$wgXhtmlDefaultNamespace = 'http://www.w3.org/1999/xhtml';
$wgJsMimeType = 'text/javascript';
-if ( !$wgHtml5Version && $wgAllowRdfaAttributes ) {
- // see http://www.w3.org/TR/rdfa-in-html/#document-conformance
- if ( $wgMimeType == 'application/xhtml+xml' ) {
- $wgHtml5Version = 'XHTML+RDFa 1.0';
- } else {
- $wgHtml5Version = 'HTML+RDFa 1.0';
- }
-}
-
// Blacklisted file extensions shouldn't appear on the "allowed" list
$wgFileExtensions = array_values( array_diff( $wgFileExtensions, $wgFileBlacklist ) );
) {
$wgPHPSessionHandling = 'warn';
}
+if ( defined( 'MW_NO_SESSION' ) ) {
+ // If the entry point wants no session, force 'disable' here unless they
+ // specifically set it to the (undocumented) 'warn'.
+ $wgPHPSessionHandling = MW_NO_SESSION === 'warn' ? 'warn' : 'disable';
+}
Profiler::instance()->scopedProfileOut( $ps_default );
require_once "$IP/includes/AutoLoader.php";
}
+// Install a header callback to prevent caching of responses with cookies (T127993)
+if ( !$wgCommandLineMode ) {
+ header_register_callback( function () {
+ $headers = [];
+ foreach ( headers_list() as $header ) {
+ list( $name, $value ) = explode( ':', $header, 2 );
+ $headers[strtolower( trim( $name ) )][] = trim( $value );
+ }
+
+ if ( isset( $headers['set-cookie'] ) ) {
+ $cacheControl = isset( $headers['cache-control'] )
+ ? implode( ', ', $headers['cache-control'] )
+ : '';
+
+ if ( !preg_match( '/(?:^|,)\s*(?:private|no-cache|no-store)\s*(?:$|,)/i', $cacheControl ) ) {
+ header( 'Expires: Thu, 01 Jan 1970 00:00:00 GMT' );
+ header( 'Cache-Control: private, max-age=0, s-maxage=0' );
+ MediaWiki\Logger\LoggerFactory::getInstance( 'cache-cookies' )->warning(
+ 'Cookies set on {url} with Cache-Control "{cache-control}"', [
+ 'url' => WebRequest::getGlobalRequestURL(),
+ 'cookies' => $headers['set-cookie'],
+ 'cache-control' => $cacheControl ?: '<not set>',
+ ]
+ );
+ }
+ }
+ } );
+}
+
MWExceptionHandler::installHandler();
require_once "$IP/includes/compat/normal/UtfNormalUtil.php";
if ( !$wgPasswordSender ) {
$wgPasswordSender = 'apache@' . $wgServerName;
}
+if ( !$wgNoReplyAddress ) {
+ $wgNoReplyAddress = $wgPasswordSender;
+}
if ( $wgSecureLogin && substr( $wgServer, 0, 2 ) !== '//' ) {
$wgSecureLogin = false;
session_name( $wgSessionName ? $wgSessionName : $wgCookiePrefix . '_session' );
}
- // Create the SessionManager singleton and set up our session handler
- MediaWiki\Session\PHPSessionHandler::install(
- MediaWiki\Session\SessionManager::singleton()
- );
+ // Create the SessionManager singleton and set up our session handler,
+ // unless we're specifically asked not to.
+ if ( !defined( 'MW_NO_SESSION_HANDLER' ) ) {
+ MediaWiki\Session\PHPSessionHandler::install(
+ MediaWiki\Session\SessionManager::singleton()
+ );
+ }
// Initialize the session
try {
session_id( $session->getId() );
MediaWiki\quietCall( 'session_start' );
}
+
+ unset( $session );
+} else {
+ // Even if we didn't set up a global Session, still install our session
+ // handler unless specifically requested not to.
+ if ( !defined( 'MW_NO_SESSION_HANDLER' ) ) {
+ MediaWiki\Session\PHPSessionHandler::install(
+ MediaWiki\Session\SessionManager::singleton()
+ );
+ }
}
Profiler::instance()->scopedProfileOut( $ps_session );
wfDebug( "Fully initialised\n" );
$wgFullyInitialised = true;
-// T125455
-if ( !defined( 'MW_NO_SESSION' ) && !$wgCommandLineMode ) {
- MediaWiki\Session\SessionManager::singleton()->checkIpLimits();
-}
-
Profiler::instance()->scopedProfileOut( $ps_extensions );
Profiler::instance()->scopedProfileOut( $ps_setup );