Difference between revisions for Users / Eo Ny / dev




← Previous edit
Revision 4 as of 05/05/2026 19:10
16 05/18/2026 05:05 WikiAdmin 15 05/18/2026 05:04 WikiAdmin 14 05/17/2026 21:10 WikiAdmin 13 05/05/2026 19:29 EoNy 12 05/05/2026 19:28 WikiAdmin 11 05/05/2026 19:28 WikiAdmin 10 05/05/2026 19:27 WikiAdmin 9 05/05/2026 19:25 WikiAdmin 8 05/05/2026 19:24 WikiAdmin 7 05/05/2026 19:23 WikiAdmin 6 05/05/2026 19:21 EoNy 5 05/05/2026 19:11 EoNy 4 05/05/2026 19:10 EoNy 3 05/05/2026 19:10 EoNy 2 05/05/2026 19:08 EoNy 1 05/05/2026 19:06 EoNy

(19.7 KiB)
EoNy
 Next edit →
Revision 17 as of 05/18/2026 15:15
18 05/21/2026 16:12 WikiAdmin 17 05/18/2026 15:15 WikiAdmin 16 05/18/2026 05:05 WikiAdmin 15 05/18/2026 05:04 WikiAdmin 14 05/17/2026 21:10 WikiAdmin 13 05/05/2026 19:29 EoNy 12 05/05/2026 19:28 WikiAdmin 11 05/05/2026 19:28 WikiAdmin 10 05/05/2026 19:27 WikiAdmin 9 05/05/2026 19:25 WikiAdmin 8 05/05/2026 19:24 WikiAdmin 7 05/05/2026 19:23 WikiAdmin 6 05/05/2026 19:21 EoNy 5 05/05/2026 19:11 EoNy

(18.4 KiB) -1,400
WikiAdmin

Version1 Version2
1 == HTTP Class Technical Documentation == 1 {{toc numerate=1}}
2 2
3 === Overview === 3 === Overview ===
4 4
12 12
13 === Class Properties === 13 === Class Properties ===
14 14
15 ==== Public Properties ==== 15 ====Public Properties====
16 16
17 #| 17 #|
18 *| Property | Type | Description |* 18 *| Property | Type | Description |*
21 || ##$ip## | string | Client's real IP address (accounts for proxies) || 21 || ##$ip## | string | Client's real IP address (accounts for proxies) ||
22 || ##$sess## | Session | Reference to the Session object || 22 || ##$sess## | Session | Reference to the Session object ||
23 || ##$method## | string | Current HTTP method/request type || 23 || ##$method## | string | Current HTTP method/request type ||
24 || ==== Private Properties ==== || 24 |#
25 || Property | Type | Description || 25
26 || ---------- | ------ | ------------- || 26 ====Private Properties====
    27
    28 #|
    29 *| Property | Type | Description |*
27 || ##$db## | object | Database connection reference || 30 || ##$db## | object | Database connection reference ||
28 || ##$tls_mark## | string | Cookie name for TLS session marking || 31 || ##$tls_mark## | string | Cookie name for TLS session marking ||
29 || ##$page## | string | Current page name being processed || 32 || ##$page## | string | Current page name being processed ||
32 || ##$lang## | string | Current language code || 35 || ##$lang## | string | Current language code ||
33 || ##$file## | string | Cache file path || 36 || ##$file## | string | Cache file path ||
34 || ##$caching## | int | Flag indicating if page should be cached (0 or 1) || 37 || ##$caching## | int | Flag indicating if page should be cached (0 or 1) ||
35 || ---- || 38 |#
36 || === Constructor === || 39
37 || %%php 40 ----
    41 === Constructor ===
    42
    43 %%(hl php)
38 public function __construct(&$db) 44 public function __construct(&$db)
39 %% || 45 %%
40 || **Purpose:** Initializes the Http object and sets up HTTP session handling. || 46
41 || **Parameters:** || 47 **Purpose:** Initializes the Http object and sets up HTTP session handling.
42 || - ##$db## - Database object reference || 48
43 || **Initialization Steps:** || 49 **Parameters:**
44 || 1. Stores database reference || 50   - ##$db## - Database object reference
45 || 2. Extracts and normalizes REQUEST_URI || 51
46 || 3. Detects TLS/HTTPS session status || 52 **Initialization Steps:**
47 || 4. Determines client's real IP address || 53   1. Stores database reference
48 || 5. Sets up TLS mark cookie name || 54   2. Extracts and normalizes REQUEST_URI
49 || 6. Enforces TLS session upgrade if needed || 55   3. Detects TLS/HTTPS session status
50 || **Example:** || 56   4. Determines client's real IP address
51 || %%php 57   5. Sets up TLS mark cookie name
    58   6. Enforces TLS session upgrade if needed
    59
    60 **Example:**
    61 %%(hl php)
52 $http = new Http($db); 62 $http = new Http($db);
53 %% || 63 %%
54 || ---- || 64
55 || === Core Methods === || 65 ----
56 || ==== Session Management ==== || 66
57 || ===== ##session($route): void## ===== || 67 === Core Methods ===
58 || Initializes the session handler (file-based or database-based). || 68
59 || **Parameters:** || 69 ==== Session Management ====
60 || - ##$route## (int) - Routing flag: || 70
61 || - Bit 2 (##$route & 2##): Enable static mode for files/freecap (disables replay prevention and ID regeneration) || 71 ===== ##session($route): void## =====
62 || **Features:** || 72 Initializes the session handler (file-based or database-based).
63 || - Selects storage backend (file or database) || 73
64 || - Configures cookie settings (security, path, httponly) || 74 **Parameters:**
65 || - Binds IP and TLS validation || 75   - ##$route## (int) - Routing flag:
66 || - Recovers diagnostic logs from previous session || 76   - Bit 2 (##$route & 2##): Enable static mode for files/freecap (disables replay prevention and ID regeneration)
67 || **Example:** || 77
68 || %%php 78 **Features:**
    79   - Selects storage backend (file or database)
    80   - Configures cookie settings (security, path, httponly)
    81   - Binds IP and TLS validation
    82   - Recovers diagnostic logs from previous session
    83
    84 **Example:**
    85 %%(hl php)
69 $http->session(0); // Normal session 86 $http->session(0); // Normal session
70 $http->session(2); // Static file serving mode 87 $http->session(2); // Static file serving mode
71 %% || 88 %%
72 || ---- || 89
73 || ==== Caching System ==== || 90 ----
74 || ===== ##check_cache($page, $method): void## ===== || 91
75 || Determines if a page can be cached and prepares the cache check. || 92 ==== Caching System ====
76 || **Parameters:** || 93
77 || - ##$page## (string) - Page name to cache || 94 ===== ##check_cache($page, $method): void## =====
78 || - ##$method## (string) - Request method/action (e.g., 'show', 'edit') || 95 Determines if a page can be cached and prepares the cache check.
79 || **Caching Rules:** || 96
80 || - ✅ Enabled for GET requests only || 97 **Parameters:**
81 || - ✅ Disabled for POST requests || 98   - ##$page## (string) - Page name to cache
82 || - ❌ Never cached for 'edit' or 'watch' methods || 99   - ##$method## (string) - Request method/action (e.g., 'show', 'edit')
83 || - ✅ Only cached for anonymous users (no logged-in users) || 100
84 || **Example:** || 101 **Caching Rules:**
85 || %%php 102   - ✅ Enabled for GET requests only
    103   - ✅ Disabled for POST requests
    104   - ❌ Never cached for 'edit' or 'watch' methods
    105   - ✅ Only cached for anonymous users (no logged-in users)
    106
    107 **Example:**
    108 %%(hl php)
86 $http->check_cache('HomePage', 'show'); 109 $http->check_cache('HomePage', 'show');
87 %% || 110 %%
88 || ---- || 111
89 || ===== ##store_cache(): void## ===== || 112 ----
90 || Saves the generated page content to cache file. || 113
91 || **Features:** || 114 =====##store_cache(): void##=====
92 || - Retrieves output buffer content || 115 Saves the generated page content to cache file.
93 || - Saves to cache file with proper permissions || 116
94 || - Records cache metadata in database || 117 **Features:**
95 || - Only executes if caching flag is set and user is anonymous || 118   - Retrieves output buffer content
96 || **Example:** || 119   - Saves to cache file with proper permissions
97 || %%php 120   - Records cache metadata in database
    121   - Only executes if caching flag is set and user is anonymous
    122
    123 **Example:**
    124 %%(hl php)
98 // Called at end of page rendering 125 // Called at end of page rendering
99 $http->store_cache(); 126 $http->store_cache();
100 %% || 127 %%
101 || ---- || 128
102 || ===== ##invalidate_page($page): int## ===== || 129 ----
103 || Invalidates all cached versions of a page. || 130
104 || **Parameters:** || 131 ===== ##invalidate_page($page): int## =====
105 || - ##$page## (string) - Page name to invalidate || 132 Invalidates all cached versions of a page.
106 || **Returns:** || 133
107 || - Number of cache entries invalidated || 134 **Parameters:**
108 || **Process:** || 135   - ##$page## (string) - Page name to invalidate
109 || 1. Finds all cached versions (different methods/languages) || 136
110 || 2. Touches files to past timestamp (faster than deletion) || 137 **Returns:**
111 || 3. Removes entries from cache metadata table || 138   - Number of cache entries invalidated
112 || 4. Returns count of invalidated caches || 139
113 || **Example:** || 140 **Process:**
114 || %%php 141   1. Finds all cached versions (different methods/languages)
    142   2. Touches files to past timestamp (faster than deletion)
    143   3. Removes entries from cache metadata table
    144   4. Returns count of invalidated caches
    145
    146 **Example:**
    147 %%(hl php)
115 $count = $http->invalidate_page('HomePage'); 148 $count = $http->invalidate_page('HomePage');
116 echo "Invalidated $count cache entries"; 149 echo "Invalidated $count cache entries";
117 %% || 150 %%
118 || ---- || 151
119 || ==== TLS/HTTPS Security ==== || 152 ----
120 || ===== ##secure_base_url(): void## ===== || 153
121 || Switches base URL from HTTP to HTTPS. || 154 ==== TLS/HTTPS Security ====
122 || **Purpose:** || 155
123 || - Ensures all subsequent URLs use HTTPS || 156 ===== ##secure_base_url(): void## =====
124 || - Stores original HTTP URL for fallback || 157 Switches base URL from HTTP to HTTPS.
125 || - Called when TLS session is detected || 158
126 || **Example:** || 159 **Purpose:**
127 || %%php 160   - Ensures all subsequent URLs use HTTPS
    161   - Stores original HTTP URL for fallback
    162   - Called when TLS session is detected
    163
    164 **Example:**
    165 %%(hl php)
128 $http->secure_base_url(); 166 $http->secure_base_url();
129 // $db->base_url now uses https:// 167 // $db->base_url now uses https://
130 %% || 168 %%
131 || ---- || 169
132 || ===== ##ensure_tls($url): void## ===== || 170 ----
133 || Enforces HTTPS for a specific URL and redirects if necessary. || 171
134 || **Parameters:** || 172 ===== ##ensure_tls($url): void## =====
135 || - ##$url## (string) - URL to secure || 173 Enforces HTTPS for a specific URL and redirects if necessary.
136 || **Behavior:** || 174
137 || - If not already HTTPS and TLS is enabled, forces HTTPS redirect || 175 **Parameters:**
138 || - Handles both relative and absolute URLs || 176   - ##$url## (string) - URL to secure
139 || - Converts relative URLs using current server name || 177
140 || **Example:** || 178 **Behavior:**
141 || %%php 179   - If not already HTTPS and TLS is enabled, forces HTTPS redirect
    180   - Handles both relative and absolute URLs
    181   - Converts relative URLs using current server name
    182
    183 **Example:**
    184 %%(hl php)
142 $http->ensure_tls('/secure/payment'); 185 $http->ensure_tls('/secure/payment');
143 %% || 186 %%
144 || ---- || 187
145 || ==== IP Address Detection ==== || 188 ----
146 || ===== ##real_ip(): string## (Private) ===== || 189
147 || Detects client's real IP address accounting for proxies. || 190 ==== IP Address Detection ====
148 || **Proxy Headers Checked (in order):** || 191
149 || 1. ##HTTP_X_CLUSTER_CLIENT_IP## || 192 ===== ##real_ip(): string## (Private) =====
150 || 2. ##HTTP_X_FORWARDED_FOR## (or custom header) || 193 Detects client's real IP address accounting for proxies.
151 || 3. ##HTTP_CLIENT_IP## || 194
152 || 4. ##HTTP_X_REMOTE_ADDR## || 195 **Proxy Headers Checked (in order):**
153 || 5. ##REMOTE_ADDR## (fallback) || 196   1. ##HTTP_X_CLUSTER_CLIENT_IP##
154 || **Features:** || 197   2. ##HTTP_X_FORWARDED_FOR## (or custom header)
155 || - Filters out private/reserved IP ranges || 198   3. ##HTTP_CLIENT_IP##
156 || - Respects configured reverse proxy addresses || 199   4. ##HTTP_X_REMOTE_ADDR##
157 || - Returns ##'0.0.0.0'## as fallback || 200   5. ##REMOTE_ADDR## (fallback)
158 || **Configuration in Database:** || 201
159 || - ##reverse_proxy_addresses## - Comma/space-separated proxy IPs || 202 **Features:**
160 || - ##reverse_proxy_header## - Custom header name (default: ##X-Forwarded-For##) || 203   - Filters out private/reserved IP ranges
161 || **Example:** || 204   - Respects configured reverse proxy addresses
162 || %%php 205   - Returns ##'0.0.0.0'## as fallback
    206
    207 **Configuration in Database:**
    208   - ##reverse_proxy_addresses## - Comma/space-separated proxy IPs
    209   - ##reverse_proxy_header## - Custom header name (default: ##X-Forwarded-For##)
    210
    211 **Example:**
    212 %%(hl php)
163 $client_ip = $http->ip; // e.g., "203.0.113.42" 213 $client_ip = $http->ip; // e.g., "203.0.113.42"
164 %% || 214 %%
165 || ---- || 215
166 || ==== HTTPS Detection ==== || 216 ----
167 || ===== ##tls_session(): bool## (Private) ===== || 217
168 || Detects if current connection uses HTTPS/TLS. || 218 ==== HTTPS Detection ====
169 || **Checks (any being true = HTTPS):** || 219
170 || - ##$_SERVER['HTTPS']## is 'on' || 220 ===== ##tls_session(): bool## (Private) =====
171 || - ##$_SERVER['SERVER_PORT']## is 443 || 221 Detects if current connection uses HTTPS/TLS.
172 || - ##$_SERVER['HTTP_X_FORWARDED_PROTO']## is 'https' || 222
173 || - ##$_SERVER['HTTP_X_FORWARDED_SSL']## is 'on' || 223 **Checks (any being true = HTTPS):**
174 || - ##$_SERVER['HTTP_X_FORWARDED_PORT']## is 443 || 224   - ##$_SERVER['HTTPS']## is 'on'
175 || ---- || 225   - ##$_SERVER['SERVER_PORT']## is 443
176 || ==== Security Headers ==== || 226   - ##$_SERVER['HTTP_X_FORWARDED_PROTO']## is 'https'
177 || ===== ##http_security_headers(): void## ===== || 227   - ##$_SERVER['HTTP_X_FORWARDED_SSL']## is 'on'
178 || Sets security-related HTTP headers. || 228   - ##$_SERVER['HTTP_X_FORWARDED_PORT']## is 443
179 || **Headers Set:** || 229
180 || Header | Purpose | Config Key || 230 ----
181 || -------- | --------- | ------------ || 231
    232 ==== Security Headers ====
    233
    234 =====##http_security_headers(): void##=====
    235
    236 Sets security-related HTTP headers.
    237
    238 **Headers Set:**
    239
    240 #|
    241 *| Header | Purpose | Config Key |*
182 || Content-Security-Policy | XSS/injection protection | ##csp## || 242 || Content-Security-Policy | XSS/injection protection | ##csp## ||
183 || Permissions-Policy | Control browser features | ##permissions_policy## || 243 || Permissions-Policy | Control browser features | ##permissions_policy## ||
184 || Referrer-Policy | Control referrer information | ##referrer_policy## || 244 || Referrer-Policy | Control referrer information | ##referrer_policy## ||
185 || Strict-Transport-Security | Force HTTPS | Auto (TLS only) || 245 || Strict-Transport-Security | Force HTTPS | Auto (TLS only) ||
186 || X-Frame-Options | Clickjacking protection | Hardcoded: ##SAMEORIGIN## || 246 || X-Frame-Options | Clickjacking protection | Hardcoded: ##SAMEORIGIN## ||
187 || X-Content-Type-Options | MIME sniffing prevention | Hardcoded: ##nosniff## || 247 || X-Content-Type-Options | MIME sniffing prevention | Hardcoded: ##nosniff## ||
188 || **CSP Configuration Options:** || 248 |#
189 || - ##0## - Disabled || 249
190 || - ##1## - Default policy (from ##csp.conf##) || 250 **CSP Configuration Options:**
191 || - ##2## - Custom policy (from ##csp_custom.conf##) || 251   - ##0## - Disabled
192 || **Example:** || 252   - ##1## - Default policy (from ##csp.conf##)
193 || %%php 253   - ##2## - Custom policy (from ##csp_custom.conf##)
    254
    255 **Example:**
    256 %%(hl php)
194 $http->http_security_headers(); 257 $http->http_security_headers();
195 %% || 258 %%
196 || ---- || 259
197 || ==== HTTP Methods ==== || 260 ----
198 || ===== ##redirect($url, $permanent = false): void## ===== || 261 ==== HTTP Methods ====
199 || Performs an HTTP redirect. || 262
200 || **Parameters:** || 263 ===== ##redirect($url, $permanent = false): void## =====
201 || - ##$url## (string) - Target URL || 264 Performs an HTTP redirect.
202 || - ##$permanent## (bool) - Use 301 (permanent) vs 302 (temporary) || 265
203 || **Features:** || 266 **Parameters:**
204 || - Decodes ##&## entities to prevent broken redirects || 267   - ##$url## (string) - Target URL
205 || - Only works if headers not yet sent || 268   - ##$permanent## (bool) - Use 301 (permanent) vs 302 (temporary)
206 || - Uses output buffering to work anywhere in page processing || 269
207 || **Example:** || 270 **Features:**
208 || %%php 271   - Decodes ##&## entities to prevent broken redirects
    272   - Only works if headers not yet sent
    273   - Uses output buffering to work anywhere in page processing
    274
    275 **Example:**
    276 %%(hl php)
209 $http->redirect('http://example.com/new-page', true); // 301 277 $http->redirect('http://example.com/new-page', true); // 301
210 $http->redirect('/wiki/HomePage'); // 302 278 $http->redirect('/wiki/HomePage'); // 302
211 %% || 279 %%
212 || ---- || 280
213 || ===== ##terminate(): void## ===== || 281 ----
214 || Safe exit/die with cleanup. || 282
215 || **Cleanup Operations:** || 283 ===== ##terminate(): void## =====
216 || - Saves diagnostic logs to session flash data || 284 Safe exit/die with cleanup.
217 || - Ends script execution || 285
218 || **Example:** || 286 **Cleanup Operations:**
219 || %%php 287   - Saves diagnostic logs to session flash data
    288   - Ends script execution
    289
    290 **Example:**
    291 %%(hl php)
220 $http->terminate(); 292 $http->terminate();
221 %% || 293 %%
222 || ---- || 294
223 || ===== ##status($code): void## ===== || 295 ----
224 || Sets HTTP response status code. || 296
225 || **Supported Status Codes:** || 297 ===== ##status($code): void## =====
226 || %%php 298 Sets HTTP response status code.
    299
    300 **Supported Status Codes:**
    301 %%(hl php)
227 200 => 'OK' 302 200 => 'OK'
228 206 => 'Partial Content' 303 206 => 'Partial Content'
229 301 => 'Moved Permanently' 304 301 => 'Moved Permanently'
240 500 => 'Internal Server Error' 315 500 => 'Internal Server Error'
241 501 => 'Not Implemented' 316 501 => 'Not Implemented'
242 503 => 'Service Unavailable' 317 503 => 'Service Unavailable'
243 %% || 318 %%
244 || **Example:** || 319
245 || %%php 320 **Example:**
    321 %%(hl php)
246 $http->status(404); // Send 404 Not Found 322 $http->status(404); // Send 404 Not Found
247 %% || 323 %%
248 || ---- || 324
249 || ==== Caching Control ==== || 325 ----
250 || ===== ##no_cache($client_only = true): void## ===== || 326
251 || Disables caching of the current page. || 327 ==== Caching Control ====
252 || **Parameters:** || 328
253 || - ##$client_only## (bool, default: TRUE) || 329 ===== ##no_cache($client_only = true): void## =====
254 || - ##TRUE##: Disable browser cache only || 330 Disables caching of the current page.
255 || - ##FALSE##: Disable both browser and server cache || 331
256 || **Headers Set:** || 332 **Parameters:**
257 || - ##Last-Modified: <current-time>## (always fresh) || 333   - ##$client_only## (bool, default: TRUE)
258 || - ##Cache-Control: no-store## || 334   - ##TRUE##: Disable browser cache only
259 || **Example:** || 335   - ##FALSE##: Disable both browser and server cache
260 || %%php 336
    337 **Headers Set:**
    338   - ##Last-Modified: <current-time>## (always fresh)
    339   - ##Cache-Control: no-store##
    340
    341 **Example:**
    342 %%(hl php)
261 $http->no_cache(); // Client-side only 343 $http->no_cache(); // Client-side only
262 $http->no_cache(false); // Both client & server 344 $http->no_cache(false); // Both client & server
263 %% || 345 %%
264 || ---- || 346
265 || ===== ##cache_promisc(): void## ===== || 347 ----
266 || Marks page as publicly cacheable. || 348
267 || **Headers Set:** || 349 ===== ##cache_promisc(): void## =====
268 || - ##Cache-Control: public## || 350 Marks page as publicly cacheable.
269 || **Example:** || 351
270 || %%php 352 **Headers Set:**
    353   - ##Cache-Control: public##
    354
    355 **Example:**
    356 %%(hl php)
271 $http->cache_promisc(); 357 $http->cache_promisc();
272 %% || 358 %%
273 || ---- || 359
274 || ==== Language Negotiation ==== || 360 ----
275 || ===== ##user_agent_language(): string## ===== || 361
276 || Determines best language based on browser preferences. || 362 ==== Language Negotiation ====
277 || **Features:** || 363
278 || - Follows RFC 9110 section 12.5.4 (HTTP Accept-Language) || 364 ===== ##user_agent_language(): string## =====
279 || - Parses ##Accept-Language## header with quality factors || 365 Determines best language based on browser preferences.
280 || - Attempts exact match first, then language fallback || 366
281 || - Falls back to default system language || 367 **Features:**
282 || **Example Header:** || 368   - Follows RFC 9110 section 12.5.4 (HTTP Accept-Language)
283 || %% 369   - Parses ##Accept-Language## header with quality factors
    370   - Attempts exact match first, then language fallback
    371   - Falls back to default system language
    372
    373 **Example Header:**
    374 %%
284 Accept-Language: en-US,en;q=0.9,de;q=0.8 375 Accept-Language: en-US,en;q=0.9,de;q=0.8
285 %% || 376 %%
286 || **Returns:** || 377
287 || - Language code (e.g., 'en', 'en-US', 'de') || 378 **Returns:**
288 || ---- || 379   - Language code (e.g., 'en', 'en-US', 'de')
289 || ===== ##available_languages($subset = true): array## ===== || 380
290 || Returns list of available language translations. || 381 ----
291 || **Parameters:** || 382
292 || - ##$subset## (bool, default: TRUE) || 383 ===== ##available_languages($subset = true): array## =====
293 || - ##TRUE##: Only allowed languages || 384 Returns list of available language translations.
294 || - ##FALSE##: All available languages || 385
295 || **Features:** || 386 **Parameters:**
296 || - Scans ##LANG_DIR## for language files || 387   - ##$subset## (bool, default: TRUE)
297 || - Filters by ##allowed_languages## config if set || 388   - ##TRUE##: Only allowed languages
298 || - Caches result in session || 389   - ##FALSE##: All available languages
299 || - System language always included || 390
300 || **Returns:** || 391 **Features:**
301 || - Associative array: ##['en' => 'en', 'de' => 'de', ...]## || 392   - Scans ##LANG_DIR## for language files
302 || **Example:** || 393   - Filters by ##allowed_languages## config if set
303 || %%php 394   - Caches result in session
    395   - System language always included
    396
    397 **Returns:**
    398   - Associative array: ##['en' => 'en', 'de' => 'de', ...]##
    399
    400 **Example:**
    401 %%(hl php)
304 $all_langs = $http->available_languages(false); 402 $all_langs = $http->available_languages(false);
305 $allowed = $http->available_languages(true); 403 $allowed = $http->available_languages(true);
306 %% || 404 %%
307 || ---- || 405
308 || ==== File Serving ==== || 406 ----
309 || ===== ##sendfile($path, $filename = null, $age = null): void## ===== || 407
310 || Serves files with proper HTTP headers and caching. || 408 ==== File Serving ====
311 || **Parameters:** || 409
312 || - ##$path## (string) - File path (or HTTP_XXX constant for error pages) || 410 ===== ##sendfile($path, $filename = null, $age = null): void## =====
313 || - ##$filename## (string, optional) - Custom download filename || 411 Serves files with proper HTTP headers and caching.
314 || - ##$age## (int, optional) - Cache age in days || 412
315 || **Features:** || 413 **Parameters:**
316 || - HTTP range request support (partial file downloads) || 414   - ##$path## (string) - File path (or HTTP_XXX constant for error pages)
317 || - ETag and Last-Modified conditional requests || 415   - ##$filename## (string, optional) - Custom download filename
318 || - Proper MIME type detection || 416   - ##$age## (int, optional) - Cache age in days
319 || - Content-Security-Policy for special file types || 417
320 || - Streaming for large files || 418 **Features:**
321 || - GZip compression for text files || 419   - HTTP range request support (partial file downloads)
322 || **Special Paths:** || 420   - ETag and Last-Modified conditional requests
323 || %%php 421   - Proper MIME type detection
    422   - Content-Security-Policy for special file types
    423   - Streaming for large files
    424   - GZip compression for text files
    425
    426 **Special Paths:**
    427 %%(hl php)
324 $http->sendfile(404); // Serves file defined by HTTP_404 constant 428 $http->sendfile(404); // Serves file defined by HTTP_404 constant
325 $http->sendfile(403); // Serves file defined by HTTP_403 constant 429 $http->sendfile(403); // Serves file defined by HTTP_403 constant
326 %% || 430 %%
327 || **Example:** || 431
328 || %%php 432 **Example:**
    433 %%(hl php)
329 $http->sendfile('uploads/document.pdf', 'my-document.pdf', 30); 434 $http->sendfile('uploads/document.pdf', 'my-document.pdf', 30);
330 %% || 435 %%
331 || ---- || 436
332 || ===== ##mime_type($path): string## ===== || 437 ----
333 || Returns MIME type for a file. || 438
334 || **Returns:** || 439 ===== ##mime_type($path): string## =====
335 || - MIME type string (e.g., 'application/pdf') || 440 Returns MIME type for a file.
336 || - Default: ##'application/octet-stream'## || 441
337 || **Example:** || 442 **Returns:**
338 || %%php 443   - MIME type string (e.g., 'application/pdf')
    444   - Default: ##'application/octet-stream'##
    445
    446 **Example:**
    447 %%(hl php)
339 $mime = $http->mime_type('file.pdf'); // 'application/pdf' 448 $mime = $http->mime_type('file.pdf'); // 'application/pdf'
340 %% || 449 %%
341 || ---- || 450
342 || ===== ##mime_types(): array## (Private) ===== || 451 ----
343 || Loads and caches MIME types from configuration. || 452
344 || **Features:** || 453 ===== ##mime_types(): array## (Private) =====
345 || - Reads from ##config/mime.types## || 454 Loads and caches MIME types from configuration.
346 || - Caches to ##cache/config/mime.types## || 455
347 || - Reloads if config is updated || 456 **Features:**
348 || ---- || 457   - Reads from ##config/mime.types##
349 || ==== Compression ==== || 458   - Caches to ##cache/config/mime.types##
350 || ===== ##gzip(): void## ===== || 459   - Reloads if config is updated
351 || Compresses HTTP response with gzip/x-gzip. || 460
352 || **Features:** || 461 ----
353 || - Manually implements gzip (not relying on zlib.output_compression) || 462
354 || - Produces correct ##Content-Length## header || 463 ==== Compression ====
355 || - Only compresses if: || 464
356 || - 860 bytes < content < 1 MB || 465 ===== ##gzip(): void## =====
357 || - Client accepts compression || 466 Compresses HTTP response with gzip/x-gzip.
358 || - Headers not already sent || 467
359 || **Example:** || 468 **Features:**
360 || %%php 469   - Manually implements gzip (not relying on zlib.output_compression)
    470   - Produces correct ##Content-Length## header
    471   - Only compresses if:
    472   - 860 bytes < content < 1 MB
    473   - Client accepts compression
    474   - Headers not already sent
    475
    476 **Example:**
    477 %%(hl php)
361 $http->gzip(); 478 $http->gzip();
362 %% || 479 %%
363 || ---- || 480
364 || ==== Utility Methods ==== || 481 ----
365 || ===== ##parse_str($str): array## (Private) ===== || 482
366 || Parses URL-encoded strings with special character handling. || 483 ==== Utility Methods ====
367 || **Purpose:** || 484
368 || - Safely handles special characters in query/form data || 485 ===== ##parse_str($str): array## (Private) =====
369 || - Converts encoding properly || 486 Parses URL-encoded strings with special character handling.
370 || **Example:** || 487
371 || %%php 488 **Purpose:**
    489   - Safely handles special characters in query/form data
    490   - Converts encoding properly
    491
    492 **Example:**
    493 %%(hl php)
372 $data = $http->parse_str('name=John&age=30'); 494 $data = $http->parse_str('name=John&age=30');
373 %% || 495 %%
374 || ---- || 496
375 || ===== ##request_uri(): string## (Private) ===== || 497 ----
376 || Extracts and normalizes REQUEST_URI from server. || 498
377 || **Normalization:** || 499 ===== ##request_uri(): string## (Private) =====
378 || - Removes base URL prefix || 500 Extracts and normalizes REQUEST_URI from server.
379 || - Removes spaces || 501
380 || - Collapses multiple slashes || 502 **Normalization:**
381 || - Removes ##..## path traversal attempts || 503   - Removes base URL prefix
382 || - Removes leading/trailing slashes || 504   - Removes spaces
383 || ---- || 505   - Collapses multiple slashes
384 || ===== ##cut_prefix($prefix, $path): string## (Private) ===== || 506   - Removes ##..## path traversal attempts
385 || Removes prefix from path (case-insensitive). || 507   - Removes leading/trailing slashes
386 || ---- || 508
387 || ===== ##get_header_conf($file_name): string## (Private) ===== || 509 ----
388 || Loads security header configuration from files. || 510
389 || **Files Supported:** || 511 ===== ##cut_prefix($prefix, $path): string## (Private) =====
390 || - ##csp.conf## / ##csp_custom.conf## || 512 Removes prefix from path (case-insensitive).
391 || - ##permissions_policy.conf## / ##permissions_policy_custom.conf## || 513
392 || ---- || 514 ----
393 || === Configuration Dependencies === || 515
394 || The class relies on these database configuration settings: || 516 ===== ##get_header_conf($file_name): string## (Private) =====
395 || Setting | Type | Purpose || 517 Loads security header configuration from files.
396 || --------- | ------ | --------- || 518
    519 **Files Supported:**
    520   - ##csp.conf## / ##csp_custom.conf##
    521   - ##permissions_policy.conf## / ##permissions_policy_custom.conf##
    522
    523 ----
    524
    525 ===Configuration Dependencies===
    526
    527 The class relies on these database configuration settings:
    528
    529 #|
    530 *| Setting | Type | Purpose |*
397 || ##base_url## | string | Wiki's base URL || 531 || ##base_url## | string | Wiki's base URL ||
398 || ##tls## | bool | Enable HTTPS enforcement || 532 || ##tls## | bool | Enable HTTPS enforcement ||
399 || ##cache## | bool | Enable page caching || 533 || ##cache## | bool | Enable page caching ||
413 || ##csp## | int | CSP setting (0/1/2) || 547 || ##csp## | int | CSP setting (0/1/2) ||
414 || ##permissions_policy## | int | Permissions-Policy setting (0/1/2) || 548 || ##permissions_policy## | int | Permissions-Policy setting (0/1/2) ||
415 || ##referrer_policy## | int | Referrer-Policy setting (0-8) || 549 || ##referrer_policy## | int | Referrer-Policy setting (0-8) ||
416 || ---- || 550 |#
417 || === Constants Used === || 551
418 || Constant | Type | Purpose || 552 ----
419 || ---------- | ------ | --------- || 553
    554 ===Constants Used===
    555
    556 #|
    557 *| Constant | Type | Purpose |*
420 || ##IN_WACKO## | bool | Security check (exit if not defined) || 558 || ##IN_WACKO## | bool | Security check (exit if not defined) ||
421 || ##CHMOD_SAFE## | int | File permissions for cache files || 559 || ##CHMOD_SAFE## | int | File permissions for cache files ||
422 || ##CHMOD_FILE## | int | File permissions for config cache || 560 || ##CHMOD_FILE## | int | File permissions for config cache ||
434 572
435 === Workflow Examples === 573 === Workflow Examples ===
436 574
437 ==== Example 1: Handling a GET Request ==== 575 ====Example 1: Handling a GET Request====
438 576
439 %%php 577 %%(hl php)
440 // In main wiki entry point 578 // In main wiki entry point
441 $http = new Http($db); 579 $http = new Http($db);
442 $http->session(0); // Start session 580 $http->session(0); // Start session
458 596
459 ==== Example 2: Handling TLS/HTTPS Upgrade ==== 597 ==== Example 2: Handling TLS/HTTPS Upgrade ====
460 598
461 %%php 599 %%(hl php)
462 $http = new Http($db); // Constructor detects TLS requirement 600 $http = new Http($db); // Constructor detects TLS requirement
463 // If TLS is enabled and user wasn't in TLS before: 601 // If TLS is enabled and user wasn't in TLS before:
464 // - Sets TLS session flag 602 // - Sets TLS session flag
468 606
469 ==== Example 3: Invalidating Cache After Page Edit ==== 607 ==== Example 3: Invalidating Cache After Page Edit ====
470 608
471 %%php 609 %%(hl php)
472 // User edits a page 610 // User edits a page
473 $http = new Http($db); 611 $http = new Http($db);
474 $count = $http->invalidate_page('HomePage'); 612 $count = $http->invalidate_page('HomePage');
477 615
478 ==== Example 4: Serving a File ==== 616 ==== Example 4: Serving a File ====
479 617
480 %%php 618 %%(hl php)
481 $http = new Http($db); 619 $http = new Http($db);
482 $http->session(2); // Static file mode - no session replay prevention 620 $http->session(2); // Static file mode - no session replay prevention
483 621
552 690
553 The class integrates with WackoWiki's diagnostic system: 691 The class integrates with WackoWiki's diagnostic system:
554 692
555 %%php 693 %%(hl php)
556 // Diagnostic messages are preserved across redirects 694 // Diagnostic messages are preserved across redirects
557 // via session flash data 695 // via session flash data
558 696