PageRenderTime 22ms CodeModel.GetById 23ms RepoModel.GetById 0ms app.codeStats 0ms

/mediawiki-1.16.5/includes/WebStart.php.commoncode

#
Unknown | 133 lines | 118 code | 15 blank | 0 comment | 0 complexity | 27a722e2317e40c5042cea87fb5bbf08 MD5 | raw file
Possible License(s): GPL-2.0, LGPL-3.0, Apache-2.0 
    

  1. <?php
    2. 

  2. 

  3. # This does the initial setup for a web request. It does some security checks,
    4. 

  4. # starts the profiler and loads the configuration, and optionally loads
    5. 

  5. # Setup.php depending on whether MW_NO_SETUP is defined.
    6. 

  6. 

  7. # Protect against register_globals
    8. 

  8. # This must be done before any globals are set by the code
    9. 

  9. if ( ini_get( 'register_globals' ) ) {
    10. 

  10. 	if ( isset( $_REQUEST['GLOBALS'] ) ) {
    11. 

  11. 		die( '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>');
    12. 

  12. 	}
    13. 

  13. 	$verboten = array(
    14. 

  14. 		'GLOBALS',
    15. 

  15. 		'_SERVER',
    16. 

  16. 		'HTTP_SERVER_VARS',
    17. 

  17. 		'_GET',
    18. 

  18. 		'HTTP_GET_VARS',
    19. 

  19. 		'_POST',
    20. 

  20. 		'HTTP_POST_VARS',
    21. 

  21. 		'_COOKIE',
    22. 

  22. 		'HTTP_COOKIE_VARS',
    23. 

  23. 		'_FILES',
    24. 

  24. 		'HTTP_POST_FILES',
    25. 

  25. 		'_ENV',
    26. 

  26. 		'HTTP_ENV_VARS',
    27. 

  27. 		'_REQUEST',
    28. 

  28. 		'_SESSION',
    29. 

  29. 		'HTTP_SESSION_VARS'
    30. 

  30. 	);
    31. 

  31. 	foreach ( $_REQUEST as $name => $value ) {
    32. 

  32. 		if( in_array( $name, $verboten ) ) {
    33. 

  33. 			header( "HTTP/1.x 500 Internal Server Error" );
    34. 

  34. 			echo "register_globals security paranoia: trying to overwrite superglobals, aborting.";
    35. 

  35. 			die( -1 );
    36. 

  36. 		}
    37. 

  37. 		unset( $GLOBALS[$name] );
    38. 

  38. 	}
    39. 

  39. }
    40. 

  40. 

  41. $wgRequestTime = microtime(true);
    42. 

  42. # getrusage() does not exist on the Microsoft Windows platforms, catching this
    43. 

  43. if ( function_exists ( 'getrusage' ) ) {
    44. 

  44. 	$wgRUstart = getrusage();
    45. 

  45. } else {
    46. 

  46. 	$wgRUstart = array();
    47. 

  47. }
    48. 

  48. unset( $IP );
    49. 

  49. 

  50. # Valid web server entry point, enable includes.
    51. 

  51. # Please don't move this line to includes/Defines.php. This line essentially
    52. 

  52. # defines a valid entry point. If you put it in includes/Defines.php, then
    53. 

  53. # any script that includes it becomes an entry point, thereby defeating
    54. 

  54. # its purpose.
    55. 

  55. define( 'MEDIAWIKI', true );
    56. 

  56. 

  57. # Full path to working directory.
    58. 

  58. # Makes it possible to for example to have effective exclude path in apc.
    59. 

  59. # Also doesn't break installations using symlinked includes, like
    60. 

  60. # dirname( __FILE__ ) would do.
    61. 

  61. $IP = getenv( 'MW_INSTALL_PATH' );
    62. 

  62. if ( $IP === false ) {
    63. 

  63. 	$IP = realpath( '.' );
    64. 

  64. }
    65. 

  65. 

  66. 

  67. # Start profiler
    68. 

  68. if( file_exists("$IP/StartProfiler.php") ) {
    69. 

  69. 	require_once( "$IP/StartProfiler.php" );
    70. 

  70. } else {
    71. 

  71. 	require_once( "$IP/includes/ProfilerStub.php" );
    72. 

  72. }
    73. 

  73. wfProfileIn( 'WebStart.php-conf' );
    74. 

  74. 

  75. # Load up some global defines.
    76. 

  76. require_once( "$IP/includes/Defines.php" );
    77. 

  77. 

  78. # Check for PHP 5
    79. 

  79. if ( !function_exists( 'version_compare' ) 
    80. 

  80. 	|| version_compare( phpversion(), '5.0.0' ) < 0
    81. 

  81. ) {
    82. 

  82. 	define( 'MW_PHP4', '1' );
    83. 

  83. 	require( "$IP/includes/DefaultSettings.php" );
    84. 

  84. 	require( "$IP/includes/templates/PHP4.php" );
    85. 

  85. 	exit;
    86. 

  86. }
    87. 

  87. 

  88. # Test for PHP bug which breaks PHP 5.0.x on 64-bit...
    89. 

  89. # As of 1.8 this breaks lots of common operations instead
    90. 

  90. # of just some rare ones like export.
    91. 

  91. $borked = str_replace( 'a', 'b', array( -1 => -1 ) );
    92. 

  92. if( !isset( $borked[-1] ) ) {
    93. 

  93. 	echo "PHP 5.0.x is buggy on your 64-bit system; you must upgrade to PHP 5.1.x\n" .
    94. 

  94. 	     "or higher. ABORTING. (http://bugs.php.net/bug.php?id=34879 for details)\n";
    95. 

  95. 	exit;
    96. 

  96. }
    97. 

  97. 

  98. # Start the autoloader, so that extensions can derive classes from core files
    99. 

  99. require_once( "$IP/includes/AutoLoader.php" );
    100. 

  100. 

  101. if ( defined( 'MW_CONFIG_CALLBACK' ) ) {
    102. 

  102. 	# Use a callback function to configure MediaWiki
    103. 

  103. 	require_once( "$IP/includes/DefaultSettings.php" );
    104. 

  104. 	call_user_func( MW_CONFIG_CALLBACK );
    105. 

  105. } else {
    106. 

  106. 	# LocalSettings.php is the per site customization file. If it does not exit
    107. 

  107. 	# the wiki installer need to be launched or the generated file moved from
    108. 

  108. 	# ./config/ to ./
    109. 

  109. 	if( !file_exists( "$IP/LocalSettings.php" ) ) {
    110. 

  110. 		require_once( "$IP/includes/DefaultSettings.php" ); # used for printing the version
    111. 

  111. 		require_once( "$IP/includes/templates/NoLocalSettings.php" );
    112. 

  112. 		die();
    113. 

  113. 	}
    114. 

  114. 

  115. 	# Include site settings. $IP may be changed (hopefully before the AutoLoader is invoked)
    116. 

  116. 	require_once( "$IP/LocalSettings.php" );
    117. 

  117. }
    118. 

  118. wfProfileOut( 'WebStart.php-conf' );
    119. 

  119. 

  120. wfProfileIn( 'WebStart.php-ob_start' );
    121. 

  121. # Initialise output buffering
    122. 

  122. if ( ob_get_level() ) {
    123. 

  123. 	# Someone's been mixing configuration data with code!
    124. 

  124. 	# How annoying.
    125. 

  125. } elseif ( !defined( 'MW_NO_OUTPUT_BUFFER' ) ) {
    126. 

  126. 	require_once( "$IP/includes/OutputHandler.php" );
    127. 

  127. 	ob_start( 'wfOutputHandler' );
    128. 

  128. }
    129. 

  129. wfProfileOut( 'WebStart.php-ob_start' );
    130. 

  130. 

  131. if ( !defined( 'MW_NO_SETUP' ) ) {
    132. 

  132. 	require_once( "$IP/includes/Setup.php" );
    133. 

  133. }
    134. 

  134.