X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FSetup.php;h=3ceb5585de0b8f23c81f4c876c578560c4ff3870;hb=e3bd13db0c285f312e31bb1b7271af4628cca80c;hp=6c856389d747b0a96ae07f24f073c6671438000b;hpb=69cc66efeb9379b3ed5ae53250865ae25f2b745d;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/Setup.php b/includes/Setup.php index 6c856389d7..f7d8d08829 100644 --- a/includes/Setup.php +++ b/includes/Setup.php @@ -121,16 +121,16 @@ if ( $wgRightsIcon ) { if ( isset( $wgFooterIcons['copyright'] ) && isset( $wgFooterIcons['copyright']['copyright'] ) - && $wgFooterIcons['copyright']['copyright'] === array() + && $wgFooterIcons['copyright']['copyright'] === [] ) { if ( $wgCopyrightIcon ) { $wgFooterIcons['copyright']['copyright'] = $wgCopyrightIcon; } elseif ( $wgRightsIcon || $wgRightsText ) { - $wgFooterIcons['copyright']['copyright'] = array( + $wgFooterIcons['copyright']['copyright'] = [ 'url' => $wgRightsUrl, 'src' => $wgRightsIcon, 'alt' => $wgRightsText, - ); + ]; } else { unset( $wgFooterIcons['copyright']['copyright'] ); } @@ -167,21 +167,21 @@ $wgNamespaceAliases['Image_talk'] = NS_FILE_TALK; /** * Initialise $wgLockManagers to include basic FS version */ -$wgLockManagers[] = array( +$wgLockManagers[] = [ 'name' => 'fsLockManager', 'class' => 'FSLockManager', 'lockDirectory' => "{$wgUploadDirectory}/lockdir", -); -$wgLockManagers[] = array( +]; +$wgLockManagers[] = [ 'name' => 'nullLockManager', 'class' => 'NullLockManager', -); +]; /** * Initialise $wgLocalFileRepo from backwards-compatible settings */ if ( !$wgLocalFileRepo ) { - $wgLocalFileRepo = array( + $wgLocalFileRepo = [ 'class' => 'LocalRepo', 'name' => 'local', 'directory' => $wgUploadDirectory, @@ -193,14 +193,14 @@ if ( !$wgLocalFileRepo ) { 'transformVia404' => !$wgGenerateThumbnailOnParse, 'deletedDir' => $wgDeletedDirectory, 'deletedHashLevels' => $wgHashedUploadDirectory ? 3 : 0 - ); + ]; } /** * Initialise shared repo from backwards-compatible settings */ if ( $wgUseSharedUploads ) { if ( $wgSharedUploadDBname ) { - $wgForeignFileRepos[] = array( + $wgForeignFileRepos[] = [ 'class' => 'ForeignDBRepo', 'name' => 'shared', 'directory' => $wgSharedUploadDirectory, @@ -218,9 +218,9 @@ if ( $wgUseSharedUploads ) { 'hasSharedCache' => $wgCacheSharedUploads, 'descBaseUrl' => $wgRepositoryBaseUrl, 'fetchDescription' => $wgFetchCommonsDescriptions, - ); + ]; } else { - $wgForeignFileRepos[] = array( + $wgForeignFileRepos[] = [ 'class' => 'FileRepo', 'name' => 'shared', 'directory' => $wgSharedUploadDirectory, @@ -230,11 +230,11 @@ if ( $wgUseSharedUploads ) { 'transformVia404' => !$wgGenerateThumbnailOnParse, 'descBaseUrl' => $wgRepositoryBaseUrl, 'fetchDescription' => $wgFetchCommonsDescriptions, - ); + ]; } } if ( $wgUseInstantCommons ) { - $wgForeignFileRepos[] = array( + $wgForeignFileRepos[] = [ 'class' => 'ForeignAPIRepo', 'name' => 'wikimediacommons', 'apibase' => 'https://commons.wikimedia.org/w/api.php', @@ -245,7 +245,7 @@ if ( $wgUseInstantCommons ) { 'fetchDescription' => true, 'descriptionCacheExpiry' => 43200, 'apiThumbCacheExpiry' => 86400, - ); + ]; } /* * Add on default file backend config for file repos. @@ -363,7 +363,7 @@ if ( $wgEnableEmail ) { unset( $wgGroupPermissions['user']['sendemail'] ); $wgUseEnotif = false; $wgUserEmailUseReplyTo = false; - $wgUsersNotifiedOnAllChanges = array(); + $wgUsersNotifiedOnAllChanges = []; } // Doesn't make sense to have if disabled. @@ -402,7 +402,7 @@ $wgMinUploadChunkSize = min( * Definitions of the NS_ constants are in Defines.php * @private */ -$wgCanonicalNamespaceNames = array( +$wgCanonicalNamespaceNames = [ NS_MEDIA => 'Media', NS_SPECIAL => 'Special', NS_TALK => 'Talk', @@ -420,7 +420,7 @@ $wgCanonicalNamespaceNames = array( NS_HELP_TALK => 'Help_talk', NS_CATEGORY => 'Category', NS_CATEGORY_TALK => 'Category_talk', -); +]; /// @todo UGLY UGLY if ( is_array( $wgExtraNamespaces ) ) { @@ -443,15 +443,6 @@ $wgHtml5 = true; $wgXhtmlDefaultNamespace = 'http://www.w3.org/1999/xhtml'; $wgJsMimeType = 'text/javascript'; -if ( !$wgHtml5Version && $wgAllowRdfaAttributes ) { - // see http://www.w3.org/TR/rdfa-in-html/#document-conformance - if ( $wgMimeType == 'application/xhtml+xml' ) { - $wgHtml5Version = 'XHTML+RDFa 1.0'; - } else { - $wgHtml5Version = 'HTML+RDFa 1.0'; - } -} - // Blacklisted file extensions shouldn't appear on the "allowed" list $wgFileExtensions = array_values( array_diff( $wgFileExtensions, $wgFileBlacklist ) ); @@ -517,6 +508,11 @@ if ( $wgPHPSessionHandling !== 'enable' && ) { $wgPHPSessionHandling = 'warn'; } +if ( defined( 'MW_NO_SESSION' ) ) { + // If the entry point wants no session, force 'disable' here unless they + // specifically set it to the (undocumented) 'warn'. + $wgPHPSessionHandling = MW_NO_SESSION === 'warn' ? 'warn' : 'disable'; +} Profiler::instance()->scopedProfileOut( $ps_default ); @@ -531,6 +527,35 @@ if ( !class_exists( 'AutoLoader' ) ) { require_once "$IP/includes/AutoLoader.php"; } +// Install a header callback to prevent caching of responses with cookies (T127993) +if ( !$wgCommandLineMode ) { + header_register_callback( function () { + $headers = []; + foreach ( headers_list() as $header ) { + list( $name, $value ) = explode( ':', $header, 2 ); + $headers[strtolower( trim( $name ) )][] = trim( $value ); + } + + if ( isset( $headers['set-cookie'] ) ) { + $cacheControl = isset( $headers['cache-control'] ) + ? implode( ', ', $headers['cache-control'] ) + : ''; + + if ( !preg_match( '/(?:^|,)\s*(?:private|no-cache|no-store)\s*(?:$|,)/i', $cacheControl ) ) { + header( 'Expires: Thu, 01 Jan 1970 00:00:00 GMT' ); + header( 'Cache-Control: private, max-age=0, s-maxage=0' ); + MediaWiki\Logger\LoggerFactory::getInstance( 'cache-cookies' )->warning( + 'Cookies set on {url} with Cache-Control "{cache-control}"', [ + 'url' => WebRequest::getGlobalRequestURL(), + 'cookies' => $headers['set-cookie'], + 'cache-control' => $cacheControl ?: '', + ] + ); + } + } + } ); +} + MWExceptionHandler::installHandler(); require_once "$IP/includes/compat/normal/UtfNormalUtil.php"; @@ -538,7 +563,7 @@ require_once "$IP/includes/compat/normal/UtfNormalUtil.php"; $ps_validation = Profiler::instance()->scopedProfileIn( $fname . '-validation' ); // T48998: Bail out early if $wgArticlePath is non-absolute -foreach ( array( 'wgArticlePath', 'wgVariantArticlePath' ) as $varName ) { +foreach ( [ 'wgArticlePath', 'wgVariantArticlePath' ] as $varName ) { if ( $$varName && !preg_match( '/^(https?:\/\/|\/)/', $$varName ) ) { throw new FatalError( "If you use a relative URL for \$$varName, it must start " . @@ -575,6 +600,9 @@ if ( !$wgEmergencyContact ) { if ( !$wgPasswordSender ) { $wgPasswordSender = 'apache@' . $wgServerName; } +if ( !$wgNoReplyAddress ) { + $wgNoReplyAddress = $wgPasswordSender; +} if ( $wgSecureLogin && substr( $wgServer, 0, 2 ) !== '//' ) { $wgSecureLogin = false; @@ -599,12 +627,12 @@ if ( $wgMainWANCache === false ) { // Setup a WAN cache from $wgMainCacheType with no relayer. // Sites using multiple datacenters can configure a relayer. $wgMainWANCache = 'mediawiki-main-default'; - $wgWANObjectCaches[$wgMainWANCache] = array( + $wgWANObjectCaches[$wgMainWANCache] = [ 'class' => 'WANObjectCache', 'cacheId' => $wgMainCacheType, 'pool' => 'mediawiki-main-default', - 'relayerConfig' => array( 'class' => 'EventRelayerNull' ) - ); + 'relayerConfig' => [ 'class' => 'EventRelayerNull' ] + ]; } Profiler::instance()->scopedProfileOut( $ps_default2 ); @@ -686,7 +714,7 @@ $wgRequest->interpolateTitle(); if ( !is_object( $wgAuth ) ) { $wgAuth = new AuthPlugin; - Hooks::run( 'AuthPluginSetup', array( &$wgAuth ) ); + Hooks::run( 'AuthPluginSetup', [ &$wgAuth ] ); } // Set up the session @@ -702,10 +730,13 @@ if ( !defined( 'MW_NO_SESSION' ) && !$wgCommandLineMode ) { session_name( $wgSessionName ? $wgSessionName : $wgCookiePrefix . '_session' ); } - // Create the SessionManager singleton and set up our session handler - MediaWiki\Session\PHPSessionHandler::install( - MediaWiki\Session\SessionManager::singleton() - ); + // Create the SessionManager singleton and set up our session handler, + // unless we're specifically asked not to. + if ( !defined( 'MW_NO_SESSION_HANDLER' ) ) { + MediaWiki\Session\PHPSessionHandler::install( + MediaWiki\Session\SessionManager::singleton() + ); + } // Initialize the session try { @@ -714,7 +745,7 @@ if ( !defined( 'MW_NO_SESSION' ) && !$wgCommandLineMode ) { if ( isset( $ex->sessionInfos ) && count( $ex->sessionInfos ) >= 2 ) { // The exception is because the request had multiple possible // sessions tied for top priority. Report this to the user. - $list = array(); + $list = []; foreach ( $ex->sessionInfos as $info ) { $list[] = $info->getProvider()->describe( $wgContLang ); } @@ -738,9 +769,18 @@ if ( !defined( 'MW_NO_SESSION' ) && !$wgCommandLineMode ) { ) { // Start the PHP-session for backwards compatibility session_id( $session->getId() ); - MediaWiki\quietCall( 'session_cache_limiter', 'private, must-revalidate' ); MediaWiki\quietCall( 'session_start' ); } + + unset( $session ); +} else { + // Even if we didn't set up a global Session, still install our session + // handler unless specifically requested not to. + if ( !defined( 'MW_NO_SESSION_HANDLER' ) ) { + MediaWiki\Session\PHPSessionHandler::install( + MediaWiki\Session\SessionManager::singleton() + ); + } } Profiler::instance()->scopedProfileOut( $ps_session ); @@ -762,7 +802,7 @@ $wgOut = RequestContext::getMain()->getOutput(); // BackCompat /** * @var Parser $wgParser */ -$wgParser = new StubObject( 'wgParser', $wgParserConf['class'], array( $wgParserConf ) ); +$wgParser = new StubObject( 'wgParser', $wgParserConf['class'], [ $wgParserConf ] ); /** * @var Title $wgTitle @@ -797,13 +837,15 @@ foreach ( $wgExtensionFunctions as $func ) { // If the session user has a 0 id but a valid name, that means we need to // autocreate it. -$sessionUser = MediaWiki\Session\SessionManager::getGlobalSession()->getUser(); -if ( $sessionUser->getId() === 0 && User::isValidUserName( $sessionUser->getName() ) ) { - $ps_autocreate = Profiler::instance()->scopedProfileIn( $fname . '-autocreate' ); - MediaWiki\Session\SessionManager::autoCreateUser( $sessionUser ); - Profiler::instance()->scopedProfileOut( $ps_autocreate ); +if ( !defined( 'MW_NO_SESSION' ) && !$wgCommandLineMode ) { + $sessionUser = MediaWiki\Session\SessionManager::getGlobalSession()->getUser(); + if ( $sessionUser->getId() === 0 && User::isValidUserName( $sessionUser->getName() ) ) { + $ps_autocreate = Profiler::instance()->scopedProfileIn( $fname . '-autocreate' ); + MediaWiki\Session\SessionManager::autoCreateUser( $sessionUser ); + Profiler::instance()->scopedProfileOut( $ps_autocreate ); + } + unset( $sessionUser ); } -unset( $sessionUser ); wfDebug( "Fully initialised\n" ); $wgFullyInitialised = true;