includes/WebStart.php

   1 <?php
   2
   3 # This does the initial setup for a web request. It does some security checks,
   4 # starts the profiler and loads the configuration, and optionally loads
   5 # Setup.php depending on whether MW_NO_SETUP is defined.
   6
   7 # Test for PHP bug which breaks PHP 5.0.x on 64-bit...
   8 # As of 1.8 this breaks lots of common operations instead
   9 # of just some rare ones like export.
  10 $borked = str_replace( 'a', 'b', array( -1 => -1 ) );
  11 if( !isset( $borked[-1] ) ) {
  12         echo "PHP 5.0.x is buggy on your 64-bit system; you must upgrade to PHP 5.1.x\n" .
  13              "or higher. ABORTING. (http://bugs.php.net/bug.php?id=34879 for details)\n";
  14         die( -1 );
  15 }
  16
  17 # Protect against register_globals
  18 # This must be done before any globals are set by the code
  19 if ( ini_get( 'register_globals' ) ) {
  20         if ( isset( $_REQUEST['GLOBALS'] ) ) {
  21                 die( '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>');
  22         }
  23         $verboten = array(
  24                 'GLOBALS',
  25                 '_SERVER',
  26                 'HTTP_SERVER_VARS',
  27                 '_GET',
  28                 'HTTP_GET_VARS',
  29                 '_POST',
  30                 'HTTP_POST_VARS',
  31                 '_COOKIE',
  32                 'HTTP_COOKIE_VARS',
  33                 '_FILES',
  34                 'HTTP_POST_FILES',
  35                 '_ENV',
  36                 'HTTP_ENV_VARS',
  37                 '_REQUEST',
  38                 '_SESSION',
  39                 'HTTP_SESSION_VARS'
  40         );
  41         foreach ( $_REQUEST as $name => $value ) {
  42                 if( in_array( $name, $verboten ) ) {
  43                         header( "HTTP/1.x 500 Internal Server Error" );
  44                         echo "register_globals security paranoia: trying to overwrite superglobals, aborting.";
  45                         die( -1 );
  46                 }
  47                 unset( $GLOBALS[$name] );
  48         }
  49 }
  50
  51 $wgRequestTime = microtime(true);
  52 # getrusage() does not exist on the Microsoft Windows platforms, catching this
  53 if ( function_exists ( 'getrusage' ) ) {
  54         $wgRUstart = getrusage();
  55 } else {
  56         $wgRUstart = array();
  57 }
  58 unset( $IP );
  59 @ini_set( 'allow_url_fopen', 0 ); # For security
  60
  61 # Valid web server entry point, enable includes.
  62 # Please don't move this line to includes/Defines.php. This line essentially
  63 # defines a valid entry point. If you put it in includes/Defines.php, then
  64 # any script that includes it becomes an entry point, thereby defeating
  65 # its purpose.
  66 define( 'MEDIAWIKI', true );
  67
  68 # Full path to working directory.
  69 # Makes it possible to for example to have effective exclude path in apc.
  70 # Also doesn't break installations using symlinked includes, like
  71 # dirname( __FILE__ ) would do.
  72 $IP = getenv( 'MW_INSTALL_PATH' );
  73 if ( $IP === false ) {
  74         $IP = realpath( '.' );
  75 }
  76
  77 # Start profiler
  78 require_once( "$IP/StartProfiler.php" );
  79 wfProfileIn( 'WebStart.php-conf' );
  80
  81 # Load up some global defines.
  82 require_once( "$IP/includes/Defines.php" );
  83
  84 # LocalSettings.php is the per site customization file. If it does not exit
  85 # the wiki installer need to be launched or the generated file moved from
  86 # ./config/ to ./
  87 if( !file_exists( "$IP/LocalSettings.php" ) ) {
  88         require_once( "$IP/includes/DefaultSettings.php" ); # used for printing the version
  89         require_once( "$IP/includes/templates/NoLocalSettings.php" );
  90         die();
  91 }
  92
  93 # Start the autoloader, so that extensions can derive classes from core files
  94 require_once( "$IP/includes/AutoLoader.php" );
  95
  96 # Include site settings. $IP may be changed (hopefully before the AutoLoader is invoked)
  97 require_once( "$IP/LocalSettings.php" );
  98 wfProfileOut( 'WebStart.php-conf' );
  99
 100 wfProfileIn( 'WebStart.php-ob_start' );
 101 # Initialise output buffering
 102 if ( ob_get_level() ) {
 103         # Someone's been mixing configuration data with code!
 104         # How annoying.
 105 } elseif ( !defined( 'MW_NO_OUTPUT_BUFFER' ) ) {
 106         require_once( "$IP/includes/OutputHandler.php" );
 107         ob_start( 'wfOutputHandler' );
 108 }
 109 wfProfileOut( 'WebStart.php-ob_start' );
 110
 111 if ( !defined( 'MW_NO_SETUP' ) ) {
 112         require_once( "$IP/includes/Setup.php" );
 113 }