Hi all,
I am running MediaWiki 1.26, and trying to force it to be all-SSL, all the
time, excepting a particular Special: page. To that end, I have code which
makes the following method call from a 'BeforeInitialize' hook:
$this->output->redirect($https_url, 301);
However, by the time processing gets to OutputPage:output() method, the
OutputPage::$mRedirect attribute is empty. I think this is because our wiki is
also configured to require logins to read, and when accessing it as anonymous
user on plaintext port, OutputPage::prepareErrorPage gets run AFTER we send the
SSL redirect, but BEFORE the actual output rendering occurs.
My simple solution to this is to forcibly invoke OutputPage::Output on the
spot, right there in the 'BeforeInitialize' hook:
$this->output->redirect($https_url, 301);
$this->output->output();
However, while it LOOKS safe (because OutputPage::output does a return after
setting redirects, rather than continue on to process output), I still have a
bad feeling about this. I don't like messing with order-of-execution in such a
crude manner.
Can anyone either confirm that it's safe, or offer a superior alternative - a
way of forcing a redirect safely, even if an ErrorPage would be rendered
otherwise?
I know that I can use PHP's 'header' method directly, but that also skips
MediaWiki housekeeping, so I don't particularly like that route either.
Thanks in advance!
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l