X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;ds=sidebyside;f=includes%2FSetup.php;h=f7d8d08829c622d23aa2f1bdad3922ef672b4915;hb=e3bd13db0c285f312e31bb1b7271af4628cca80c;hp=4854727d687b5c7ed127732059768fddcc205036;hpb=58cb1f824ac75c3b58ba19d1e88c1b38f9dc1fab;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/Setup.php b/includes/Setup.php index 4854727d68..f7d8d08829 100644 --- a/includes/Setup.php +++ b/includes/Setup.php @@ -443,15 +443,6 @@ $wgHtml5 = true; $wgXhtmlDefaultNamespace = 'http://www.w3.org/1999/xhtml'; $wgJsMimeType = 'text/javascript'; -if ( !$wgHtml5Version && $wgAllowRdfaAttributes ) { - // see http://www.w3.org/TR/rdfa-in-html/#document-conformance - if ( $wgMimeType == 'application/xhtml+xml' ) { - $wgHtml5Version = 'XHTML+RDFa 1.0'; - } else { - $wgHtml5Version = 'HTML+RDFa 1.0'; - } -} - // Blacklisted file extensions shouldn't appear on the "allowed" list $wgFileExtensions = array_values( array_diff( $wgFileExtensions, $wgFileBlacklist ) ); @@ -517,6 +508,11 @@ if ( $wgPHPSessionHandling !== 'enable' && ) { $wgPHPSessionHandling = 'warn'; } +if ( defined( 'MW_NO_SESSION' ) ) { + // If the entry point wants no session, force 'disable' here unless they + // specifically set it to the (undocumented) 'warn'. + $wgPHPSessionHandling = MW_NO_SESSION === 'warn' ? 'warn' : 'disable'; +} Profiler::instance()->scopedProfileOut( $ps_default ); @@ -531,6 +527,35 @@ if ( !class_exists( 'AutoLoader' ) ) { require_once "$IP/includes/AutoLoader.php"; } +// Install a header callback to prevent caching of responses with cookies (T127993) +if ( !$wgCommandLineMode ) { + header_register_callback( function () { + $headers = []; + foreach ( headers_list() as $header ) { + list( $name, $value ) = explode( ':', $header, 2 ); + $headers[strtolower( trim( $name ) )][] = trim( $value ); + } + + if ( isset( $headers['set-cookie'] ) ) { + $cacheControl = isset( $headers['cache-control'] ) + ? implode( ', ', $headers['cache-control'] ) + : ''; + + if ( !preg_match( '/(?:^|,)\s*(?:private|no-cache|no-store)\s*(?:$|,)/i', $cacheControl ) ) { + header( 'Expires: Thu, 01 Jan 1970 00:00:00 GMT' ); + header( 'Cache-Control: private, max-age=0, s-maxage=0' ); + MediaWiki\Logger\LoggerFactory::getInstance( 'cache-cookies' )->warning( + 'Cookies set on {url} with Cache-Control "{cache-control}"', [ + 'url' => WebRequest::getGlobalRequestURL(), + 'cookies' => $headers['set-cookie'], + 'cache-control' => $cacheControl ?: '', + ] + ); + } + } + } ); +} + MWExceptionHandler::installHandler(); require_once "$IP/includes/compat/normal/UtfNormalUtil.php"; @@ -575,6 +600,9 @@ if ( !$wgEmergencyContact ) { if ( !$wgPasswordSender ) { $wgPasswordSender = 'apache@' . $wgServerName; } +if ( !$wgNoReplyAddress ) { + $wgNoReplyAddress = $wgPasswordSender; +} if ( $wgSecureLogin && substr( $wgServer, 0, 2 ) !== '//' ) { $wgSecureLogin = false; @@ -702,10 +730,13 @@ if ( !defined( 'MW_NO_SESSION' ) && !$wgCommandLineMode ) { session_name( $wgSessionName ? $wgSessionName : $wgCookiePrefix . '_session' ); } - // Create the SessionManager singleton and set up our session handler - MediaWiki\Session\PHPSessionHandler::install( - MediaWiki\Session\SessionManager::singleton() - ); + // Create the SessionManager singleton and set up our session handler, + // unless we're specifically asked not to. + if ( !defined( 'MW_NO_SESSION_HANDLER' ) ) { + MediaWiki\Session\PHPSessionHandler::install( + MediaWiki\Session\SessionManager::singleton() + ); + } // Initialize the session try { @@ -740,6 +771,16 @@ if ( !defined( 'MW_NO_SESSION' ) && !$wgCommandLineMode ) { session_id( $session->getId() ); MediaWiki\quietCall( 'session_start' ); } + + unset( $session ); +} else { + // Even if we didn't set up a global Session, still install our session + // handler unless specifically requested not to. + if ( !defined( 'MW_NO_SESSION_HANDLER' ) ) { + MediaWiki\Session\PHPSessionHandler::install( + MediaWiki\Session\SessionManager::singleton() + ); + } } Profiler::instance()->scopedProfileOut( $ps_session ); @@ -809,10 +850,5 @@ if ( !defined( 'MW_NO_SESSION' ) && !$wgCommandLineMode ) { wfDebug( "Fully initialised\n" ); $wgFullyInitialised = true; -// T125455 -if ( !defined( 'MW_NO_SESSION' ) && !$wgCommandLineMode ) { - MediaWiki\Session\SessionManager::singleton()->checkIpLimits(); -} - Profiler::instance()->scopedProfileOut( $ps_extensions ); Profiler::instance()->scopedProfileOut( $ps_setup );