Difference between revisions for Users / Eo Ny / dev
Additions:
Public Properties
| Property | Type | Description |
|---|---|---|
$tls_session |
bool | Indicates if the current session uses HTTPS/TLS encryption |
$request_uri |
string | Normalized REQUEST_URI (e.g., 'PageOfNoReturn/show?a=1') |
$ip |
string | Client's real IP address (accounts for proxies) |
$sess |
Session | Reference to the Session object |
$method |
string | Current HTTP method/request type |
Private Properties
| Property | Type | Description |
|---|---|---|
$db |
object | Database connection reference |
$tls_mark |
string | Cookie name for TLS session marking |
$page |
string | Current page name being processed |
$hash |
string | SHA1 hash of the page name |
$query |
string | Encoded query string |
$lang |
string | Current language code |
$file |
string | Cache file path |
$caching |
int | Flag indicating if page should be cached (0 or 1) |
PHP
PHP
store_cache(): void
PHP
PHP
PHP
=====##http_security_headers(): void##=====
Sets security-related HTTP headers.
#|
*| Header | Purpose | Config Key |*
|| Content-Security-Policy | XSS/injection protection | ##csp## ||
|| Permissions-Policy | Control browser features | ##permissions_policy## ||
|| Referrer-Policy | Control referrer information | ##referrer_policy## ||
|| Strict-Transport-Security | Force HTTPS | Auto (TLS only) ||
|| X-Frame-Options | Clickjacking protection | Hardcoded: ##SAMEORIGIN## ||
|| X-Content-Type-Options | MIME sniffing prevention | Hardcoded: ##nosniff## ||
|#
**CSP Configuration Options:**
- ##0## - Disabled
- ##1## - Default policy (from ##csp.conf##)
- ##2## - Custom policy (from ##csp_custom.conf##)
PHP
PHP
PHP
PHP
PHP
PHP
Configuration Dependencies
The class relies on these database configuration settings:| Setting | Type | Purpose |
|---|---|---|
base_url |
string | Wiki's base URL |
tls |
bool | Enable HTTPS enforcement |
cache |
bool | Enable page caching |
cache_ttl |
int | Cache lifetime in seconds |
session_store |
int | 1=File, 0=Database |
system_seed_hash |
string | Session encryption seed |
cookie_prefix |
string | Session cookie prefix |
cookie_path |
string | Cookie path |
allow_persistent_cookie |
bool | Allow persistent login |
session_length |
int | Session lifetime in seconds |
reverse_proxy_addresses |
string | Comma/space-separated proxy IPs |
reverse_proxy_header |
string | Custom X-Forwarded header |
language |
string | Default language code |
multilanguage |
bool | Enable language negotiation |
allowed_languages |
string | Comma/space-separated allowed langs |
enable_security_headers |
bool | Send security headers |
csp |
int | CSP setting (0/1/2) |
permissions_policy |
int | Permissions-Policy setting (0/1/2) |
referrer_policy |
int | Referrer-Policy setting (0-8) |
Constants Used
| Constant | Type | Purpose |
|---|---|---|
IN_WACKO |
bool | Security check (exit if not defined) |
CHMOD_SAFE |
int | File permissions for cache files |
CHMOD_FILE |
int | File permissions for config cache |
CACHE_PAGE_DIR |
string | Page cache directory |
CACHE_SESSION_DIR |
string | Session cache directory |
CACHE_CONFIG_DIR |
string | Config cache directory |
CONFIG_DIR |
string | Configuration directory |
LANG_DIR |
string | Language files directory |
DAYSECS |
int | Seconds in a day (86400) |
HTTP_404 |
string | Path to 404 error page |
HTTP_403 |
string | Path to 403 error page |
Example 1: Handling a GET Request
PHP
PHP
%%(hl php)
Deletions:
Public Properties
Private Properties
phpphp
phpphp
store_cache(): void
phpphp
phpphp
php ===== ##http_security_headers(): void## =====php
phpphp
phpphp
phpphp
phpphp
phpphp
php === Configuration Dependencies === === Constants Used === ==== Example 1: Handling a GET Request ====php
phpphp
phpphp