Merge pull request #18603 from MauricioFauth/response-redirect

MauricioFauth · web-flow · commit 5b428f6f77e8 · 2023-08-06T17:44:31.000-03:00
Move Core::sendHeaderLocation() to ResponseRenderer::redirect()
diff --git a/libraries/classes/Config.php b/libraries/classes/Config.php
@@ -131,7 +131,6 @@ public function loadAndCheck(string|null $source = null): void
     public function checkSystem(): void
     {
         $this->checkWebServerOs();
-        $this->checkWebServer();
         $this->checkGd2();
         $this->checkClient();
         $this->checkUpload();
@@ -284,26 +283,6 @@ public function checkGd2(): void
         $this->set('PMA_IS_GD2', 0);
     }
 
-    /**
-     * Whether the Web server php is running on is IIS
-     */
-    public function checkWebServer(): void
-    {
-        // some versions return Microsoft-IIS, some Microsoft/IIS
-        // we could use a preg_match() but it's slower
-        if (
-            Core::getenv('SERVER_SOFTWARE')
-            && stripos(Core::getenv('SERVER_SOFTWARE'), 'Microsoft') !== false
-            && stripos(Core::getenv('SERVER_SOFTWARE'), 'IIS') !== false
-        ) {
-            $this->set('PMA_IS_IIS', 1);
-
-            return;
-        }
-
-        $this->set('PMA_IS_IIS', 0);
-    }
-
     /**
      * Whether the os php is running on is windows or not
      */
diff --git a/libraries/classes/Config/PageSettings.php b/libraries/classes/Config/PageSettings.php
@@ -8,7 +8,6 @@
 namespace PhpMyAdmin\Config;
 
 use PhpMyAdmin\Config\Forms\Page\PageFormList;
-use PhpMyAdmin\Core;
 use PhpMyAdmin\Message;
 use PhpMyAdmin\ResponseRenderer;
 use PhpMyAdmin\UserPreferences;
@@ -97,7 +96,7 @@ private function processPageSettings(FormDisplay $formDisplay, ConfigFile $cf):
         if ($result === true) {
             // reload page
             $response = ResponseRenderer::getInstance();
-            Core::sendHeaderLocation($response->getSelfUrl());
+            $response->redirect($response->getSelfUrl());
             $response->callExit();
         }
 
diff --git a/libraries/classes/Controllers/AbstractController.php b/libraries/classes/Controllers/AbstractController.php
@@ -4,7 +4,6 @@
 
 namespace PhpMyAdmin\Controllers;
 
-use PhpMyAdmin\Core;
 use PhpMyAdmin\Html\MySQLDocumentation;
 use PhpMyAdmin\Message;
 use PhpMyAdmin\ResponseRenderer;
@@ -41,8 +40,7 @@ protected function redirect(string $route, array $params = []): void
             return;
         }
 
-        $uri = './index.php?route=' . $route . Url::getCommonRaw($params, '&');
-        Core::sendHeaderLocation($uri);
+        $this->response->redirect('./index.php?route=' . $route . Url::getCommonRaw($params, '&'));
     }
 
     /**
diff --git a/libraries/classes/Controllers/CollationConnectionController.php b/libraries/classes/Controllers/CollationConnectionController.php
@@ -26,6 +26,6 @@ public function __invoke(ServerRequest $request): void
             'utf8mb4_unicode_ci',
         );
 
-        $this->response->header('Location: index.php?route=/' . Url::getCommonRaw([], '&'));
+        $this->response->redirect('index.php?route=/' . Url::getCommonRaw([], '&'));
     }
 }
diff --git a/libraries/classes/Controllers/Export/ExportController.php b/libraries/classes/Controllers/Export/ExportController.php
@@ -283,8 +283,7 @@ public function __invoke(ServerRequest $request): void
             // problem opening export file on server?
             if ($message !== null) {
                 $location = $this->export->getPageLocationAndSaveMessage($GLOBALS['export_type'], $message);
-                $this->response->header('Location: ' . $location);
-                $this->response->setHttpResponseCode(302);
+                $this->response->redirect($location);
 
                 return;
             }
@@ -490,8 +489,7 @@ public function __invoke(ServerRequest $request): void
 
         if ($GLOBALS['save_on_server'] && $GLOBALS['message'] instanceof Message) {
             $location = $this->export->getPageLocationAndSaveMessage($GLOBALS['export_type'], $GLOBALS['message']);
-            $this->response->header('Location: ' . $location);
-            $this->response->setHttpResponseCode(302);
+            $this->response->redirect($location);
 
             return;
         }
@@ -543,8 +541,7 @@ public function __invoke(ServerRequest $request): void
                 $GLOBALS['save_filename'],
             );
             $location = $this->export->getPageLocationAndSaveMessage($GLOBALS['export_type'], $message);
-            $this->response->header('Location: ' . $location);
-            $this->response->setHttpResponseCode(302);
+            $this->response->redirect($location);
 
             return;
         }
diff --git a/libraries/classes/Controllers/LogoutController.php b/libraries/classes/Controllers/LogoutController.php
@@ -4,9 +4,9 @@
 
 namespace PhpMyAdmin\Controllers;
 
-use PhpMyAdmin\Core;
 use PhpMyAdmin\Http\ServerRequest;
 use PhpMyAdmin\Plugins\AuthenticationPluginFactory;
+use PhpMyAdmin\ResponseRenderer;
 
 class LogoutController
 {
@@ -17,7 +17,7 @@ public function __construct(private AuthenticationPluginFactory $authPluginFacto
     public function __invoke(ServerRequest $request): void
     {
         if (! $request->isPost() || $GLOBALS['token_mismatch']) {
-            Core::sendHeaderLocation('./index.php?route=/');
+            ResponseRenderer::getInstance()->redirect('./index.php?route=/');
 
             return;
         }
diff --git a/libraries/classes/Controllers/Sql/SqlController.php b/libraries/classes/Controllers/Sql/SqlController.php
@@ -229,7 +229,7 @@ private function addBookmark(string $goto, array $bkmFields, bool $bkmAllUsers):
         }
 
         if (! $this->response->isAjax()) {
-            Core::sendHeaderLocation('./' . $goto . '&label=' . $bkmFields['bkm_label']);
+            $this->response->redirect('./' . $goto . '&label=' . $bkmFields['bkm_label']);
 
             return;
         }
diff --git a/libraries/classes/Controllers/ThemeSetController.php b/libraries/classes/Controllers/ThemeSetController.php
@@ -28,7 +28,7 @@ public function __invoke(ServerRequest $request): void
     {
         $theme = $request->getParsedBodyParam('set_theme');
         if (! $GLOBALS['cfg']['ThemeManager'] || ! is_string($theme) || $theme === '') {
-            $this->response->header('Location: index.php?route=/' . Url::getCommonRaw([], '&'));
+            $this->response->redirect('index.php?route=/' . Url::getCommonRaw([], '&'));
 
             return;
         }
@@ -47,6 +47,6 @@ public function __invoke(ServerRequest $request): void
         $preferences['config_data']['ThemeDefault'] = $theme;
         $this->userPreferences->save($preferences['config_data']);
 
-        $this->response->header('Location: index.php?route=/' . Url::getCommonRaw([], '&'));
+        $this->response->redirect('index.php?route=/' . Url::getCommonRaw([], '&'));
     }
 }
diff --git a/libraries/classes/Core.php b/libraries/classes/Core.php
@@ -32,26 +32,22 @@
 use function is_array;
 use function is_string;
 use function json_decode;
-use function mb_strlen;
 use function mb_strpos;
 use function mb_substr;
 use function parse_str;
 use function parse_url;
 use function preg_match;
 use function preg_replace;
-use function session_write_close;
 use function sprintf;
 use function str_replace;
 use function strlen;
 use function strpos;
 use function strtolower;
 use function substr;
-use function trigger_error;
 use function unserialize;
 use function urldecode;
 
 use const DATE_RFC1123;
-use const E_USER_ERROR;
 use const E_USER_WARNING;
 use const FILTER_VALIDATE_IP;
 
@@ -257,50 +253,6 @@ public static function getenv(string $varName): string
         return '';
     }
 
-    /**
-     * Send HTTP header, taking IIS limits into account (600 seems ok)
-     *
-     * @param string $uri        the header to send
-     * @param bool   $useRefresh whether to use Refresh: header when running on IIS
-     */
-    public static function sendHeaderLocation(string $uri, bool $useRefresh = false): void
-    {
-        if ($GLOBALS['config']->get('PMA_IS_IIS') && mb_strlen($uri) > 600) {
-            ResponseRenderer::getInstance()->disable();
-
-            $template = new Template();
-            echo $template->render('header_location', ['uri' => $uri]);
-
-            return;
-        }
-
-        /**
-         * Avoid relative path redirect problems in case user entered URL
-         * like /phpmyadmin/index.php/ which some web servers happily accept.
-         */
-        if ($uri[0] === '.') {
-            $uri = $GLOBALS['config']->getRootPath() . substr($uri, 2);
-        }
-
-        $response = ResponseRenderer::getInstance();
-
-        session_write_close();
-        if ($response->headersSent()) {
-            trigger_error('Core::sendHeaderLocation called when headers are already sent!', E_USER_ERROR);
-        }
-
-        // bug #1523784: IE6 does not like 'Refresh: 0', it
-        // results in a blank page
-        // but we need it when coming from the cookie login panel)
-        if ($GLOBALS['config']->get('PMA_IS_IIS') && $useRefresh) {
-            $response->header('Refresh: 0; ' . $uri);
-
-            return;
-        }
-
-        $response->header('Location: ' . $uri);
-    }
-
     /**
      * Returns application/json headers. This includes no caching.
      *
diff --git a/libraries/classes/Export/Export.php b/libraries/classes/Export/Export.php
@@ -1070,6 +1070,8 @@ public function exportTable(
 
     /**
      * Loads correct page after doing export
+     *
+     * @psalm-return non-empty-string
      */
     public function getPageLocationAndSaveMessage(string $exportType, Message $message): string
     {
diff --git a/libraries/classes/Plugins/Auth/AuthenticationCookie.php b/libraries/classes/Plugins/Auth/AuthenticationCookie.php
@@ -495,11 +495,7 @@ public function rememberCredentials(): void
 
         $response = ResponseRenderer::getInstance();
         $response->disable();
-
-        Core::sendHeaderLocation(
-            './index.php?route=/' . Url::getCommonRaw($urlParams, '&'),
-            true,
-        );
+        $response->redirect('./index.php?route=/' . Url::getCommonRaw($urlParams, '&'));
 
         $response->callExit();
     }
diff --git a/libraries/classes/Plugins/Auth/AuthenticationSignon.php b/libraries/classes/Plugins/Auth/AuthenticationSignon.php
@@ -7,7 +7,6 @@
 
 namespace PhpMyAdmin\Plugins\Auth;
 
-use PhpMyAdmin\Core;
 use PhpMyAdmin\Plugins\AuthenticationPlugin;
 use PhpMyAdmin\ResponseRenderer;
 use PhpMyAdmin\Util;
@@ -46,7 +45,7 @@ public function showLoginForm(): never
 
             $response->callExit();
         } else {
-            Core::sendHeaderLocation($GLOBALS['cfg']['Server']['SignonURL']);
+            $response->redirect($GLOBALS['cfg']['Server']['SignonURL']);
         }
 
         $response->callExit();
diff --git a/libraries/classes/Plugins/AuthenticationPlugin.php b/libraries/classes/Plugins/AuthenticationPlugin.php
@@ -8,7 +8,6 @@
 namespace PhpMyAdmin\Plugins;
 
 use PhpMyAdmin\Config;
-use PhpMyAdmin\Core;
 use PhpMyAdmin\Exceptions\SessionHandlerException;
 use PhpMyAdmin\IpAllowDeny;
 use PhpMyAdmin\Logging;
@@ -128,6 +127,7 @@ public function logOut(): void
             }
         }
 
+        $response = ResponseRenderer::getInstance();
         if ($server === 0) {
             /* delete user's choices that were stored in session */
             if (! defined('TESTSUITE')) {
@@ -136,13 +136,11 @@ public function logOut(): void
             }
 
             /* Redirect to login form (or configured URL) */
-            Core::sendHeaderLocation($redirectUrl);
+            $response->redirect($redirectUrl);
         } else {
             /* Redirect to other authenticated server */
             $_SESSION['partial_logout'] = true;
-            Core::sendHeaderLocation(
-                './index.php?route=/' . Url::getCommonRaw(['server' => $server], '&'),
-            );
+            $response->redirect('./index.php?route=/' . Url::getCommonRaw(['server' => $server], '&'));
         }
     }
 
diff --git a/libraries/classes/Replication/ReplicationGui.php b/libraries/classes/Replication/ReplicationGui.php
@@ -7,7 +7,6 @@
 
 namespace PhpMyAdmin\Replication;
 
-use PhpMyAdmin\Core;
 use PhpMyAdmin\Dbal\Connection;
 use PhpMyAdmin\Message;
 use PhpMyAdmin\Query\Utilities;
@@ -455,9 +454,8 @@ public function handleControlRequest(
                     : Message::error($messageError),
                 );
             } else {
-                Core::sendHeaderLocation(
-                    './index.php?route=/server/replication'
-                    . Url::getCommonRaw($GLOBALS['urlParams'], '&'),
+                $response->redirect(
+                    './index.php?route=/server/replication' . Url::getCommonRaw($GLOBALS['urlParams'], '&'),
                 );
             }
         }
diff --git a/libraries/classes/ResponseRenderer.php b/libraries/classes/ResponseRenderer.php
@@ -7,6 +7,7 @@
 
 namespace PhpMyAdmin;
 
+use Fig\Http\Message\StatusCodeInterface;
 use PhpMyAdmin\Exceptions\ExitException;
 use PhpMyAdmin\Http\Factory\ResponseFactory;
 
@@ -21,7 +22,9 @@
 use function mb_strlen;
 use function register_shutdown_function;
 use function sprintf;
+use function str_starts_with;
 use function strlen;
+use function substr;
 
 use const PHP_SAPI;
 
@@ -506,4 +509,22 @@ public function callExit(string $message = ''): never
 
         exit;
     }
+
+    /**
+     * @psalm-param non-empty-string $url
+     * @psalm-param StatusCodeInterface::STATUS_* $statusCode
+     */
+    public function redirect(string $url, int $statusCode = StatusCodeInterface::STATUS_FOUND): void
+    {
+        /**
+         * Avoid relative path redirect problems in case user entered URL
+         * like /phpmyadmin/index.php/ which some web servers happily accept.
+         */
+        if (str_starts_with($url, '.')) {
+            $url = $GLOBALS['config']->getRootPath() . substr($url, 2);
+        }
+
+        $this->header('Location: ' . $url);
+        $this->httpResponseCode($statusCode);
+    }
 }
diff --git a/libraries/classes/UrlRedirector.php b/libraries/classes/UrlRedirector.php
@@ -29,7 +29,7 @@ public static function redirect(string $url): never
             || ! preg_match('/^https:\/\/[^\n\r]*$/', $url)
             || ! Core::isAllowedDomain($url)
         ) {
-            Core::sendHeaderLocation('./');
+            $response->redirect('./');
 
             $response->callExit();
         }
diff --git a/libraries/classes/UserPreferences.php b/libraries/classes/UserPreferences.php
@@ -274,8 +274,9 @@ public function redirect(
             $hash = '#' . urlencode($hash);
         }
 
-        Core::sendHeaderLocation('./' . $fileName
-            . Url::getCommonRaw($urlParams, ! str_contains($fileName, '?') ? '?' : '&') . $hash);
+        ResponseRenderer::getInstance()->redirect(
+            './' . $fileName . Url::getCommonRaw($urlParams, ! str_contains($fileName, '?') ? '?' : '&') . $hash,
+        );
     }
 
     /**
diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon
diff --git a/psalm-baseline.xml b/psalm-baseline.xml
diff --git a/templates/header_location.twig b/templates/header_location.twig
diff --git a/test/classes/ConfigTest.php b/test/classes/ConfigTest.php
diff --git a/test/classes/Controllers/CollationConnectionControllerTest.php b/test/classes/Controllers/CollationConnectionControllerTest.php
diff --git a/test/classes/CoreTest.php b/test/classes/CoreTest.php
diff --git a/test/classes/UserPreferencesTest.php b/test/classes/UserPreferencesTest.php

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,6 @@`
`4`	`4`
`5`	`5`	`namespace PhpMyAdmin\Controllers;`
`6`	`6`
`7`		`-use PhpMyAdmin\Core;`
`8`	`7`	`use PhpMyAdmin\Html\MySQLDocumentation;`
`9`	`8`	`use PhpMyAdmin\Message;`
`10`	`9`	`use PhpMyAdmin\ResponseRenderer;`
`@@ -41,8 +40,7 @@ protected function redirect(string $route, array $params = []): void`
`41`	`40`	`return;`
`42`	`41`	`}`
`43`	`42`
`44`		`- $uri = './index.php?route=' . $route . Url::getCommonRaw($params, '&');`
`45`		`- Core::sendHeaderLocation($uri);`
	`43`	`+ $this->response->redirect('./index.php?route=' . $route . Url::getCommonRaw($params, '&'));`
`46`	`44`	`}`
`47`	`45`
`48`	`46`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,6 @@ public function __invoke(ServerRequest $request): void`
`26`	`26`	`'utf8mb4_unicode_ci',`
`27`	`27`	`);`
`28`	`28`
`29`		`- $this->response->header('Location: index.php?route=/' . Url::getCommonRaw([], '&'));`
	`29`	`+ $this->response->redirect('index.php?route=/' . Url::getCommonRaw([], '&'));`
`30`	`30`	`}`
`31`	`31`	`}`
Original file line number	Diff line number	Diff line change
`@@ -4,9 +4,9 @@`
`4`	`4`
`5`	`5`	`namespace PhpMyAdmin\Controllers;`
`6`	`6`
`7`		`-use PhpMyAdmin\Core;`
`8`	`7`	`use PhpMyAdmin\Http\ServerRequest;`
`9`	`8`	`use PhpMyAdmin\Plugins\AuthenticationPluginFactory;`
	`9`	`+use PhpMyAdmin\ResponseRenderer;`
`10`	`10`
`11`	`11`	`class LogoutController`
`12`	`12`	`{`
`@@ -17,7 +17,7 @@ public function __construct(private AuthenticationPluginFactory $authPluginFacto`
`17`	`17`	`public function __invoke(ServerRequest $request): void`
`18`	`18`	`{`
`19`	`19`	`if (! $request->isPost() \|\| $GLOBALS['token_mismatch']) {`
`20`		`- Core::sendHeaderLocation('./index.php?route=/');`
	`20`	`+ ResponseRenderer::getInstance()->redirect('./index.php?route=/');`
`21`	`21`
`22`	`22`	`return;`
`23`	`23`	`}`
Original file line number	Diff line number	Diff line change
`@@ -229,7 +229,7 @@ private function addBookmark(string $goto, array $bkmFields, bool $bkmAllUsers):`
`229`	`229`	`}`
`230`	`230`
`231`	`231`	`if (! $this->response->isAjax()) {`
`232`		`- Core::sendHeaderLocation('./' . $goto . '&label=' . $bkmFields['bkm_label']);`
	`232`	`+ $this->response->redirect('./' . $goto . '&label=' . $bkmFields['bkm_label']);`
`233`	`233`
`234`	`234`	`return;`
`235`	`235`	`}`
Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,7 @@ public function __invoke(ServerRequest $request): void`
`28`	`28`	`{`
`29`	`29`	`$theme = $request->getParsedBodyParam('set_theme');`
`30`	`30`	`if (! $GLOBALS['cfg']['ThemeManager'] \|\| ! is_string($theme) \|\| $theme === '') {`
`31`		`- $this->response->header('Location: index.php?route=/' . Url::getCommonRaw([], '&'));`
	`31`	`+ $this->response->redirect('index.php?route=/' . Url::getCommonRaw([], '&'));`
`32`	`32`
`33`	`33`	`return;`
`34`	`34`	`}`
`@@ -47,6 +47,6 @@ public function __invoke(ServerRequest $request): void`
`47`	`47`	`$preferences['config_data']['ThemeDefault'] = $theme;`
`48`	`48`	`$this->userPreferences->save($preferences['config_data']);`
`49`	`49`
`50`		`- $this->response->header('Location: index.php?route=/' . Url::getCommonRaw([], '&'));`
	`50`	`+ $this->response->redirect('index.php?route=/' . Url::getCommonRaw([], '&'));`
`51`	`51`	`}`
`52`	`52`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1070,6 +1070,8 @@ public function exportTable(`
`1070`	`1070`
`1071`	`1071`	`/**`
`1072`	`1072`	`* Loads correct page after doing export`
	`1073`	`+ *`
	`1074`	`+ * @psalm-return non-empty-string`
`1073`	`1075`	`*/`
`1074`	`1076`	`public function getPageLocationAndSaveMessage(string $exportType, Message $message): string`
`1075`	`1077`	`{`