dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Re-encode in utf-8 and removed trailing whitespaces
[lhc/web/wiklou.git] / includes / WebStart.php
1 <?php
2
3 # This does the initial setup for a web request. It does some security checks,
4 # starts the profiler and loads the configuration, and optionally loads
5 # Setup.php depending on whether MW_NO_SETUP is defined.
6
7 # Test for PHP bug which breaks PHP 5.0.x on 64-bit...
8 # As of 1.8 this breaks lots of common operations instead
9 # of just some rare ones like export.
10 $borked = str_replace( 'a', 'b', array( -1 => -1 ) );
11 if( !isset( $borked[-1] ) ) {
12 echo "PHP 5.0.x is buggy on your 64-bit system; you must upgrade to PHP 5.1.x\n" .
13 "or higher. ABORTING. (http://bugs.php.net/bug.php?id=34879 for details)\n";
14 die( -1 );
15 }
16
17 # Protect against register_globals
18 # This must be done before any globals are set by the code
19 if ( ini_get( 'register_globals' ) ) {
20 if ( isset( $_REQUEST['GLOBALS'] ) ) {
21 die( '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>');
22 }
23 $verboten = array(
24 'GLOBALS',
25 '_SERVER',
26 'HTTP_SERVER_VARS',
27 '_GET',
28 'HTTP_GET_VARS',
29 '_POST',
30 'HTTP_POST_VARS',
31 '_COOKIE',
32 'HTTP_COOKIE_VARS',
33 '_FILES',
34 'HTTP_POST_FILES',
35 '_ENV',
36 'HTTP_ENV_VARS',
37 '_REQUEST',
38 '_SESSION',
39 'HTTP_SESSION_VARS'
40 );
41 foreach ( $_REQUEST as $name => $value ) {
42 if( in_array( $name, $verboten ) ) {
43 header( "HTTP/1.x 500 Internal Server Error" );
44 echo "register_globals security paranoia: trying to overwrite superglobals, aborting.";
45 die( -1 );
46 }
47 unset( $GLOBALS[$name] );
48 }
49 }
50
51 $wgRequestTime = microtime(true);
52 # getrusage() does not exist on the Microsoft Windows platforms, catching this
53 if ( function_exists ( 'getrusage' ) ) {
54 $wgRUstart = getrusage();
55 } else {
56 $wgRUstart = array();
57 }
58 unset( $IP );
59 @ini_set( 'allow_url_fopen', 0 ); # For security
60
61 # Valid web server entry point, enable includes.
62 # Please don't move this line to includes/Defines.php. This line essentially
63 # defines a valid entry point. If you put it in includes/Defines.php, then
64 # any script that includes it becomes an entry point, thereby defeating
65 # its purpose.
66 define( 'MEDIAWIKI', true );
67
68 # Full path to working directory.
69 # Makes it possible to for example to have effective exclude path in apc.
70 # Also doesn't break installations using symlinked includes, like
71 # dirname( __FILE__ ) would do.
72 $preIP = realpath( '.' );
73
74 # Start profiler
75 require_once( "$preIP/StartProfiler.php" );
76 wfProfileIn( 'WebStart.php-conf' );
77
78 # Load up some global defines.
79 require_once( "$preIP/includes/Defines.php" );
80
81 # LocalSettings.php is the per site customization file. If it does not exit
82 # the wiki installer need to be launched or the generated file moved from
83 # ./config/ to ./
84 if( !file_exists( "$preIP/LocalSettings.php" ) ) {
85 # DefaultSettings assumes $IP is defined, like it usually is when included
86 # in LocalSettings. But in this case we need to provide the default one.
87 $IP = $preIP;
88 require_once( "$preIP/includes/DefaultSettings.php" ); # used for printing the version
89 require_once( "$preIP/includes/templates/NoLocalSettings.php" );
90 die();
91 }
92
93 # Include site settings. Most importantly, $IP should be available after this.
94 require_once( "$preIP/LocalSettings.php" );
95 wfProfileOut( 'WebStart.php-conf' );
96
97 wfProfileIn( 'WebStart.php-ob_start' );
98 # Initialise output buffering
99 if ( ob_get_level() ) {
100 # Someone's been mixing configuration data with code!
101 # How annoying.
102 } elseif ( !defined( 'MW_NO_OUTPUT_BUFFER' ) ) {
103 require_once( "$IP/includes/OutputHandler.php" );
104 ob_start( 'wfOutputHandler' );
105 }
106 wfProfileOut( 'WebStart.php-ob_start' );
107
108 if ( !defined( 'MW_NO_SETUP' ) ) {
109 require_once( "$IP/includes/Setup.php" );
110 }
Wiklou, le Wiki du Wiklou