Difference between revisions for Users / Eo Ny / dev




← Previous edit
Revision 7 as of 05/05/2026 19:23
15 05/18/2026 05:04 WikiAdmin 14 05/17/2026 21:10 WikiAdmin 13 05/05/2026 19:29 EoNy 12 05/05/2026 19:28 WikiAdmin 11 05/05/2026 19:28 WikiAdmin 10 05/05/2026 19:27 WikiAdmin 9 05/05/2026 19:25 WikiAdmin 8 05/05/2026 19:24 WikiAdmin 7 05/05/2026 19:23 WikiAdmin 6 05/05/2026 19:21 EoNy 5 05/05/2026 19:11 EoNy 4 05/05/2026 19:10 EoNy 3 05/05/2026 19:10 EoNy 2 05/05/2026 19:08 EoNy 1 05/05/2026 19:06 EoNy

(14.8 KiB)
WikiAdmin
 Next edit →
Revision 16 as of 05/18/2026 05:05
18 05/21/2026 16:12 WikiAdmin 17 05/18/2026 15:15 WikiAdmin 16 05/18/2026 05:05 WikiAdmin 15 05/18/2026 05:04 WikiAdmin 14 05/17/2026 21:10 WikiAdmin 13 05/05/2026 19:29 EoNy 12 05/05/2026 19:28 WikiAdmin 11 05/05/2026 19:28 WikiAdmin 10 05/05/2026 19:27 WikiAdmin 9 05/05/2026 19:25 WikiAdmin 8 05/05/2026 19:24 WikiAdmin

(18.4 KiB) +3,705
WikiAdmin

Version1 Version2
1 == HTTP Class Technical Documentation == 1 == HTTP Class Technical Documentation ==
2 2
    3 {{toc numerate=1}}
3 === Overview === 4 === Overview ===
4 5
5 The ##Http## class (##src/class/http.php##) is a core component of the WackoWiki system responsible for handling HTTP request/response processing, session management, caching, and security features. This class acts as a bridge between the web server and the wiki engine. 6 The ##Http## class (##src/class/http.php##) is a core component of the WackoWiki system responsible for handling HTTP request/response processing, session management, caching, and security features. This class acts as a bridge between the web server and the wiki engine.
12 13
13 === Class Properties === 14 === Class Properties ===
14 15
15 ==== Public Properties ==== 16 ====Public Properties====
16 17
17 18 #|
18 19 *| Property | Type | Description |*
19 ==== Private Properties ==== 20 || ##$tls_session## | bool | Indicates if the current session uses HTTPS/TLS encryption ||
20 21 || ##$request_uri## | string | Normalized REQUEST_URI (e.g., 'PageOfNoReturn/show?a=1') ||
21 22 || ##$ip## | string | Client's real IP address (accounts for proxies) ||
    23 || ##$sess## | Session | Reference to the Session object ||
    24 || ##$method## | string | Current HTTP method/request type ||
    25 |#
    26
    27 ====Private Properties====
    28
    29 #|
    30 *| Property | Type | Description |*
    31 || ##$db## | object | Database connection reference ||
    32 || ##$tls_mark## | string | Cookie name for TLS session marking ||
    33 || ##$page## | string | Current page name being processed ||
    34 || ##$hash## | string | SHA1 hash of the page name ||
    35 || ##$query## | string | Encoded query string ||
    36 || ##$lang## | string | Current language code ||
    37 || ##$file## | string | Cache file path ||
    38 || ##$caching## | int | Flag indicating if page should be cached (0 or 1) ||
    39 |#
    40
    41 ----
22 === Constructor === 42 === Constructor ===
23 43
24 %%php 44 %%(hl php)
25 public function __construct(&$db) 45 public function __construct(&$db)
26 %% 46 %%
27 47
39   6. Enforces TLS session upgrade if needed 59   6. Enforces TLS session upgrade if needed
40 60
41 **Example:** 61 **Example:**
42 %%php 62 %%(hl php)
43 $http = new Http($db); 63 $http = new Http($db);
44 %% 64 %%
45 65
63   - Recovers diagnostic logs from previous session 83   - Recovers diagnostic logs from previous session
64 84
65 **Example:** 85 **Example:**
66 %%php 86 %%(hl php)
67 $http->session(0); // Normal session 87 $http->session(0); // Normal session
68 $http->session(2); // Static file serving mode 88 $http->session(2); // Static file serving mode
69 %% 89 %%
86   - ✅ Only cached for anonymous users (no logged-in users) 106   - ✅ Only cached for anonymous users (no logged-in users)
87 107
88 **Example:** 108 **Example:**
89 %%php 109 %%(hl php)
90 $http->check_cache('HomePage', 'show'); 110 $http->check_cache('HomePage', 'show');
91 %% 111 %%
92 112
93 ---- 113 ----
94 114
95 ===== ##store_cache(): void## ===== 115 =====##store_cache(): void##=====
96 Saves the generated page content to cache file. 116 Saves the generated page content to cache file.
97 117
98 **Features:** 118 **Features:**
102   - Only executes if caching flag is set and user is anonymous 122   - Only executes if caching flag is set and user is anonymous
103 123
104 **Example:** 124 **Example:**
105 %%php 125 %%(hl php)
106 // Called at end of page rendering 126 // Called at end of page rendering
107 $http->store_cache(); 127 $http->store_cache();
108 %% 128 %%
125   4. Returns count of invalidated caches 145   4. Returns count of invalidated caches
126 146
127 **Example:** 147 **Example:**
128 %%php 148 %%(hl php)
129 $count = $http->invalidate_page('HomePage'); 149 $count = $http->invalidate_page('HomePage');
130 echo "Invalidated $count cache entries"; 150 echo "Invalidated $count cache entries";
131 %% 151 %%
143   - Called when TLS session is detected 163   - Called when TLS session is detected
144 164
145 **Example:** 165 **Example:**
146 %%php 166 %%(hl php)
147 $http->secure_base_url(); 167 $http->secure_base_url();
148 // $db->base_url now uses https:// 168 // $db->base_url now uses https://
149 %% 169 %%
162   - Converts relative URLs using current server name 182   - Converts relative URLs using current server name
163 183
164 **Example:** 184 **Example:**
165 %%php 185 %%(hl php)
166 $http->ensure_tls('/secure/payment'); 186 $http->ensure_tls('/secure/payment');
167 %% 187 %%
168 188
190   - ##reverse_proxy_header## - Custom header name (default: ##X-Forwarded-For##) 210   - ##reverse_proxy_header## - Custom header name (default: ##X-Forwarded-For##)
191 211
192 **Example:** 212 **Example:**
193 %%php 213 %%(hl php)
194 $client_ip = $http->ip; // e.g., "203.0.113.42" 214 $client_ip = $http->ip; // e.g., "203.0.113.42"
195 %% 215 %%
196 216
212 232
213 ==== Security Headers ==== 233 ==== Security Headers ====
214 234
215 ===== ##http_security_headers(): void## ===== 235 =====##http_security_headers(): void##=====
216 236
217 237 Sets security-related HTTP headers.
    238
    239 **Headers Set:**
    240
    241 #|
    242 *| Header | Purpose | Config Key |*
    243 || Content-Security-Policy | XSS/injection protection | ##csp## ||
    244 || Permissions-Policy | Control browser features | ##permissions_policy## ||
    245 || Referrer-Policy | Control referrer information | ##referrer_policy## ||
    246 || Strict-Transport-Security | Force HTTPS | Auto (TLS only) ||
    247 || X-Frame-Options | Clickjacking protection | Hardcoded: ##SAMEORIGIN## ||
    248 || X-Content-Type-Options | MIME sniffing prevention | Hardcoded: ##nosniff## ||
    249 |#
    250
    251 **CSP Configuration Options:**
    252   - ##0## - Disabled
    253   - ##1## - Default policy (from ##csp.conf##)
    254   - ##2## - Custom policy (from ##csp_custom.conf##)
    255
    256 **Example:**
    257 %%(hl php)
    258 $http->http_security_headers();
    259 %%
    260
    261 ----
218 ==== HTTP Methods ==== 262 ==== HTTP Methods ====
219 263
220 ===== ##redirect($url, $permanent = false): void## ===== 264 ===== ##redirect($url, $permanent = false): void## =====
230   - Uses output buffering to work anywhere in page processing 274   - Uses output buffering to work anywhere in page processing
231 275
232 **Example:** 276 **Example:**
233 %%php 277 %%(hl php)
234 $http->redirect('http://example.com/new-page', true); // 301 278 $http->redirect('http://example.com/new-page', true); // 301
235 $http->redirect('/wiki/HomePage'); // 302 279 $http->redirect('/wiki/HomePage'); // 302
236 %% 280 %%
245   - Ends script execution 289   - Ends script execution
246 290
247 **Example:** 291 **Example:**
248 %%php 292 %%(hl php)
249 $http->terminate(); 293 $http->terminate();
250 %% 294 %%
251 295
255 Sets HTTP response status code. 299 Sets HTTP response status code.
256 300
257 **Supported Status Codes:** 301 **Supported Status Codes:**
258 %%php 302 %%(hl php)
259 200 => 'OK' 303 200 => 'OK'
260 206 => 'Partial Content' 304 206 => 'Partial Content'
261 301 => 'Moved Permanently' 305 301 => 'Moved Permanently'
275 %% 319 %%
276 320
277 **Example:** 321 **Example:**
278 %%php 322 %%(hl php)
279 $http->status(404); // Send 404 Not Found 323 $http->status(404); // Send 404 Not Found
280 %% 324 %%
281 325
296   - ##Cache-Control: no-store## 340   - ##Cache-Control: no-store##
297 341
298 **Example:** 342 **Example:**
299 %%php 343 %%(hl php)
300 $http->no_cache(); // Client-side only 344 $http->no_cache(); // Client-side only
301 $http->no_cache(false); // Both client & server 345 $http->no_cache(false); // Both client & server
302 %% 346 %%
310   - ##Cache-Control: public## 354   - ##Cache-Control: public##
311 355
312 **Example:** 356 **Example:**
313 %%php 357 %%(hl php)
314 $http->cache_promisc(); 358 $http->cache_promisc();
315 %% 359 %%
316 360
355   - Associative array: ##['en' => 'en', 'de' => 'de', ...]## 399   - Associative array: ##['en' => 'en', 'de' => 'de', ...]##
356 400
357 **Example:** 401 **Example:**
358 %%php 402 %%(hl php)
359 $all_langs = $http->available_languages(false); 403 $all_langs = $http->available_languages(false);
360 $allowed = $http->available_languages(true); 404 $allowed = $http->available_languages(true);
361 %% 405 %%
381   - GZip compression for text files 425   - GZip compression for text files
382 426
383 **Special Paths:** 427 **Special Paths:**
384 %%php 428 %%(hl php)
385 $http->sendfile(404); // Serves file defined by HTTP_404 constant 429 $http->sendfile(404); // Serves file defined by HTTP_404 constant
386 $http->sendfile(403); // Serves file defined by HTTP_403 constant 430 $http->sendfile(403); // Serves file defined by HTTP_403 constant
387 %% 431 %%
388 432
389 **Example:** 433 **Example:**
390 %%php 434 %%(hl php)
391 $http->sendfile('uploads/document.pdf', 'my-document.pdf', 30); 435 $http->sendfile('uploads/document.pdf', 'my-document.pdf', 30);
392 %% 436 %%
393 437
401   - Default: ##'application/octet-stream'## 445   - Default: ##'application/octet-stream'##
402 446
403 **Example:** 447 **Example:**
404 %%php 448 %%(hl php)
405 $mime = $http->mime_type('file.pdf'); // 'application/pdf' 449 $mime = $http->mime_type('file.pdf'); // 'application/pdf'
406 %% 450 %%
407 451
431   - Headers not already sent 475   - Headers not already sent
432 476
433 **Example:** 477 **Example:**
434 %%php 478 %%(hl php)
435 $http->gzip(); 479 $http->gzip();
436 %% 480 %%
437 481
447   - Converts encoding properly 491   - Converts encoding properly
448 492
449 **Example:** 493 **Example:**
450 %%php 494 %%(hl php)
451 $data = $http->parse_str('name=John&age=30'); 495 $data = $http->parse_str('name=John&age=30');
452 %% 496 %%
453 497
479 523
480 ---- 524 ----
481 525
482 === Configuration Dependencies === 526 ===Configuration Dependencies===
483 527
484 528 The class relies on these database configuration settings:
485 529
486 === Constants Used === 530 #|
487 531 *| Setting | Type | Purpose |*
488 532 || ##base_url## | string | Wiki's base URL ||
    533 || ##tls## | bool | Enable HTTPS enforcement ||
    534 || ##cache## | bool | Enable page caching ||
    535 || ##cache_ttl## | int | Cache lifetime in seconds ||
    536 || ##session_store## | int | 1=File, 0=Database ||
    537 || ##system_seed_hash## | string | Session encryption seed ||
    538 || ##cookie_prefix## | string | Session cookie prefix ||
    539 || ##cookie_path## | string | Cookie path ||
    540 || ##allow_persistent_cookie## | bool | Allow persistent login ||
    541 || ##session_length## | int | Session lifetime in seconds ||
    542 || ##reverse_proxy_addresses## | string | Comma/space-separated proxy IPs ||
    543 || ##reverse_proxy_header## | string | Custom X-Forwarded header ||
    544 || ##language## | string | Default language code ||
    545 || ##multilanguage## | bool | Enable language negotiation ||
    546 || ##allowed_languages## | string | Comma/space-separated allowed langs ||
    547 || ##enable_security_headers## | bool | Send security headers ||
    548 || ##csp## | int | CSP setting (0/1/2) ||
    549 || ##permissions_policy## | int | Permissions-Policy setting (0/1/2) ||
    550 || ##referrer_policy## | int | Referrer-Policy setting (0-8) ||
    551 |#
    552
    553 ----
    554
    555 ===Constants Used===
    556
    557 #|
    558 *| Constant | Type | Purpose |*
    559 || ##IN_WACKO## | bool | Security check (exit if not defined) ||
    560 || ##CHMOD_SAFE## | int | File permissions for cache files ||
    561 || ##CHMOD_FILE## | int | File permissions for config cache ||
    562 || ##CACHE_PAGE_DIR## | string | Page cache directory ||
    563 || ##CACHE_SESSION_DIR## | string | Session cache directory ||
    564 || ##CACHE_CONFIG_DIR## | string | Config cache directory ||
    565 || ##CONFIG_DIR## | string | Configuration directory ||
    566 || ##LANG_DIR## | string | Language files directory ||
    567 || ##DAYSECS## | int | Seconds in a day (86400) ||
    568 || ##HTTP_404## | string | Path to 404 error page ||
    569 || ##HTTP_403## | string | Path to 403 error page ||
    570 |#
    571
    572 ----
489 573
490 === Workflow Examples === 574 === Workflow Examples ===
491 575
492 ==== Example 1: Handling a GET Request ==== 576 ====Example 1: Handling a GET Request====
493 577
494 %%php 578 %%(hl php)
495 // In main wiki entry point 579 // In main wiki entry point
496 $http = new Http($db); 580 $http = new Http($db);
497 $http->session(0); // Start session 581 $http->session(0); // Start session
513 597
514 ==== Example 2: Handling TLS/HTTPS Upgrade ==== 598 ==== Example 2: Handling TLS/HTTPS Upgrade ====
515 599
516 %%php 600 %%(hl php)
517 $http = new Http($db); // Constructor detects TLS requirement 601 $http = new Http($db); // Constructor detects TLS requirement
518 // If TLS is enabled and user wasn't in TLS before: 602 // If TLS is enabled and user wasn't in TLS before:
519 // - Sets TLS session flag 603 // - Sets TLS session flag
523 607
524 ==== Example 3: Invalidating Cache After Page Edit ==== 608 ==== Example 3: Invalidating Cache After Page Edit ====
525 609
526 %%php 610 %%(hl php)
527 // User edits a page 611 // User edits a page
528 $http = new Http($db); 612 $http = new Http($db);
529 $count = $http->invalidate_page('HomePage'); 613 $count = $http->invalidate_page('HomePage');
532 616
533 ==== Example 4: Serving a File ==== 617 ==== Example 4: Serving a File ====
534 618
535 %%php 619 %%(hl php)
536 $http = new Http($db); 620 $http = new Http($db);
537 $http->session(2); // Static file mode - no session replay prevention 621 $http->session(2); // Static file mode - no session replay prevention
538 622
607 691
608 The class integrates with WackoWiki's diagnostic system: 692 The class integrates with WackoWiki's diagnostic system:
609 693
610 %%php 694 %%(hl php)
611 // Diagnostic messages are preserved across redirects 695 // Diagnostic messages are preserved across redirects
612 // via session flash data 696 // via session flash data
613 697