privilege, such as the 'Developer' account created by the install.
Fixes and tweaks:
+* Now works with register_globals off!
+* Works with short tags disabled.
* Should work out of the box on MySQL 3.2.x again. On 4.x set
$wgEnablePersistentLC = true; to turn on the link cache table
for a slight rendering speed boost.
* rebuildMessages.php can now selectively update new messages, or
overwrite everything.
-* Works with short tags disabled.
* Various bug fixes.
* Other stuff we forgot.
* Documentation more out of date than ever before!
# Whether to allow anonymous users to set changes to 'minor'
$wgAllowAnonymousMinor = false;
+
+if( !isset( $wgCommandLineMode ) ) {
+ $wgCommandLineMode = false;
+}
+
?>
# if this is a comment, show a subject line at the top, which is also the edit summary.
# Otherwise, show a summary field at the bottom
if($section=="new") {
-
$commentsubject="{$subject}: <input tabindex=1 type=text value=\"{$wpSummary}\" name=\"wpSummary\" maxlength=200 size=60><br>";
+ $editsummary = "";
} else {
-
+ $commentsubject = "";
$editsummary="{$summary}: <input tabindex=3 type=text value=\"{$wpSummary}\" name=\"wpSummary\" maxlength=200 size=60><br>";
}
if ( !$message && $useDB) {
$sql = "SELECT cur_text FROM cur WHERE cur_namespace=" . NS_MEDIAWIKI .
" AND cur_title='$title'";
- $res = wfQuery( $sql, DB_READ, $fname );
+ $res = wfQuery( $sql, DB_READ, "MessageCache::get" );
if ( wfNumRows( $res ) ) {
$obj = wfFetchObject( $res );
# Useful debug output
if ( function_exists( "getallheaders" ) ) {
wfDebug( "\nStart request\n" );
- wfDebug( "$REQUEST_METHOD $REQUEST_URI\n" );
+ wfDebug( $_SERVER['REQUEST_METHOD'] . ' ' . $_SERVER['REQUEST_URI'] . "\n" );
$headers = getallheaders();
foreach ($headers as $name => $value) {
wfDebug( "$name: $value\n" );
}
wfDebug( "\n" );
} else {
- wfDebug( "$REQUEST_METHOD $REQUEST_URI\n" );
-}
-
-# Fix "magic" quotes
-if ( get_magic_quotes_gpc() ) {
- foreach ( $_REQUEST as $field => $value ) {
- $_REQUEST[$field] = stripslashes( $value );
- }
+ wfDebug( $_SERVER['REQUEST_METHOD'] . ' ' . $_SERVER['REQUEST_URI'] . "\n" );
}
# Set up Memcached
"sample"=>"",
"tip"=>wfMsg("hr_tip"))
);
- $toolbar.="<script type='text/javascript'>\n";
+ $toolbar ="<script type='text/javascript'>\n";
$toolbar.="document.writeln(\"<div id='toolbar'>\");\n";
foreach($toolarray as $tool) {
function unsaveUploadedFile()
{
global $wpSessionKey, $wpUploadOldVersion;
- global $wgUploadDirectory, $wgOut, $wsUploadFiles;
+ global $wgUploadDirectory, $wgOut;
- $wgSavedFile = $wsUploadFiles[$wpSessionKey];
+ $wgSavedFile = $_SESSION['wsUploadFiles'][$wpSessionKey];
$wgUploadOldVersion = $wpUploadOldVersion;
if ( ! @unlink( $wgSavedFile ) ) {
global $wpUploadDescription, $wpIgnoreWarning;
global $wpUploadSaveName, $wpUploadTempName, $wpUploadSize;
global $wgSavedFile, $wgUploadOldVersion;
- global $wpSessionKey, $wpUploadOldVersion, $wsUploadFiles;
+ global $wpSessionKey, $wpUploadOldVersion;
global $wgUseCopyrightUpload , $wpUploadCopyStatus , $wpUploadSource ;
# wgSavedFile is stored in the session not the form, for security
$wpSessionKey = mt_rand( 0, 0x7fffffff );
- $wsUploadFiles[$wpSessionKey] = $wgSavedFile;
+ $_SESSION['wsUploadFiles'][$wpSessionKey] = $wgSavedFile;
$sub = wfMsg( "uploadwarning" );
$wgOut->addHTML( "<h2>{$sub}</h2>\n" );
function SetupSession() {
global $wgSessionsInMemcached, $wgCookiePath, $wgCookieDomain;
- global $wsUserID, $wsUserName, $wsUserPassword, $wsUploadFiles;
if( $wgSessionsInMemcached ) {
include_once( "MemcachedSessions.php" );
}
session_set_cookie_params( 0, $wgCookiePath, $wgCookieDomain );
session_cache_limiter( "private, must-revalidate" );
session_start();
- session_register( "wsUserID" );
- session_register( "wsUserName" );
- session_register( "wsUserPassword" );
- session_register( "wsUploadFiles" );
}
/* static */ function loadFromSession()
{
- global $HTTP_COOKIE_VARS, $wsUserID, $wsUserName, $wsUserPassword;
global $wgMemc, $wgDBname;
- if ( isset( $wsUserID ) ) {
- if ( 0 != $wsUserID ) {
- $sId = $wsUserID;
+ if ( isset( $_SESSION['wsUserID'] ) ) {
+ if ( 0 != $_SESSION['wsUserID'] ) {
+ $sId = $_SESSION['wsUserID'];
} else {
return new User();
}
- } else if ( isset( $HTTP_COOKIE_VARS["{$wgDBname}UserID"] ) ) {
- $sId = IntVal( $HTTP_COOKIE_VARS["{$wgDBname}UserID"] );
- $wsUserID = $sId;
+ } else if ( isset( $_COOKIE["{$wgDBname}UserID"] ) ) {
+ $sId = IntVal( $_COOKIE["{$wgDBname}UserID"] );
+ $_SESSION['wsUserID'] = $sId;
} else {
return new User();
}
- if ( isset( $wsUserName ) ) {
- $sName = $wsUserName;
+ if ( isset( $_SESSION['wsUserName'] ) ) {
+ $sName = $_SESSION['wsUserName'];
} else if ( isset( $HTTP_COOKIE_VARS["{$wgDBname}UserName"] ) ) {
$sName = $HTTP_COOKIE_VARS["{$wgDBname}UserName"];
- $wsUserName = $sName;
+ $_SESSION['wsUserName'] = $sName;
} else {
return new User();
}
wfDebug( "User::loadFromSession() got from cache!\n" );
}
- if ( isset( $wsUserPassword ) ) {
- $passwordCorrect = $wsUserPassword == $user->mPassword;
+ if ( isset( $_SESSION['wsUserPassword'] ) ) {
+ $passwordCorrect = $_SESSION['wsUserPassword'] == $user->mPassword;
} else if ( isset( $HTTP_COOKIE_VARS["{$wgDBname}Password"] ) ) {
$user->mCookiePassword = $HTTP_COOKIE_VARS["{$wgDBname}Password"];
- $wsUserPassword = $user->addSalt( $user->mCookiePassword );
- $passwordCorrect = $wsUserPassword == $user->mPassword;
+ $_SESSION['wsUserPassword'] = $user->addSalt( $user->mCookiePassword );
+ $passwordCorrect = $_SESSION['wsUserPassword'] == $user->mPassword;
} else {
return new User(); # Can't log in from session
}
function setCookies()
{
- global $wsUserID, $wsUserName, $wsUserPassword;
global $wgCookieExpiration, $wgCookiePath, $wgCookieDomain, $wgDBname;
if ( 0 == $this->mId ) return;
$this->loadFromDatabase();
$exp = time() + $wgCookieExpiration;
- $wsUserID = $this->mId;
+ $_SESSION['wsUserID'] = $this->mId;
setcookie( "{$wgDBname}UserID", $this->mId, $exp, $wgCookiePath, $wgCookieDomain );
- $wsUserName = $this->mName;
+ $_SESSION['wsUserName'] = $this->mName;
setcookie( "{$wgDBname}UserName", $this->mName, $exp, $wgCookiePath, $wgCookieDomain );
- $wsUserPassword = $this->mPassword;
+ $_SESSION['wsUserPassword'] = $this->mPassword;
if ( 1 == $this->getOption( "rememberpassword" ) ) {
setcookie( "{$wgDBname}Password", $this->mCookiePassword, $exp, $wgCookiePath, $wgCookieDomain );
} else {
function logout()
{
- global $wsUserID, $wgCookiePath, $wgCookieDomain, $wgDBname;
$this->mId = 0;
- $wsUserID = 0;
+ $_SESSION['wsUserID'] = 0;
setcookie( "{$wgDBname}UserID", "", time() - 3600, $wgCookiePath, $wgCookieDomain );
setcookie( "{$wgDBname}Password", "", time() - 3600, $wgCookiePath, $wgCookieDomain );
#
$wgRequestTime = microtime();
+## Enable this to debug total elimination of register_globals
+#define( "DEBUG_GLOBALS", 1 );
+
+if( defined('DEBUG_GLOBALS') ) error_reporting(E_ALL);
+
+function &fix_magic_quotes( &$arr ) {
+ foreach( $arr as $key => $val ) {
+ if( is_array( $val ) ) {
+ fix_magic_quotes( $arr[$key] );
+ } else {
+ $arr[$key] = stripslashes( $val );
+ }
+ }
+ return $arr;
+}
+
+if ( get_magic_quotes_gpc() ) {
+ fix_magic_quotes( $_COOKIE );
+ fix_magic_quotes( $_ENV );
+ fix_magic_quotes( $_GET );
+ fix_magic_quotes( $_POST );
+ fix_magic_quotes( $_REQUEST );
+ fix_magic_quotes( $_SERVER );
+} elseif( defined('DEBUG_GLOBALS') ) {
+ die("DEBUG_GLOBALS: turn on magic_quotes_gpc" );
+}
+
+if( defined('DEBUG_GLOBALS') ) {
+ if( ini_get( "register_globals" ) ) {
+ die( "DEBUG_GLOBALS: turn off register_globals" );
+ }
+} elseif( !ini_get( "register_globals" ) ) {
+ # Insecure, but at least it'll run
+ import_request_variables( "GPC" );
+}
+
unset( $IP );
ini_set( "allow_url_fopen", 0 ); # For security...
if(!file_exists("LocalSettings.php")) {
- die( "You'll have to <a href='config/index.php'>set the wiki up</a> first!" );
+ die( "You'll have to <a href='$wgScriptPath/config/index.php'>set the wiki up</a> first!" );
}
include_once( "./LocalSettings.php" );
die( "You must set the site name in \$wgSitename before installation.\n\n" );
}
-# Windows requires ';' as separator, ':' for Unix
-$sep = strchr( $include_path = ini_get( "include_path" ), ";" ) ? ";" : ":";
-ini_set( "include_path", "$IP$sep$include_path" );
+# PATH_SEPARATOR avaialble only from 4.3.0
+$sep = (DIRECTORY_SEPARATOR == "\\") ? ";" : ":";
+ini_set( "include_path", $IP . $sep . ini_get( "include_path" ) );
include_once( "Setup.php" );
$action = strtolower( trim( $action ) );
if ( "" == $action ) { $action = "view"; }
-if ( "yes" == $_REQUEST['printable'] ) { $wgOut->setPrintable(); }
+if ( !empty( $_REQUEST['printable'] ) && $_REQUEST['printable'] == "yes") {
+ $wgOut->setPrintable();
+}
if ( "" == $title && "delete" != $action ) {
$wgTitle = Title::newFromText( wfMsg( "mainpage" ) );
-} elseif ( $_REQUEST['curid'] ) {
+} elseif ( !empty( $_REQUEST['curid'] ) ) {
# URLs like this are generated by RC, because rc_title isn't always accurate
$wgTitle = Title::newFromID( $_REQUEST['curid'] );
} else {
}
}
-if ( "" != $_REQUEST['search'] ) {
+if ( !empty( $_REQUEST['search'] ) ) {
if( isset($_REQUEST['fulltext']) ) {
wfSearch( $_REQUEST['search'] );
} else {
if( version_compare( phpversion(), "4.3.2" ) < 0 ) {
echo "WARNING: PHP 4.3.2 or higher is recommended. Older versions from 4.1.x up may work but are not actively supported.\n\n";
}
- if( !ini_get( "register_globals" ) ) {
- echo "WARNING: register_globals is not on; MediaWiki currently relies on this option.\n\n";
- }
if (!extension_loaded('mysql')) {
if (!dl('mysql.so')) {