Difference between revisions for Users / Eo Ny / dev




← Previous edit
Revision 4 as of 05/05/2026 19:10
8 05/05/2026 19:24 WikiAdmin 7 05/05/2026 19:23 WikiAdmin 6 05/05/2026 19:21 EoNy 5 05/05/2026 19:11 EoNy 4 05/05/2026 19:10 EoNy 3 05/05/2026 19:10 EoNy 2 05/05/2026 19:08 EoNy 1 05/05/2026 19:06 EoNy

(19.7 KiB)
EoNy
 Next edit →
Revision 9 as of 05/05/2026 19:25
18 05/21/2026 16:12 WikiAdmin 17 05/18/2026 15:15 WikiAdmin 16 05/18/2026 05:05 WikiAdmin 15 05/18/2026 05:04 WikiAdmin 14 05/17/2026 21:10 WikiAdmin 13 05/05/2026 19:29 EoNy 12 05/05/2026 19:28 WikiAdmin 11 05/05/2026 19:28 WikiAdmin 10 05/05/2026 19:27 WikiAdmin 9 05/05/2026 19:25 WikiAdmin 8 05/05/2026 19:24 WikiAdmin 7 05/05/2026 19:23 WikiAdmin 6 05/05/2026 19:21 EoNy 5 05/05/2026 19:11 EoNy

(15.7 KiB) -4,148
WikiAdmin

Version1 Version2
12 12
13 === Class Properties === 13 === Class Properties ===
14 14
15 ==== Public Properties ==== 15 ====Public Properties====
16 16
17 #| 17 #|
18 *| Property | Type | Description |* 18 *| Property | Type | Description |*
21 || ##$ip## | string | Client's real IP address (accounts for proxies) || 21 || ##$ip## | string | Client's real IP address (accounts for proxies) ||
22 || ##$sess## | Session | Reference to the Session object || 22 || ##$sess## | Session | Reference to the Session object ||
23 || ##$method## | string | Current HTTP method/request type || 23 || ##$method## | string | Current HTTP method/request type ||
24 || ==== Private Properties ==== || 24 |#
25 || Property | Type | Description || 25
26 || ---------- | ------ | ------------- || 26 ====Private Properties====
    27
    28 #|
    29 *| Property | Type | Description |*
27 || ##$db## | object | Database connection reference || 30 || ##$db## | object | Database connection reference ||
28 || ##$tls_mark## | string | Cookie name for TLS session marking || 31 || ##$tls_mark## | string | Cookie name for TLS session marking ||
29 || ##$page## | string | Current page name being processed || 32 || ##$page## | string | Current page name being processed ||
32 || ##$lang## | string | Current language code || 35 || ##$lang## | string | Current language code ||
33 || ##$file## | string | Cache file path || 36 || ##$file## | string | Cache file path ||
34 || ##$caching## | int | Flag indicating if page should be cached (0 or 1) || 37 || ##$caching## | int | Flag indicating if page should be cached (0 or 1) ||
35 || ---- || 38 |#
36 || === Constructor === || 39
37 || %%php 40 ----
    41 === Constructor ===
    42
    43 %%php
38 public function __construct(&$db) 44 public function __construct(&$db)
39 %% || 45 %%
40 || **Purpose:** Initializes the Http object and sets up HTTP session handling. || 46
41 || **Parameters:** || 47 **Purpose:** Initializes the Http object and sets up HTTP session handling.
42 || - ##$db## - Database object reference || 48
43 || **Initialization Steps:** || 49 **Parameters:**
44 || 1. Stores database reference || 50   - ##$db## - Database object reference
45 || 2. Extracts and normalizes REQUEST_URI || 51
46 || 3. Detects TLS/HTTPS session status || 52 **Initialization Steps:**
47 || 4. Determines client's real IP address || 53   1. Stores database reference
48 || 5. Sets up TLS mark cookie name || 54   2. Extracts and normalizes REQUEST_URI
49 || 6. Enforces TLS session upgrade if needed || 55   3. Detects TLS/HTTPS session status
50 || **Example:** || 56   4. Determines client's real IP address
51 || %%php 57   5. Sets up TLS mark cookie name
    58   6. Enforces TLS session upgrade if needed
    59
    60 **Example:**
    61 %%php
52 $http = new Http($db); 62 $http = new Http($db);
53 %% || 63 %%
54 || ---- || 64
55 || === Core Methods === || 65 ----
56 || ==== Session Management ==== || 66
57 || ===== ##session($route): void## ===== || 67 === Core Methods ===
58 || Initializes the session handler (file-based or database-based). || 68
59 || **Parameters:** || 69 ==== Session Management ====
60 || - ##$route## (int) - Routing flag: || 70
61 || - Bit 2 (##$route & 2##): Enable static mode for files/freecap (disables replay prevention and ID regeneration) || 71 ===== ##session($route): void## =====
62 || **Features:** || 72 Initializes the session handler (file-based or database-based).
63 || - Selects storage backend (file or database) || 73
64 || - Configures cookie settings (security, path, httponly) || 74 **Parameters:**
65 || - Binds IP and TLS validation || 75   - ##$route## (int) - Routing flag:
66 || - Recovers diagnostic logs from previous session || 76   - Bit 2 (##$route & 2##): Enable static mode for files/freecap (disables replay prevention and ID regeneration)
67 || **Example:** || 77
68 || %%php 78 **Features:**
    79   - Selects storage backend (file or database)
    80   - Configures cookie settings (security, path, httponly)
    81   - Binds IP and TLS validation
    82   - Recovers diagnostic logs from previous session
    83
    84 **Example:**
    85 %%php
69 $http->session(0); // Normal session 86 $http->session(0); // Normal session
70 $http->session(2); // Static file serving mode 87 $http->session(2); // Static file serving mode
71 %% || 88 %%
72 || ---- || 89
73 || ==== Caching System ==== || 90 ----
74 || ===== ##check_cache($page, $method): void## ===== || 91
75 || Determines if a page can be cached and prepares the cache check. || 92 ==== Caching System ====
76 || **Parameters:** || 93
77 || - ##$page## (string) - Page name to cache || 94 ===== ##check_cache($page, $method): void## =====
78 || - ##$method## (string) - Request method/action (e.g., 'show', 'edit') || 95 Determines if a page can be cached and prepares the cache check.
79 || **Caching Rules:** || 96
80 || - ✅ Enabled for GET requests only || 97 **Parameters:**
81 || - ✅ Disabled for POST requests || 98   - ##$page## (string) - Page name to cache
82 || - ❌ Never cached for 'edit' or 'watch' methods || 99   - ##$method## (string) - Request method/action (e.g., 'show', 'edit')
83 || - ✅ Only cached for anonymous users (no logged-in users) || 100
84 || **Example:** || 101 **Caching Rules:**
85 || %%php 102   - ✅ Enabled for GET requests only
    103   - ✅ Disabled for POST requests
    104   - ❌ Never cached for 'edit' or 'watch' methods
    105   - ✅ Only cached for anonymous users (no logged-in users)
    106
    107 **Example:**
    108 %%php
86 $http->check_cache('HomePage', 'show'); 109 $http->check_cache('HomePage', 'show');
87 %% || 110 %%
88 || ---- || 111
89 || ===== ##store_cache(): void## ===== || 112 ----
90 || Saves the generated page content to cache file. || 113
91 || **Features:** || 114 ===== ##store_cache(): void## =====
92 || - Retrieves output buffer content || 115 Saves the generated page content to cache file.
93 || - Saves to cache file with proper permissions || 116
94 || - Records cache metadata in database || 117 **Features:**
95 || - Only executes if caching flag is set and user is anonymous || 118   - Retrieves output buffer content
96 || **Example:** || 119   - Saves to cache file with proper permissions
97 || %%php 120   - Records cache metadata in database
    121   - Only executes if caching flag is set and user is anonymous
    122
    123 **Example:**
    124 %%php
98 // Called at end of page rendering 125 // Called at end of page rendering
99 $http->store_cache(); 126 $http->store_cache();
100 %% || 127 %%
101 || ---- || 128
102 || ===== ##invalidate_page($page): int## ===== || 129 ----
103 || Invalidates all cached versions of a page. || 130
104 || **Parameters:** || 131 ===== ##invalidate_page($page): int## =====
105 || - ##$page## (string) - Page name to invalidate || 132 Invalidates all cached versions of a page.
106 || **Returns:** || 133
107 || - Number of cache entries invalidated || 134 **Parameters:**
108 || **Process:** || 135   - ##$page## (string) - Page name to invalidate
109 || 1. Finds all cached versions (different methods/languages) || 136
110 || 2. Touches files to past timestamp (faster than deletion) || 137 **Returns:**
111 || 3. Removes entries from cache metadata table || 138   - Number of cache entries invalidated
112 || 4. Returns count of invalidated caches || 139
113 || **Example:** || 140 **Process:**
114 || %%php 141   1. Finds all cached versions (different methods/languages)
    142   2. Touches files to past timestamp (faster than deletion)
    143   3. Removes entries from cache metadata table
    144   4. Returns count of invalidated caches
    145
    146 **Example:**
    147 %%php
115 $count = $http->invalidate_page('HomePage'); 148 $count = $http->invalidate_page('HomePage');
116 echo "Invalidated $count cache entries"; 149 echo "Invalidated $count cache entries";
117 %% || 150 %%
118 || ---- || 151
119 || ==== TLS/HTTPS Security ==== || 152 ----
120 || ===== ##secure_base_url(): void## ===== || 153
121 || Switches base URL from HTTP to HTTPS. || 154 ==== TLS/HTTPS Security ====
122 || **Purpose:** || 155
123 || - Ensures all subsequent URLs use HTTPS || 156 ===== ##secure_base_url(): void## =====
124 || - Stores original HTTP URL for fallback || 157 Switches base URL from HTTP to HTTPS.
125 || - Called when TLS session is detected || 158
126 || **Example:** || 159 **Purpose:**
127 || %%php 160   - Ensures all subsequent URLs use HTTPS
    161   - Stores original HTTP URL for fallback
    162   - Called when TLS session is detected
    163
    164 **Example:**
    165 %%php
128 $http->secure_base_url(); 166 $http->secure_base_url();
129 // $db->base_url now uses https:// 167 // $db->base_url now uses https://
130 %% || 168 %%
131 || ---- || 169
132 || ===== ##ensure_tls($url): void## ===== || 170 ----
133 || Enforces HTTPS for a specific URL and redirects if necessary. || 171
134 || **Parameters:** || 172 ===== ##ensure_tls($url): void## =====
135 || - ##$url## (string) - URL to secure || 173 Enforces HTTPS for a specific URL and redirects if necessary.
136 || **Behavior:** || 174
137 || - If not already HTTPS and TLS is enabled, forces HTTPS redirect || 175 **Parameters:**
138 || - Handles both relative and absolute URLs || 176   - ##$url## (string) - URL to secure
139 || - Converts relative URLs using current server name || 177
140 || **Example:** || 178 **Behavior:**
141 || %%php 179   - If not already HTTPS and TLS is enabled, forces HTTPS redirect
    180   - Handles both relative and absolute URLs
    181   - Converts relative URLs using current server name
    182
    183 **Example:**
    184 %%php
142 $http->ensure_tls('/secure/payment'); 185 $http->ensure_tls('/secure/payment');
143 %% || 186 %%
144 || ---- || 187
145 || ==== IP Address Detection ==== || 188 ----
146 || ===== ##real_ip(): string## (Private) ===== || 189
147 || Detects client's real IP address accounting for proxies. || 190 ==== IP Address Detection ====
148 || **Proxy Headers Checked (in order):** || 191
149 || 1. ##HTTP_X_CLUSTER_CLIENT_IP## || 192 ===== ##real_ip(): string## (Private) =====
150 || 2. ##HTTP_X_FORWARDED_FOR## (or custom header) || 193 Detects client's real IP address accounting for proxies.
151 || 3. ##HTTP_CLIENT_IP## || 194
152 || 4. ##HTTP_X_REMOTE_ADDR## || 195 **Proxy Headers Checked (in order):**
153 || 5. ##REMOTE_ADDR## (fallback) || 196   1. ##HTTP_X_CLUSTER_CLIENT_IP##
154 || **Features:** || 197   2. ##HTTP_X_FORWARDED_FOR## (or custom header)
155 || - Filters out private/reserved IP ranges || 198   3. ##HTTP_CLIENT_IP##
156 || - Respects configured reverse proxy addresses || 199   4. ##HTTP_X_REMOTE_ADDR##
157 || - Returns ##'0.0.0.0'## as fallback || 200   5. ##REMOTE_ADDR## (fallback)
158 || **Configuration in Database:** || 201
159 || - ##reverse_proxy_addresses## - Comma/space-separated proxy IPs || 202 **Features:**
160 || - ##reverse_proxy_header## - Custom header name (default: ##X-Forwarded-For##) || 203   - Filters out private/reserved IP ranges
161 || **Example:** || 204   - Respects configured reverse proxy addresses
162 || %%php 205   - Returns ##'0.0.0.0'## as fallback
    206
    207 **Configuration in Database:**
    208   - ##reverse_proxy_addresses## - Comma/space-separated proxy IPs
    209   - ##reverse_proxy_header## - Custom header name (default: ##X-Forwarded-For##)
    210
    211 **Example:**
    212 %%php
163 $client_ip = $http->ip; // e.g., "203.0.113.42" 213 $client_ip = $http->ip; // e.g., "203.0.113.42"
164 %% || 214 %%
165 || ---- || 215
166 || ==== HTTPS Detection ==== || 216 ----
167 || ===== ##tls_session(): bool## (Private) ===== || 217
168 || Detects if current connection uses HTTPS/TLS. || 218 ==== HTTPS Detection ====
169 || **Checks (any being true = HTTPS):** || 219
170 || - ##$_SERVER['HTTPS']## is 'on' || 220 ===== ##tls_session(): bool## (Private) =====
171 || - ##$_SERVER['SERVER_PORT']## is 443 || 221 Detects if current connection uses HTTPS/TLS.
172 || - ##$_SERVER['HTTP_X_FORWARDED_PROTO']## is 'https' || 222
173 || - ##$_SERVER['HTTP_X_FORWARDED_SSL']## is 'on' || 223 **Checks (any being true = HTTPS):**
174 || - ##$_SERVER['HTTP_X_FORWARDED_PORT']## is 443 || 224   - ##$_SERVER['HTTPS']## is 'on'
175 || ---- || 225   - ##$_SERVER['SERVER_PORT']## is 443
176 || ==== Security Headers ==== || 226   - ##$_SERVER['HTTP_X_FORWARDED_PROTO']## is 'https'
177 || ===== ##http_security_headers(): void## ===== || 227   - ##$_SERVER['HTTP_X_FORWARDED_SSL']## is 'on'
178 || Sets security-related HTTP headers. || 228   - ##$_SERVER['HTTP_X_FORWARDED_PORT']## is 443
179 || **Headers Set:** || 229
180 || Header | Purpose | Config Key || 230 ----
181 || -------- | --------- | ------------ || 231
182 || Content-Security-Policy | XSS/injection protection | ##csp## || 232 ==== Security Headers ====
183 || Permissions-Policy | Control browser features | ##permissions_policy## || 233
184 || Referrer-Policy | Control referrer information | ##referrer_policy## || 234 ===== ##http_security_headers(): void## =====
185 || Strict-Transport-Security | Force HTTPS | Auto (TLS only) || 235
186 || X-Frame-Options | Clickjacking protection | Hardcoded: ##SAMEORIGIN## || 236
187 || X-Content-Type-Options | MIME sniffing prevention | Hardcoded: ##nosniff## || 237 ==== HTTP Methods ====
188 || **CSP Configuration Options:** || 238
189 || - ##0## - Disabled || 239 ===== ##redirect($url, $permanent = false): void## =====
190 || - ##1## - Default policy (from ##csp.conf##) || 240 Performs an HTTP redirect.
191 || - ##2## - Custom policy (from ##csp_custom.conf##) || 241
192 || **Example:** || 242 **Parameters:**
193 || %%php 243   - ##$url## (string) - Target URL
194 $http->http_security_headers(); 244   - ##$permanent## (bool) - Use 301 (permanent) vs 302 (temporary)
195 %% || 245
196 || ---- || 246 **Features:**
197 || ==== HTTP Methods ==== || 247   - Decodes ##&## entities to prevent broken redirects
198 || ===== ##redirect($url, $permanent = false): void## ===== || 248   - Only works if headers not yet sent
199 || Performs an HTTP redirect. || 249   - Uses output buffering to work anywhere in page processing
200 || **Parameters:** || 250
201 || - ##$url## (string) - Target URL || 251 **Example:**
202 || - ##$permanent## (bool) - Use 301 (permanent) vs 302 (temporary) || 252 %%php
203 || **Features:** ||    
204 || - Decodes ##&## entities to prevent broken redirects ||    
205 || - Only works if headers not yet sent ||    
206 || - Uses output buffering to work anywhere in page processing ||    
207 || **Example:** ||    
208 || %%php    
209 $http->redirect('http://example.com/new-page', true); // 301 253 $http->redirect('http://example.com/new-page', true); // 301
210 $http->redirect('/wiki/HomePage'); // 302 254 $http->redirect('/wiki/HomePage'); // 302
211 %% || 255 %%
212 || ---- || 256
213 || ===== ##terminate(): void## ===== || 257 ----
214 || Safe exit/die with cleanup. || 258
215 || **Cleanup Operations:** || 259 ===== ##terminate(): void## =====
216 || - Saves diagnostic logs to session flash data || 260 Safe exit/die with cleanup.
217 || - Ends script execution || 261
218 || **Example:** || 262 **Cleanup Operations:**
219 || %%php 263   - Saves diagnostic logs to session flash data
    264   - Ends script execution
    265
    266 **Example:**
    267 %%php
220 $http->terminate(); 268 $http->terminate();
221 %% || 269 %%
222 || ---- || 270
223 || ===== ##status($code): void## ===== || 271 ----
224 || Sets HTTP response status code. || 272
225 || **Supported Status Codes:** || 273 ===== ##status($code): void## =====
226 || %%php 274 Sets HTTP response status code.
    275
    276 **Supported Status Codes:**
    277 %%php
227 200 => 'OK' 278 200 => 'OK'
228 206 => 'Partial Content' 279 206 => 'Partial Content'
229 301 => 'Moved Permanently' 280 301 => 'Moved Permanently'
240 500 => 'Internal Server Error' 291 500 => 'Internal Server Error'
241 501 => 'Not Implemented' 292 501 => 'Not Implemented'
242 503 => 'Service Unavailable' 293 503 => 'Service Unavailable'
243 %% || 294 %%
244 || **Example:** || 295
245 || %%php 296 **Example:**
    297 %%php
246 $http->status(404); // Send 404 Not Found 298 $http->status(404); // Send 404 Not Found
247 %% || 299 %%
248 || ---- || 300
249 || ==== Caching Control ==== || 301 ----
250 || ===== ##no_cache($client_only = true): void## ===== || 302
251 || Disables caching of the current page. || 303 ==== Caching Control ====
252 || **Parameters:** || 304
253 || - ##$client_only## (bool, default: TRUE) || 305 ===== ##no_cache($client_only = true): void## =====
254 || - ##TRUE##: Disable browser cache only || 306 Disables caching of the current page.
255 || - ##FALSE##: Disable both browser and server cache || 307
256 || **Headers Set:** || 308 **Parameters:**
257 || - ##Last-Modified: <current-time>## (always fresh) || 309   - ##$client_only## (bool, default: TRUE)
258 || - ##Cache-Control: no-store## || 310   - ##TRUE##: Disable browser cache only
259 || **Example:** || 311   - ##FALSE##: Disable both browser and server cache
260 || %%php 312
    313 **Headers Set:**
    314   - ##Last-Modified: <current-time>## (always fresh)
    315   - ##Cache-Control: no-store##
    316
    317 **Example:**
    318 %%php
261 $http->no_cache(); // Client-side only 319 $http->no_cache(); // Client-side only
262 $http->no_cache(false); // Both client & server 320 $http->no_cache(false); // Both client & server
263 %% || 321 %%
264 || ---- || 322
265 || ===== ##cache_promisc(): void## ===== || 323 ----
266 || Marks page as publicly cacheable. || 324
267 || **Headers Set:** || 325 ===== ##cache_promisc(): void## =====
268 || - ##Cache-Control: public## || 326 Marks page as publicly cacheable.
269 || **Example:** || 327
270 || %%php 328 **Headers Set:**
    329   - ##Cache-Control: public##
    330
    331 **Example:**
    332 %%php
271 $http->cache_promisc(); 333 $http->cache_promisc();
272 %% || 334 %%
273 || ---- || 335
274 || ==== Language Negotiation ==== || 336 ----
275 || ===== ##user_agent_language(): string## ===== || 337
276 || Determines best language based on browser preferences. || 338 ==== Language Negotiation ====
277 || **Features:** || 339
278 || - Follows RFC 9110 section 12.5.4 (HTTP Accept-Language) || 340 ===== ##user_agent_language(): string## =====
279 || - Parses ##Accept-Language## header with quality factors || 341 Determines best language based on browser preferences.
280 || - Attempts exact match first, then language fallback || 342
281 || - Falls back to default system language || 343 **Features:**
282 || **Example Header:** || 344   - Follows RFC 9110 section 12.5.4 (HTTP Accept-Language)
283 || %% 345   - Parses ##Accept-Language## header with quality factors
    346   - Attempts exact match first, then language fallback
    347   - Falls back to default system language
    348
    349 **Example Header:**
    350 %%
284 Accept-Language: en-US,en;q=0.9,de;q=0.8 351 Accept-Language: en-US,en;q=0.9,de;q=0.8
285 %% || 352 %%
286 || **Returns:** || 353
287 || - Language code (e.g., 'en', 'en-US', 'de') || 354 **Returns:**
288 || ---- || 355   - Language code (e.g., 'en', 'en-US', 'de')
289 || ===== ##available_languages($subset = true): array## ===== || 356
290 || Returns list of available language translations. || 357 ----
291 || **Parameters:** || 358
292 || - ##$subset## (bool, default: TRUE) || 359 ===== ##available_languages($subset = true): array## =====
293 || - ##TRUE##: Only allowed languages || 360 Returns list of available language translations.
294 || - ##FALSE##: All available languages || 361
295 || **Features:** || 362 **Parameters:**
296 || - Scans ##LANG_DIR## for language files || 363   - ##$subset## (bool, default: TRUE)
297 || - Filters by ##allowed_languages## config if set || 364   - ##TRUE##: Only allowed languages
298 || - Caches result in session || 365   - ##FALSE##: All available languages
299 || - System language always included || 366
300 || **Returns:** || 367 **Features:**
301 || - Associative array: ##['en' => 'en', 'de' => 'de', ...]## || 368   - Scans ##LANG_DIR## for language files
302 || **Example:** || 369   - Filters by ##allowed_languages## config if set
303 || %%php 370   - Caches result in session
    371   - System language always included
    372
    373 **Returns:**
    374   - Associative array: ##['en' => 'en', 'de' => 'de', ...]##
    375
    376 **Example:**
    377 %%php
304 $all_langs = $http->available_languages(false); 378 $all_langs = $http->available_languages(false);
305 $allowed = $http->available_languages(true); 379 $allowed = $http->available_languages(true);
306 %% || 380 %%
307 || ---- || 381
308 || ==== File Serving ==== || 382 ----
309 || ===== ##sendfile($path, $filename = null, $age = null): void## ===== || 383
310 || Serves files with proper HTTP headers and caching. || 384 ==== File Serving ====
311 || **Parameters:** || 385
312 || - ##$path## (string) - File path (or HTTP_XXX constant for error pages) || 386 ===== ##sendfile($path, $filename = null, $age = null): void## =====
313 || - ##$filename## (string, optional) - Custom download filename || 387 Serves files with proper HTTP headers and caching.
314 || - ##$age## (int, optional) - Cache age in days || 388
315 || **Features:** || 389 **Parameters:**
316 || - HTTP range request support (partial file downloads) || 390   - ##$path## (string) - File path (or HTTP_XXX constant for error pages)
317 || - ETag and Last-Modified conditional requests || 391   - ##$filename## (string, optional) - Custom download filename
318 || - Proper MIME type detection || 392   - ##$age## (int, optional) - Cache age in days
319 || - Content-Security-Policy for special file types || 393
320 || - Streaming for large files || 394 **Features:**
321 || - GZip compression for text files || 395   - HTTP range request support (partial file downloads)
322 || **Special Paths:** || 396   - ETag and Last-Modified conditional requests
323 || %%php 397   - Proper MIME type detection
    398   - Content-Security-Policy for special file types
    399   - Streaming for large files
    400   - GZip compression for text files
    401
    402 **Special Paths:**
    403 %%php
324 $http->sendfile(404); // Serves file defined by HTTP_404 constant 404 $http->sendfile(404); // Serves file defined by HTTP_404 constant
325 $http->sendfile(403); // Serves file defined by HTTP_403 constant 405 $http->sendfile(403); // Serves file defined by HTTP_403 constant
326 %% || 406 %%
327 || **Example:** || 407
328 || %%php 408 **Example:**
    409 %%php
329 $http->sendfile('uploads/document.pdf', 'my-document.pdf', 30); 410 $http->sendfile('uploads/document.pdf', 'my-document.pdf', 30);
330 %% || 411 %%
331 || ---- || 412
332 || ===== ##mime_type($path): string## ===== || 413 ----
333 || Returns MIME type for a file. || 414
334 || **Returns:** || 415 ===== ##mime_type($path): string## =====
335 || - MIME type string (e.g., 'application/pdf') || 416 Returns MIME type for a file.
336 || - Default: ##'application/octet-stream'## || 417
337 || **Example:** || 418 **Returns:**
338 || %%php 419   - MIME type string (e.g., 'application/pdf')
    420   - Default: ##'application/octet-stream'##
    421
    422 **Example:**
    423 %%php
339 $mime = $http->mime_type('file.pdf'); // 'application/pdf' 424 $mime = $http->mime_type('file.pdf'); // 'application/pdf'
340 %% || 425 %%
341 || ---- || 426
342 || ===== ##mime_types(): array## (Private) ===== || 427 ----
343 || Loads and caches MIME types from configuration. || 428
344 || **Features:** || 429 ===== ##mime_types(): array## (Private) =====
345 || - Reads from ##config/mime.types## || 430 Loads and caches MIME types from configuration.
346 || - Caches to ##cache/config/mime.types## || 431
347 || - Reloads if config is updated || 432 **Features:**
348 || ---- || 433   - Reads from ##config/mime.types##
349 || ==== Compression ==== || 434   - Caches to ##cache/config/mime.types##
350 || ===== ##gzip(): void## ===== || 435   - Reloads if config is updated
351 || Compresses HTTP response with gzip/x-gzip. || 436
352 || **Features:** || 437 ----
353 || - Manually implements gzip (not relying on zlib.output_compression) || 438
354 || - Produces correct ##Content-Length## header || 439 ==== Compression ====
355 || - Only compresses if: || 440
356 || - 860 bytes < content < 1 MB || 441 ===== ##gzip(): void## =====
357 || - Client accepts compression || 442 Compresses HTTP response with gzip/x-gzip.
358 || - Headers not already sent || 443
359 || **Example:** || 444 **Features:**
360 || %%php 445   - Manually implements gzip (not relying on zlib.output_compression)
    446   - Produces correct ##Content-Length## header
    447   - Only compresses if:
    448   - 860 bytes < content < 1 MB
    449   - Client accepts compression
    450   - Headers not already sent
    451
    452 **Example:**
    453 %%php
361 $http->gzip(); 454 $http->gzip();
362 %% || 455 %%
363 || ---- || 456
364 || ==== Utility Methods ==== || 457 ----
365 || ===== ##parse_str($str): array## (Private) ===== || 458
366 || Parses URL-encoded strings with special character handling. || 459 ==== Utility Methods ====
367 || **Purpose:** || 460
368 || - Safely handles special characters in query/form data || 461 ===== ##parse_str($str): array## (Private) =====
369 || - Converts encoding properly || 462 Parses URL-encoded strings with special character handling.
370 || **Example:** || 463
371 || %%php 464 **Purpose:**
    465   - Safely handles special characters in query/form data
    466   - Converts encoding properly
    467
    468 **Example:**
    469 %%php
372 $data = $http->parse_str('name=John&age=30'); 470 $data = $http->parse_str('name=John&age=30');
373 %% || 471 %%
374 || ---- || 472
375 || ===== ##request_uri(): string## (Private) ===== || 473 ----
376 || Extracts and normalizes REQUEST_URI from server. || 474
377 || **Normalization:** || 475 ===== ##request_uri(): string## (Private) =====
378 || - Removes base URL prefix || 476 Extracts and normalizes REQUEST_URI from server.
379 || - Removes spaces || 477
380 || - Collapses multiple slashes || 478 **Normalization:**
381 || - Removes ##..## path traversal attempts || 479   - Removes base URL prefix
382 || - Removes leading/trailing slashes || 480   - Removes spaces
383 || ---- || 481   - Collapses multiple slashes
384 || ===== ##cut_prefix($prefix, $path): string## (Private) ===== || 482   - Removes ##..## path traversal attempts
385 || Removes prefix from path (case-insensitive). || 483   - Removes leading/trailing slashes
386 || ---- || 484
387 || ===== ##get_header_conf($file_name): string## (Private) ===== || 485 ----
388 || Loads security header configuration from files. || 486
389 || **Files Supported:** || 487 ===== ##cut_prefix($prefix, $path): string## (Private) =====
390 || - ##csp.conf## / ##csp_custom.conf## || 488 Removes prefix from path (case-insensitive).
391 || - ##permissions_policy.conf## / ##permissions_policy_custom.conf## || 489
392 || ---- || 490 ----
393 || === Configuration Dependencies === || 491
394 || The class relies on these database configuration settings: || 492 ===== ##get_header_conf($file_name): string## (Private) =====
395 || Setting | Type | Purpose || 493 Loads security header configuration from files.
396 || --------- | ------ | --------- || 494
397 || ##base_url## | string | Wiki's base URL || 495 **Files Supported:**
398 || ##tls## | bool | Enable HTTPS enforcement || 496   - ##csp.conf## / ##csp_custom.conf##
399 || ##cache## | bool | Enable page caching || 497   - ##permissions_policy.conf## / ##permissions_policy_custom.conf##
400 || ##cache_ttl## | int | Cache lifetime in seconds || 498
401 || ##session_store## | int | 1=File, 0=Database || 499 ----
402 || ##system_seed_hash## | string | Session encryption seed || 500
403 || ##cookie_prefix## | string | Session cookie prefix || 501 === Configuration Dependencies ===
404 || ##cookie_path## | string | Cookie path || 502
405 || ##allow_persistent_cookie## | bool | Allow persistent login || 503
406 || ##session_length## | int | Session lifetime in seconds || 504
407 || ##reverse_proxy_addresses## | string | Comma/space-separated proxy IPs || 505 === Constants Used ===
408 || ##reverse_proxy_header## | string | Custom X-Forwarded header || 506
409 || ##language## | string | Default language code || 507
410 || ##multilanguage## | bool | Enable language negotiation ||    
411 || ##allowed_languages## | string | Comma/space-separated allowed langs ||    
412 || ##enable_security_headers## | bool | Send security headers ||    
413 || ##csp## | int | CSP setting (0/1/2) ||    
414 || ##permissions_policy## | int | Permissions-Policy setting (0/1/2) ||    
415 || ##referrer_policy## | int | Referrer-Policy setting (0-8) ||    
416 || ---- ||    
417 || === Constants Used === ||    
418 || Constant | Type | Purpose ||    
419 || ---------- | ------ | --------- ||    
420 || ##IN_WACKO## | bool | Security check (exit if not defined) ||    
421 || ##CHMOD_SAFE## | int | File permissions for cache files ||    
422 || ##CHMOD_FILE## | int | File permissions for config cache ||    
423 || ##CACHE_PAGE_DIR## | string | Page cache directory ||    
424 || ##CACHE_SESSION_DIR## | string | Session cache directory ||    
425 || ##CACHE_CONFIG_DIR## | string | Config cache directory ||    
426 || ##CONFIG_DIR## | string | Configuration directory ||    
427 || ##LANG_DIR## | string | Language files directory ||    
428 || ##DAYSECS## | int | Seconds in a day (86400) ||    
429 || ##HTTP_404## | string | Path to 404 error page ||    
430 || ##HTTP_403## | string | Path to 403 error page ||    
431 |#    
432    
433 ----    
434 508
435 === Workflow Examples === 509 === Workflow Examples ===
436 510