Difference between revisions for Users / Eo Ny / dev
Additions:
Public Properties
| Property | Type | Description |
|---|---|---|
$tls_session |
bool | Indicates if the current session uses HTTPS/TLS encryption |
$request_uri |
string | Normalized REQUEST_URI (e.g., 'PageOfNoReturn/show?a=1') |
$ip |
string | Client's real IP address (accounts for proxies) |
$sess |
Session | Reference to the Session object |
$method |
string | Current HTTP method/request type |
Private Properties
| Property | Type | Description |
|---|---|---|
$db |
object | Database connection reference |
$tls_mark |
string | Cookie name for TLS session marking |
$page |
string | Current page name being processed |
$hash |
string | SHA1 hash of the page name |
$query |
string | Encoded query string |
$lang |
string | Current language code |
$file |
string | Cache file path |
$caching |
int | Flag indicating if page should be cached (0 or 1) |
store_cache(): void
PHP
=====##http_security_headers(): void##=====
Sets security-related HTTP headers.
#|
*| Header | Purpose | Config Key |*
|| Content-Security-Policy | XSS/injection protection | ##csp## ||
|| Permissions-Policy | Control browser features | ##permissions_policy## ||
|| Referrer-Policy | Control referrer information | ##referrer_policy## ||
|| Strict-Transport-Security | Force HTTPS | Auto (TLS only) ||
|| X-Frame-Options | Clickjacking protection | Hardcoded: ##SAMEORIGIN## ||
|| X-Content-Type-Options | MIME sniffing prevention | Hardcoded: ##nosniff## ||
|#
**CSP Configuration Options:**
- ##0## - Disabled
- ##1## - Default policy (from ##csp.conf##)
- ##2## - Custom policy (from ##csp_custom.conf##)
===Configuration Dependencies===
The class relies on these database configuration settings:
#|
*| Setting | Type | Purpose |*
|| ##base_url## | string | Wiki's base URL ||
|| ##tls## | bool | Enable HTTPS enforcement ||
|| ##cache## | bool | Enable page caching ||
|| ##cache_ttl## | int | Cache lifetime in seconds ||
|| ##session_store## | int | 1=File, 0=Database ||
|| ##system_seed_hash## | string | Session encryption seed ||
|| ##cookie_prefix## | string | Session cookie prefix ||
|| ##cookie_path## | string | Cookie path ||
|| ##allow_persistent_cookie## | bool | Allow persistent login ||
|| ##session_length## | int | Session lifetime in seconds ||
|| ##reverse_proxy_addresses## | string | Comma/space-separated proxy IPs ||
|| ##reverse_proxy_header## | string | Custom X-Forwarded header ||
|| ##language## | string | Default language code ||
|| ##multilanguage## | bool | Enable language negotiation ||
|| ##allowed_languages## | string | Comma/space-separated allowed langs ||
|| ##enable_security_headers## | bool | Send security headers ||
|| ##csp## | int | CSP setting (0/1/2) ||
|| ##permissions_policy## | int | Permissions-Policy setting (0/1/2) ||
|| ##referrer_policy## | int | Referrer-Policy setting (0-8) ||
|#
===Constants Used===
#|
*| Constant | Type | Purpose |*
|| ##IN_WACKO## | bool | Security check (exit if not defined) ||
|| ##CHMOD_SAFE## | int | File permissions for cache files ||
|| ##CHMOD_FILE## | int | File permissions for config cache ||
|| ##CACHE_PAGE_DIR## | string | Page cache directory ||
|| ##CACHE_SESSION_DIR## | string | Session cache directory ||
|| ##CACHE_CONFIG_DIR## | string | Config cache directory ||
|| ##CONFIG_DIR## | string | Configuration directory ||
|| ##LANG_DIR## | string | Language files directory ||
|| ##DAYSECS## | int | Seconds in a day (86400) ||
|| ##HTTP_404## | string | Path to 404 error page ||
|| ##HTTP_403## | string | Path to 403 error page ||
|#
====Example 1: Handling a GET Request====
Deletions: