Hi all,
I am running MediaWiki 1.26, and trying to force it to be all-SSL, all the time, excepting
a particular Special: page. To that end, I have code which makes the following method call
from a 'BeforeInitialize' hook:
$this->output->redirect($https_url, 301);
However, by the time processing gets to OutputPage:output() method, the
OutputPage::$mRedirect attribute is empty. I think this is because our wiki is also
configured to require logins to read, and when accessing it as anonymous user on plaintext
port, OutputPage::prepareErrorPage gets run AFTER we send the SSL redirect, but BEFORE the
actual output rendering occurs.
My simple solution to this is to forcibly invoke OutputPage::Output on the spot, right
there in the 'BeforeInitialize' hook:
$this->output->redirect($https_url, 301);
$this->output->output();
However, while it LOOKS safe (because OutputPage::output does a return after setting
redirects, rather than continue on to process output), I still have a bad feeling about
this. I don't like messing with order-of-execution in such a crude manner.
Can anyone either confirm that it's safe, or offer a superior alternative - a way of
forcing a redirect safely, even if an ErrorPage would be rendered otherwise?
I know that I can use PHP's 'header' method directly, but that also skips
MediaWiki housekeeping, so I don't particularly like that route either.
Thanks in advance!
Show replies by date