X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FWebStart.php;h=17f8216babf0a77240cb265b777a70150156a4ee;hb=2745ecc1e49ca00f991839ce0a023a788e2fe3f9;hp=4060c55c592ec7e551d692a0c87d3d89e2eba9dd;hpb=0138b0952be8afb622c5461795ccba1333d097c2;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/WebStart.php b/includes/WebStart.php
index 4060c55c59..17f8216bab 100644
--- a/includes/WebStart.php
+++ b/includes/WebStart.php
@@ -5,13 +5,28 @@
  * configuration, and optionally loads Setup.php depending on whether
  * MW_NO_SETUP is defined.
  *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * http://www.gnu.org/copyleft/gpl.html
+ *
  * @file
  */
 
 # Protect against register_globals
 # This must be done before any globals are set by the code
 if ( ini_get( 'register_globals' ) ) {
-	if ( isset( $_REQUEST['GLOBALS'] ) ) {
+	if ( isset( $_REQUEST['GLOBALS'] ) || isset( $_FILES['GLOBALS'] ) ) {
 		die( '<a href="http://www.hardened-php.net/globals-problem">$GLOBALS overwrite vulnerability</a>');
 	}
 	$verboten = array(
@@ -34,7 +49,7 @@ if ( ini_get( 'register_globals' ) ) {
 	);
 	foreach ( $_REQUEST as $name => $value ) {
 		if( in_array( $name, $verboten ) ) {
-			header( "HTTP/1.x 500 Internal Server Error" );
+			header( "HTTP/1.1 500 Internal Server Error" );
 			echo "register_globals security paranoia: trying to overwrite superglobals, aborting.";
 			die( -1 );
 		}
@@ -42,6 +57,11 @@ if ( ini_get( 'register_globals' ) ) {
 	}
 }
 
+# bug 15461: Make IE8 turn off content sniffing. Everbody else should ignore this
+# We're adding it here so that it's *always* set, even for alternate entry
+# points and when $wgOut gets disabled or overridden.
+header( 'X-Content-Type-Options: nosniff' );
+
 $wgRequestTime = microtime(true);
 # getrusage() does not exist on the Microsoft Windows platforms, catching this
 if ( function_exists ( 'getrusage' ) ) {
@@ -67,78 +87,73 @@ if ( $IP === false ) {
 	$IP = realpath( '.' );
 }
 
-
-# Start profiler
-if( file_exists("$IP/StartProfiler.php") ) {
-	require_once( "$IP/StartProfiler.php" );
+if ( isset( $_SERVER['MW_COMPILED'] ) ) {
+	define( 'MW_COMPILED', 1 );
 } else {
-	require_once( "$IP/includes/ProfilerStub.php" );
+	# Get MWInit class
+	require_once( "$IP/includes/Init.php" );
+
+	# Start the autoloader, so that extensions can derive classes from core files
+	require_once( "$IP/includes/AutoLoader.php" );
+
+	# Load the profiler
+	require_once( "$IP/includes/profiler/Profiler.php" );
+
+	# Load up some global defines.
+	require_once( "$IP/includes/Defines.php" );
 }
-wfProfileIn( 'WebStart.php-conf' );
 
-# Load up some global defines.
-require_once( "$IP/includes/Defines.php" );
-
-# Check for PHP 5
-if ( !function_exists( 'version_compare' ) 
-	|| version_compare( phpversion(), '5.0.0' ) < 0
-) {
-	define( 'MW_PHP4', '1' );
-	require( "$IP/includes/DefaultSettings.php" );
-	require( "$IP/includes/templates/PHP4.php" );
-	exit;
+# Start the profiler
+$wgProfiler = array();
+if ( file_exists( "$IP/StartProfiler.php" ) ) {
+	require( "$IP/StartProfiler.php" );
 }
 
-# Start the autoloader, so that extensions can derive classes from core files
-require_once( "$IP/includes/AutoLoader.php" );
+wfProfileIn( 'WebStart.php-conf' );
+
+# Load default settings
+require_once( MWInit::compiledPath( "includes/DefaultSettings.php" ) );
 
 if ( defined( 'MW_CONFIG_CALLBACK' ) ) {
 	# Use a callback function to configure MediaWiki
-	require_once( "$IP/includes/DefaultSettings.php" );
-
-	$callback = MW_CONFIG_CALLBACK;
-	# PHP 5.1 doesn't support "class::method" for call_user_func, so split it
-	if ( strpos( $callback, '::' ) !== false ) {
-		$callback = explode( '::', $callback, 2);
-	}
-	call_user_func( $callback );
+	MWFunction::call( MW_CONFIG_CALLBACK );
 } else {
-	# LocalSettings.php is the per site customization file. If it does not exit
-	# the wiki installer need to be launched or the generated file moved from
-	# ./config/ to ./
-	if( !file_exists( "$IP/LocalSettings.php" ) ) {
-		require_once( "$IP/includes/DefaultSettings.php" ); # used for printing the version
+	if ( !defined( 'MW_CONFIG_FILE' ) ) {
+		define('MW_CONFIG_FILE', MWInit::interpretedPath( 'LocalSettings.php' ) );
+	}
+
+	# LocalSettings.php is the per site customization file. If it does not exist
+	# the wiki installer needs to be launched or the generated file uploaded to
+	# the root wiki directory
+	if( !file_exists( MW_CONFIG_FILE ) ) {
 		require_once( "$IP/includes/templates/NoLocalSettings.php" );
 		die();
 	}
 
 	# Include site settings. $IP may be changed (hopefully before the AutoLoader is invoked)
-	require_once( "$IP/LocalSettings.php" );
+	require_once( MW_CONFIG_FILE );
 }
 
 if ( $wgEnableSelenium ) {
-	require_once( "$IP/includes/SeleniumWebSettings.php" );
+	require_once( MWInit::compiledPath( "includes/SeleniumWebSettings.php" ) );
 }
 
 wfProfileOut( 'WebStart.php-conf' );
 
 wfProfileIn( 'WebStart.php-ob_start' );
 # Initialise output buffering
-
 # Check that there is no previous output or previously set up buffers, because
 # that would cause us to potentially mix gzip and non-gzip output, creating a
 # big mess.
-# In older versions of PHP ob_get_level() returns 0 if there is no buffering or
-# previous output, in newer versions the default output buffer is always set up
-# and ob_get_level() returns 1. In this case we check that the buffer is empty.
-# FIXME: Check that this is the right way to handle this
-if ( !defined( 'MW_NO_OUTPUT_BUFFER' ) && ( ob_get_level() == 0 || ( ob_get_level() == 1 && ob_get_contents() === '' ) ) ) {
-	require_once( "$IP/includes/OutputHandler.php" );
+if ( !defined( 'MW_NO_OUTPUT_BUFFER' ) && ob_get_level() == 0 ) {
+	if ( !defined( 'MW_COMPILED' ) ) {
+		require_once( "$IP/includes/OutputHandler.php" );
+	}
 	ob_start( 'wfOutputHandler' );
 }
 wfProfileOut( 'WebStart.php-ob_start' );
 
 if ( !defined( 'MW_NO_SETUP' ) ) {
-	require_once( "$IP/includes/Setup.php" );
+	require_once( MWInit::compiledPath( "includes/Setup.php" ) );
 }