X-Git-Url: http://git.heureux-cyclage.org/?a=blobdiff_plain;f=index.php;h=6853ece7aec50974184ca54a1e98d5172ff301ed;hb=e352b79751d7e6086c606ff574cf0f2c5d2d5555;hp=eb59c3d5d29b11c1458bbc90b2e6fb98346acba8;hpb=762b8e9b47bc7b35e76cd854e79b13f941b47e88;p=lhc%2Fweb%2Fwiklou.git diff --git a/index.php b/index.php index eb59c3d5d2..6853ece7ae 100644 --- a/index.php +++ b/index.php @@ -1,169 +1,299 @@ set the wiki up first!" ); +@ini_set( 'allow_url_fopen', 0 ); # For security... + +if ( isset( $_REQUEST['GLOBALS'] ) ) { + die( '$GLOBALS overwrite vulnerability'); } -define( "MEDIAWIKI", true ); -require_once( "./LocalSettings.php" ); -require_once( "includes/Setup.php" ); +# Valid web server entry point, enable includes. +# Please don't move this line to includes/Defines.php. This line essentially defines +# a valid entry point. If you put it in includes/Defines.php, then any script that includes +# it becomes an entry point, thereby defeating its purpose. +define( 'MEDIAWIKI', true ); +require_once( './includes/Defines.php' ); -wfProfileIn( "main-misc-setup" ); -OutputPage::setEncodings(); # Not really used yet +if( !file_exists( 'LocalSettings.php' ) ) { + $IP = "." ; + require_once( 'includes/DefaultSettings.php' ); # used for printing the version +?> + + + + MediaWiki <?php echo $wgVersion ?> + + + + + The MediaWiki logo

-if( isset( $_SERVER['PATH_INFO'] ) && $wgUsePathInfo ) { - $title = substr( $_SERVER['PATH_INFO'], 1 ); -} else { - $title = $wgRequest->getVal( "title" ); +

MediaWiki

+ config/LocalSettings.php to the parent directory." ); + } else { + echo( "Please setup the wiki first." ); + } + ?> + +

+ + +getVal( 'action', 'view' ); +$title = $wgRequest->getVal( 'title' ); -$action = strtolower( trim( $action ) ); -if ( "" == $action ) { $action = "view"; } -if ($wgRequest->getVal( "printable" ) == "yes") { +if ($wgRequest->getVal( 'printable' ) == 'yes') { $wgOut->setPrintable(); } -if ( "" == $title && "delete" != $action ) { - $wgTitle = Title::newFromText( wfMsg( "mainpage" ) ); +if ( '' == $title && 'delete' != $action ) { + $wgTitle = Title::newFromText( wfMsgForContent( 'mainpage' ) ); } elseif ( $curid = $wgRequest->getInt( 'curid' ) ) { # URLs like this are generated by RC, because rc_title isn't always accurate $wgTitle = Title::newFromID( $curid ); } else { $wgTitle = Title::newFromURL( $title ); + /* check variant links so that interwiki links don't have to worry about + the possible different language variants + */ + if( count($wgContLang->getVariants()) > 1 && !is_null($wgTitle) && $wgTitle->getArticleID() == 0 ) + $wgContLang->findVariantLink( $title, $wgTitle ); + } -wfProfileOut( "main-misc-setup" ); - -# If the user is not logged in, the Namespace:title of the article must be in the Read array in -# order for the user to see it. -if ( !$wgUser->getID() && is_array( $wgWhitelistRead ) && $wgTitle) { - if ( !in_array( $wgLang->getNsText( $wgTitle->getNamespace() ) . ":" . $wgTitle->getDBkey(), $wgWhitelistRead ) ) { - $wgOut->loginToUse(); - $wgOut->output(); - exit; - } +wfProfileOut( 'main-misc-setup' ); + +# Debug statement for user levels +// print_r($wgUser); + +$search = $wgRequest->getText( 'search' ); +if( !is_null( $search ) && $search !== '' ) { + // Compatibility with old search URLs which didn't use Special:Search + // Do this above the read whitelist check for security... + $wgTitle = Title::makeTitle( NS_SPECIAL, 'Search' ); } -if ( $search = $wgRequest->getText( 'search' ) ) { - $wgTitle = Title::makeTitle( NS_SPECIAL, "Search" ); - if( $wgRequest->getVal( 'fulltext' ) ) { - wfSearch( $search ); +# If the user is not logged in, the Namespace:title of the article must be in +# the Read array in order for the user to see it. (We have to check here to +# catch special pages etc. We check again in Article::view()) +if ( !is_null( $wgTitle ) && !$wgTitle->userCanRead() ) { + $wgOut->loginToUse(); + $wgOut->output(); + exit; +} + +wfProfileIn( 'main-action' ); + +if( !$wgDisableInternalSearch && !is_null( $search ) && $search !== '' ) { + require_once( 'includes/SpecialSearch.php' ); + $wgTitle = Title::makeTitle( NS_SPECIAL, 'Search' ); + wfSpecialSearch(); +} else if( !$wgTitle or $wgTitle->getDBkey() == '' ) { + $wgTitle = Title::newFromText( wfMsgForContent( 'badtitle' ) ); + $wgOut->errorpage( 'badtitle', 'badtitletext' ); +} else if ( $wgTitle->getInterwiki() != '' ) { + if( $rdfrom = $wgRequest->getVal( 'rdfrom' ) ) { + $url = $wgTitle->getFullURL( 'rdfrom=' . urlencode( $rdfrom ) ); } else { - wfGo( $search ); + $url = $wgTitle->getFullURL(); } -} else if( !$wgTitle or $wgTitle->getDBkey() == "" ) { - $wgTitle = Title::newFromText( wfMsg( "badtitle" ) ); - $wgOut->errorpage( "badtitle", "badtitletext" ); -} else if ( $wgTitle->getInterwiki() != "" ) { - $url = $wgTitle->getFullURL(); # Check for a redirect loop - if ( !preg_match( "/^" . preg_quote( $wgServer ) . "/", $url ) && $wgTitle->isLocal() ) { + if ( !preg_match( '/^' . preg_quote( $wgServer, '/' ) . '/', $url ) && $wgTitle->isLocal() ) { $wgOut->redirect( $url ); } else { - $wgTitle = Title::newFromText( wfMsg( "badtitle" ) ); - $wgOut->errorpage( "badtitle", "badtitletext" ); + $wgTitle = Title::newFromText( wfMsgForContent( 'badtitle' ) ); + $wgOut->errorpage( 'badtitle', 'badtitletext' ); } -} else if ( ( $action == "view" ) && $wgTitle->getPrefixedDBKey() != $title ) { +} else if ( ( $action == 'view' ) && + (!isset( $_GET['title'] ) || $wgTitle->getPrefixedDBKey() != $_GET['title'] ) && + !count( array_diff( array_keys( $_GET ), array( 'action', 'title' ) ) ) ) +{ /* redirect to canonical url, make it a 301 to allow caching */ + $wgOut->setSquidMaxage( 1200 ); $wgOut->redirect( $wgTitle->getFullURL(), '301'); -} else if ( Namespace::getSpecial() == $wgTitle->getNamespace() ) { - wfSpecialPage(); +} else if ( NS_SPECIAL == $wgTitle->getNamespace() ) { + # actions that need to be made when we have a special pages + SpecialPage::executePath( $wgTitle ); } else { - if ( Namespace::getMedia() == $wgTitle->getNamespace() ) { - $wgTitle = Title::makeTitle( Namespace::getImage(), $wgTitle->getDBkey() ); + if ( NS_MEDIA == $wgTitle->getNamespace() ) { + $wgTitle = Title::makeTitle( NS_IMAGE, $wgTitle->getDBkey() ); } - switch( $wgTitle->getNamespace() ) { - case NS_IMAGE: - require_once( "includes/ImagePage.php" ); - $wgArticle = new ImagePage( $wgTitle ); - break; - default: + $ns = $wgTitle->getNamespace(); + + // Namespace might change when using redirects + if($action == 'view' && !$wgRequest->getVal( 'oldid' ) ) { $wgArticle = new Article( $wgTitle ); + $rTitle = Title::newFromRedirect( $wgArticle->fetchContent() ); + if($rTitle) { + # Reload from the page pointed to later + $wgArticle->mContentLoaded = false; + $ns = $rTitle->getNamespace(); + } } - wfQuery("BEGIN", DB_WRITE); - switch( $action ) { - case "view": - $wgOut->setSquidMaxage( $wgSquidMaxage ); - $wgArticle->view(); - break; - case "watch": - case "unwatch": - case "delete": - case "revert": - case "rollback": - case "protect": - case "unprotect": - $wgArticle->$action(); - break; - case "print": - $wgArticle->view(); - break; - case "dublincore": - if( !$wgEnableDublinCoreRdf ) { - wfHttpError( 403, "Forbidden", wfMsg( "nodublincore" ) ); - } else { - require_once( "includes/Metadata.php" ); - wfDublinCoreRdf( $wgArticle ); - } - break; - case "creativecommons": - if( !$wgEnableCreativeCommonsRdf ) { - wfHttpError( 403, "Forbidden", wfMsg("nocreativecommons") ); - } else { - require_once( "includes/Metadata.php" ); - wfCreativeCommonsRdf( $wgArticle ); - } - break; - case "edit": - case "submit": - if( !$wgCommandLineMode && !$wgRequest->checkSessionCookie() ) { - User::SetupSession(); - } - require_once( "includes/EditPage.php" ); - $editor = new EditPage( $wgArticle ); - $editor->$action(); - break; - case "history": - if ($_SERVER["REQUEST_URI"] == $wgTitle->getInternalURL('action=history')) { + // Categories and images are handled by a different class + if ( $ns == NS_IMAGE ) { + unset($wgArticle); + require_once( 'includes/ImagePage.php' ); + $wgArticle = new ImagePage( $wgTitle ); + } elseif ( $ns == NS_CATEGORY ) { + unset($wgArticle); + require_once( 'includes/CategoryPage.php' ); + $wgArticle = new CategoryPage( $wgTitle ); + } + + if ( in_array( $action, $wgDisabledActions ) ) { + $wgOut->errorpage( 'nosuchaction', 'nosuchactiontext' ); + } else { + switch( $action ) { + case 'view': $wgOut->setSquidMaxage( $wgSquidMaxage ); - } - require_once( "includes/PageHistory.php" ); - $history = new PageHistory( $wgArticle ); - $history->history(); - break; - case "raw": - require_once( "includes/RawPage.php" ); - $raw = new RawPage( $wgArticle ); - $raw->view(); - break; - case "purge": - wfPurgeSquidServers(array($wgTitle->getInternalURL())); - $wgOut->setSquidMaxage( $wgSquidMaxage ); - $wgArticle->view(); - break; - default: - $wgOut->errorpage( "nosuchaction", "nosuchactiontext" ); + $wgArticle->view(); + break; + case 'watch': + case 'unwatch': + case 'delete': + case 'revert': + case 'rollback': + case 'protect': + case 'unprotect': + case 'info': + case 'markpatrolled': + case 'validate': + case 'render': + case 'deletetrackback': + case 'purge': + $wgArticle->$action(); + break; + case 'print': + $wgArticle->view(); + break; + case 'dublincore': + if( !$wgEnableDublinCoreRdf ) { + wfHttpError( 403, 'Forbidden', wfMsg( 'nodublincore' ) ); + } else { + require_once( 'includes/Metadata.php' ); + wfDublinCoreRdf( $wgArticle ); + } + break; + case 'creativecommons': + if( !$wgEnableCreativeCommonsRdf ) { + wfHttpError( 403, 'Forbidden', wfMsg('nocreativecommons') ); + } else { + require_once( 'includes/Metadata.php' ); + wfCreativeCommonsRdf( $wgArticle ); + } + break; + case 'credits': + require_once( 'includes/Credits.php' ); + showCreditsPage( $wgArticle ); + break; + case 'submit': + if( !$wgCommandLineMode && !$wgRequest->checkSessionCookie() ) { + # Send a cookie so anons get talk message notifications + User::SetupSession(); + } + # Continue... + case 'edit': + $internal = $wgRequest->getVal( 'internaledit' ); + $external = $wgRequest->getVal( 'externaledit' ); + $section = $wgRequest->getVal( 'section' ); + $oldid = $wgRequest->getVal( 'oldid' ); + if(!$wgUseExternalEditor || $action=='submit' || $internal || + $section || $oldid || (!$wgUser->getOption('externaleditor') && !$external)) { + require_once( 'includes/EditPage.php' ); + $editor = new EditPage( $wgArticle ); + $editor->submit(); + } elseif($wgUseExternalEditor && ($external || $wgUser->getOption('externaleditor'))) { + require_once( 'includes/ExternalEdit.php' ); + $mode = $wgRequest->getVal( 'mode' ); + $extedit = new ExternalEdit( $wgArticle, $mode ); + $extedit->edit(); + } + break; + case 'history': + if ($_SERVER['REQUEST_URI'] == $wgTitle->getInternalURL('action=history')) { + $wgOut->setSquidMaxage( $wgSquidMaxage ); + } + require_once( 'includes/PageHistory.php' ); + $history = new PageHistory( $wgArticle ); + $history->history(); + break; + case 'raw': + require_once( 'includes/RawPage.php' ); + $raw = new RawPage( $wgArticle ); + $raw->view(); + break; + default: + if (wfRunHooks('UnknownAction', array($action, $wgArticle))) { + $wgOut->errorpage( 'nosuchaction', 'nosuchactiontext' ); + } + } } - wfQuery("COMMIT", DB_WRITE); } +wfProfileOut( 'main-action' ); + +# Deferred updates aren't really deferred anymore. It's important to report errors to the +# user, and that means doing this before OutputPage::output(). Note that for page saves, +# the client will wait until the script exits anyway before following the redirect. +wfProfileIn( 'main-updates' ); +foreach ( $wgDeferredUpdateList as $up ) { + $up->doUpdate(); +} +wfProfileOut( 'main-updates' ); + +wfProfileIn( 'main-cleanup' ); +$wgLoadBalancer->saveMasterPos(); + +# Now commit any transactions, so that unreported errors after output() don't roll back the whole thing +$wgLoadBalancer->commitAll(); $wgOut->output(); -foreach ( $wgDeferredUpdateList as $up ) { $up->doUpdate(); } +foreach ( $wgPostCommitUpdateList as $up ) { + $up->doUpdate(); +} + +wfProfileOut( 'main-cleanup' ); + +wfProfileClose(); logProfilingData(); +$wgLoadBalancer->closeAll(); wfDebug( "Request ended normally\n" ); ?>