includes/WebStart.php

   1 <?php
   2
   3 # This does the initial setup for a web request. It does some security checks,
   4 # starts the profiler and loads the configuration, and optionally loads
   5 # Setup.php depending on whether MW_NO_SETUP is defined.
   6
   7 # Test for PHP bug which breaks PHP 5.0.x on 64-bit...
   8 # As of 1.8 this breaks lots of common operations instead
   9 # of just some rare ones like export.
  10 $borked = str_replace( 'a', 'b', array( -1 => -1 ) );
  11 if( !isset( $borked[-1] ) ) {
  12         echo "PHP 5.0.x is buggy on your 64-bit system; you must upgrade to PHP 5.1.x\n" .
  13              "or higher. ABORTING. (http://bugs.php.net/bug.php?id=34879 for details)\n";
  14         die( -1 );
  15 }
  16
  17 # Protect against register_globals
  18 # This must be done before any globals are set by the code
  19 if ( ini_get( 'register_globals' ) ) {
  20         if ( isset( $_REQUEST['GLOBALS'] ) ) {
  21                 die( '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>');
  22         }
  23         $verboten = array(
  24                 'GLOBALS',
  25                 '_SERVER',
  26                 'HTTP_SERVER_VARS',
  27                 '_GET',
  28                 'HTTP_GET_VARS',
  29                 '_POST',
  30                 'HTTP_POST_VARS',
  31                 '_COOKIE',
  32                 'HTTP_COOKIE_VARS',
  33                 '_FILES',
  34                 'HTTP_POST_FILES',
  35                 '_ENV',
  36                 'HTTP_ENV_VARS',
  37                 '_REQUEST',
  38                 '_SESSION',
  39                 'HTTP_SESSION_VARS'
  40         );
  41         foreach ( $_REQUEST as $name => $value ) {
  42                 if( in_array( $name, $verboten ) ) {
  43                         header( "HTTP/1.x 500 Internal Server Error" );
  44                         echo "register_globals security paranoia: trying to overwrite superglobals, aborting.";
  45                         die( -1 );
  46                 }
  47                 unset( $GLOBALS[$name] );
  48         }
  49 }
  50
  51 $wgRequestTime = microtime(true);
  52 # getrusage() does not exist on the Microsoft Windows platforms, catching this
  53 if ( function_exists ( 'getrusage' ) ) {
  54         $wgRUstart = getrusage();
  55 } else {
  56         $wgRUstart = array();
  57 }
  58 unset( $IP );
  59 @ini_set( 'allow_url_fopen', 0 ); # For security
  60
  61 # Valid web server entry point, enable includes.
  62 # Please don't move this line to includes/Defines.php. This line essentially
  63 # defines a valid entry point. If you put it in includes/Defines.php, then
  64 # any script that includes it becomes an entry point, thereby defeating
  65 # its purpose.
  66 define( 'MEDIAWIKI', true );
  67
  68 # Start profiler
  69 require_once( './StartProfiler.php' );
  70 wfProfileIn( 'WebStart.php-conf' );
  71
  72 # Load up some global defines.
  73 require_once( './includes/Defines.php' );
  74
  75 # LocalSettings.php is the per site customization file. If it does not exit
  76 # the wiki installer need to be launched or the generated file moved from
  77 # ./config/ to ./
  78 if( !file_exists( './LocalSettings.php' ) ) {
  79         $IP = '.';
  80         require_once( './includes/DefaultSettings.php' ); # used for printing the version
  81         require_once( './includes/templates/NoLocalSettings.php' );
  82         die();
  83 }
  84
  85 # Include this site setttings
  86 require_once( './LocalSettings.php' );
  87 wfProfileOut( 'WebStart.php-conf' );
  88
  89 if ( !defined( 'MW_NO_SETUP' ) ) {
  90         require_once( './includes/Setup.php' );
  91 }
  92 ?>