---- \|\|	406
308	\|\| ==== File Serving ==== \|\|	407	----
309	\|\| ===== ##sendfile($path, $filename = null, $age = null): void## ===== \|\|	408
310	\|\| Serves files with proper HTTP headers and caching. \|\|	409	==== File Serving ====
311	\|\| Parameters: \|\|	410
312	\|\| - ##$path## (string) - File path (or HTTP_XXX constant for error pages) \|\|	411	===== ##sendfile($path, $filename = null, $age = null): void## =====
313	\|\| - ##$filename## (string, optional) - Custom download filename \|\|	412	Serves files with proper HTTP headers and caching.
314	\|\| - ##$age## (int, optional) - Cache age in days \|\|	413
315	\|\| Features: \|\|	414	Parameters:
316	\|\| - HTTP range request support (partial file downloads) \|\|	415	- ##$path## (string) - File path (or HTTP_XXX constant for error pages)
317	\|\| - ETag and Last-Modified conditional requests \|\|	416	- ##$filename## (string, optional) - Custom download filename
318	\|\| - Proper MIME type detection \|\|	417	- ##$age## (int, optional) - Cache age in days
319	\|\| - Content-Security-Policy for special file types \|\|	418
320	\|\| - Streaming for large files \|\|	419	Features:
321	\|\| - GZip compression for text files \|\|	420	- HTTP range request support (partial file downloads)
322	\|\| Special Paths: \|\|	421	- ETag and Last-Modified conditional requests
323	\|\| %%php	422	- Proper MIME type detection
		423	- Content-Security-Policy for special file types
		424	- Streaming for large files
		425	- GZip compression for text files
		426
		427	Special Paths:
		428	%%(hl php)
324	$http->sendfile(404); // Serves file defined by HTTP_404 constant	429	$http->sendfile(404); // Serves file defined by HTTP_404 constant
325	$http->sendfile(403); // Serves file defined by HTTP_403 constant	430	$http->sendfile(403); // Serves file defined by HTTP_403 constant
326	%% \|\|	431	%%
327	\|\| Example: \|\|	432
328	\|\| %%php	433	Example:
		434	%%(hl php)
329	$http->sendfile('uploads/document.pdf', 'my-document.pdf', 30);	435	$http->sendfile('uploads/document.pdf', 'my-document.pdf', 30);
330	%% \|\|	436	%%
331	\|\| ---- \|\|	437
332	\|\| ===== ##mime_type($path): string## ===== \|\|	438	----
333	\|\| Returns MIME type for a file. \|\|	439
334	\|\| Returns: \|\|	440	===== ##mime_type($path): string## =====
335	\|\| - MIME type string (e.g., 'application/pdf') \|\|	441	Returns MIME type for a file.
336	\|\| - Default: ##'application/octet-stream'## \|\|	442
337	\|\| Example: \|\|	443	Returns:
338	\|\| %%php	444	- MIME type string (e.g., 'application/pdf')
		445	- Default: ##'application/octet-stream'##
		446
		447	Example:
		448	%%(hl php)
339	$mime = $http->mime_type('file.pdf'); // 'application/pdf'	449	$mime = $http->mime_type('file.pdf'); // 'application/pdf'
340	%% \|\|	450	%%
341	\|\| ---- \|\|	451
342	\|\| ===== ##mime_types(): array## (Private) ===== \|\|	452	----
343	\|\| Loads and caches MIME types from configuration. \|\|	453
344	\|\| Features: \|\|	454	===== ##mime_types(): array## (Private) =====
345	\|\| - Reads from ##config/mime.types## \|\|	455	Loads and caches MIME types from configuration.
346	\|\| - Caches to ##cache/config/mime.types## \|\|	456
347	\|\| - Reloads if config is updated \|\|	457	Features:
348	\|\| ---- \|\|	458	- Reads from ##config/mime.types##
349	\|\| ==== Compression ==== \|\|	459	- Caches to ##cache/config/mime.types##
350	\|\| ===== ##gzip(): void## ===== \|\|	460	- Reloads if config is updated
351	\|\| Compresses HTTP response with gzip/x-gzip. \|\|	461
352	\|\| Features: \|\|	462	----
353	\|\| - Manually implements gzip (not relying on zlib.output_compression) \|\|	463
354	\|\| - Produces correct ##Content-Length## header \|\|	464	==== Compression ====
355	\|\| - Only compresses if: \|\|	465
356	\|\| - 860 bytes < content < 1 MB \|\|	466	===== ##gzip(): void## =====
357	\|\| - Client accepts compression \|\|	467	Compresses HTTP response with gzip/x-gzip.
358	\|\| - Headers not already sent \|\|	468
359	\|\| Example: \|\|	469	Features:
360	\|\| %%php	470	- Manually implements gzip (not relying on zlib.output_compression)
		471	- Produces correct ##Content-Length## header
		472	- Only compresses if:
		473	- 860 bytes < content < 1 MB
		474	- Client accepts compression
		475	- Headers not already sent
		476
		477	Example:
		478	%%(hl php)
361	$http->gzip();	479	$http->gzip();
362	%% \|\|	480	%%
363	\|\| ---- \|\|	481
364	\|\| ==== Utility Methods ==== \|\|	482	----
365	\|\| ===== ##parse_str($str): array## (Private) ===== \|\|	483
366	\|\| Parses URL-encoded strings with special character handling. \|\|	484	==== Utility Methods ====
367	\|\| Purpose: \|\|	485
368	\|\| - Safely handles special characters in query/form data \|\|	486	===== ##parse_str($str): array## (Private) =====
369	\|\| - Converts encoding properly \|\|	487	Parses URL-encoded strings with special character handling.
370	\|\| Example: \|\|	488
371	\|\| %%php	489	Purpose:
		490	- Safely handles special characters in query/form data
		491	- Converts encoding properly
		492
		493	Example:
		494	%%(hl php)
372	$data = $http->parse_str('name=John&age=30');	495	$data = $http->parse_str('name=John&age=30');
373	%% \|\|	496	%%
374	\|\| ---- \|\|	497
375	\|\| ===== ##request_uri(): string## (Private) ===== \|\|	498	----
376	\|\| Extracts and normalizes REQUEST_URI from server. \|\|	499
377	\|\| Normalization: \|\|	500	===== ##request_uri(): string## (Private) =====
378	\|\| - Removes base URL prefix \|\|	501	Extracts and normalizes REQUEST_URI from server.
379	\|\| - Removes spaces \|\|	502
380	\|\| - Collapses multiple slashes \|\|	503	Normalization:
381	\|\| - Removes ##..## path traversal attempts \|\|	504	- Removes base URL prefix
382	\|\| - Removes leading/trailing slashes \|\|	505	- Removes spaces
383	\|\| ---- \|\|	506	- Collapses multiple slashes
384	\|\| ===== ##cut_prefix($prefix, $path): string## (Private) ===== \|\|	507	- Removes ##..## path traversal attempts
385	\|\| Removes prefix from path (case-insensitive). \|\|	508	- Removes leading/trailing slashes
386	\|\| ---- \|\|	509
387	\|\| ===== ##get_header_conf($file_name): string## (Private) ===== \|\|	510	----
388	\|\| Loads security header configuration from files. \|\|	511
389	\|\| Files Supported: \|\|	512	===== ##cut_prefix($prefix, $path): string## (Private) =====
390	\|\| - ##csp.conf## / ##csp_custom.conf## \|\|	513	Removes prefix from path (case-insensitive).
391	\|\| - ##permissions_policy.conf## / ##permissions_policy_custom.conf## \|\|	514
392	\|\| ---- \|\|	515	----
393	\|\| === Configuration Dependencies === \|\|	516
394	\|\| The class relies on these database configuration settings: \|\|	517	===== ##get_header_conf($file_name): string## (Private) =====
395	\|\| Setting \| Type \| Purpose \|\|	518	Loads security header configuration from files.
396	\|\| --------- \| ------ \| --------- \|\|	519
		520	Files Supported:
		521	- ##csp.conf## / ##csp_custom.conf##
		522	- ##permissions_policy.conf## / ##permissions_policy_custom.conf##
		523
		524	----
		525
		526	===Configuration Dependencies===
		527
		528	The class relies on these database configuration settings:
		529
		530	#\|
		531	\| Setting \| Type \| Purpose \|
397	\|\| ##base_url## \| string \| Wiki's base URL \|\|	532	\|\| ##base_url## \| string \| Wiki's base URL \|\|
398	\|\| ##tls## \| bool \| Enable HTTPS enforcement \|\|	533	\|\| ##tls## \| bool \| Enable HTTPS enforcement \|\|
399	\|\| ##cache## \| bool \| Enable page caching \|\|	534	\|\| ##cache## \| bool \| Enable page caching \|\|
…	…	…	…
413	\|\| ##csp## \| int \| CSP setting (0/1/2) \|\|	548	\|\| ##csp## \| int \| CSP setting (0/1/2) \|\|
414	\|\| ##permissions_policy## \| int \| Permissions-Policy setting (0/1/2) \|\|	549	\|\| ##permissions_policy## \| int \| Permissions-Policy setting (0/1/2) \|\|
415	\|\| ##referrer_policy## \| int \| Referrer-Policy setting (0-8) \|\|	550	\|\| ##referrer_policy## \| int \| Referrer-Policy setting (0-8) \|\|
416	\|\| ---- \|\|	551	\|#
417	\|\| === Constants Used === \|\|	552
418	\|\| Constant \| Type \| Purpose \|\|	553	----
419	\|\| ---------- \| ------ \| --------- \|\|	554
		555	===Constants Used===
		556
		557	#\|
		558	\| Constant \| Type \| Purpose \|
420	\|\| ##IN_WACKO## \| bool \| Security check (exit if not defined) \|\|	559	\|\| ##IN_WACKO## \| bool \| Security check (exit if not defined) \|\|
421	\|\| ##CHMOD_SAFE## \| int \| File permissions for cache files \|\|	560	\|\| ##CHMOD_SAFE## \| int \| File permissions for cache files \|\|
422	\|\| ##CHMOD_FILE## \| int \| File permissions for config cache \|\|	561	\|\| ##CHMOD_FILE## \| int \| File permissions for config cache \|\|
…	…	…	…
434		573
435	=== Workflow Examples ===	574	=== Workflow Examples ===
436		575
437	==== ~~Example 1: Handling a GET Request~~ ====	576	====Example 1: Handling a GET Request====
438		577
439	%%~~php~~	578	%%(hl php)
440	// In main wiki entry point	579	// In main wiki entry point
441	$http = new Http($db);	580	$http = new Http($db);
442	$http->session(0); // Start session	581	$http->session(0); // Start session
…	…	…	…
458		597
459	==== Example 2: Handling TLS/HTTPS Upgrade ====	598	==== Example 2: Handling TLS/HTTPS Upgrade ====
460		599
461	%%~~php~~	600	%%(hl php)
462	$http = new Http($db); // Constructor detects TLS requirement	601	$http = new Http($db); // Constructor detects TLS requirement
463	// If TLS is enabled and user wasn't in TLS before:	602	// If TLS is enabled and user wasn't in TLS before:
464	// - Sets TLS session flag	603	// - Sets TLS session flag
…	…	…	…
468		607
469	==== Example 3: Invalidating Cache After Page Edit ====	608	==== Example 3: Invalidating Cache After Page Edit ====
470		609
471	%%~~php~~	610	%%(hl php)
472	// User edits a page	611	// User edits a page
473	$http = new Http($db);	612	$http = new Http($db);
474	$count = $http->invalidate_page('HomePage');	613	$count = $http->invalidate_page('HomePage');
…	…	…	…
477		616
478	==== Example 4: Serving a File ====	617	==== Example 4: Serving a File ====
479		618
480	%%~~php~~	619	%%(hl php)
481	$http = new Http($db);	620	$http = new Http($db);
482	$http->session(2); // Static file mode - no session replay prevention	621	$http->session(2); // Static file mode - no session replay prevention
483		622
…	…	…	…
552		691
553	The class integrates with WackoWiki's diagnostic system:	692	The class integrates with WackoWiki's diagnostic system:
554		693
555	%%~~php~~	694	%%(hl php)
556	// Diagnostic messages are preserved across redirects	695	// Diagnostic messages are preserved across redirects
557	// via session flash data	696	// via session flash data
558		697