includes/WebStart.php

   1 <?php
   2 /**
   3  * This does the initial setup for a web request.
   4  * It does some security checks, starts the profiler and loads the
   5  * configuration, and optionally loads Setup.php depending on whether
   6  * MW_NO_SETUP is defined.
   7  *
   8  * @file
   9  */
  10
  11 /**
  12  * Detect compiled mode by looking for a function that only exists if compiled
  13  * in. Note that we can't use function_exists(), because it is terribly broken
  14  * under HipHop due to the "volatile" feature.
  15  *
  16  * @return bool
  17  */
  18 function wfDetectCompiledMode() {
  19         try {
  20                 $r = new ReflectionFunction( 'wfHipHopCompilerVersion' );
  21         } catch ( ReflectionException $e ) {
  22                 $r = false;
  23         }
  24         return $r !== false;
  25 }
  26
  27 # Protect against register_globals
  28 # This must be done before any globals are set by the code
  29 if ( ini_get( 'register_globals' ) ) {
  30         if ( isset( $_REQUEST['GLOBALS'] ) ) {
  31                 die( '<a href="http://www.hardened-php.net/globals-problem">$GLOBALS overwrite vulnerability</a>');
  32         }
  33         $verboten = array(
  34                 'GLOBALS',
  35                 '_SERVER',
  36                 'HTTP_SERVER_VARS',
  37                 '_GET',
  38                 'HTTP_GET_VARS',
  39                 '_POST',
  40                 'HTTP_POST_VARS',
  41                 '_COOKIE',
  42                 'HTTP_COOKIE_VARS',
  43                 '_FILES',
  44                 'HTTP_POST_FILES',
  45                 '_ENV',
  46                 'HTTP_ENV_VARS',
  47                 '_REQUEST',
  48                 '_SESSION',
  49                 'HTTP_SESSION_VARS'
  50         );
  51         foreach ( $_REQUEST as $name => $value ) {
  52                 if( in_array( $name, $verboten ) ) {
  53                         header( "HTTP/1.1 500 Internal Server Error" );
  54                         echo "register_globals security paranoia: trying to overwrite superglobals, aborting.";
  55                         die( -1 );
  56                 }
  57                 unset( $GLOBALS[$name] );
  58         }
  59 }
  60
  61 # bug 15461: Make IE8 turn off content sniffing. Everbody else should ignore this
  62 # We're adding it here so that it's *always* set, even for alternate entry
  63 # points and when $wgOut gets disabled or overridden.
  64 header( 'X-Content-Type-Options: nosniff' );
  65
  66 $wgRequestTime = microtime(true);
  67 # getrusage() does not exist on the Microsoft Windows platforms, catching this
  68 if ( function_exists ( 'getrusage' ) ) {
  69         $wgRUstart = getrusage();
  70 } else {
  71         $wgRUstart = array();
  72 }
  73 unset( $IP );
  74
  75 # Valid web server entry point, enable includes.
  76 # Please don't move this line to includes/Defines.php. This line essentially
  77 # defines a valid entry point. If you put it in includes/Defines.php, then
  78 # any script that includes it becomes an entry point, thereby defeating
  79 # its purpose.
  80 define( 'MEDIAWIKI', true );
  81
  82 # Full path to working directory.
  83 # Makes it possible to for example to have effective exclude path in apc.
  84 # Also doesn't break installations using symlinked includes, like
  85 # dirname( __FILE__ ) would do.
  86 $IP = getenv( 'MW_INSTALL_PATH' );
  87 if ( $IP === false ) {
  88         $IP = realpath( '.' );
  89 }
  90
  91 if ( wfDetectCompiledMode() ) {
  92         define( 'MW_COMPILED', 1 );
  93 }
  94
  95 if ( !defined( 'MW_COMPILED' ) ) {
  96         # Get MWInit class
  97         require_once( "$IP/includes/Init.php" );
  98
  99         # Start the autoloader, so that extensions can derive classes from core files
 100         require_once( "$IP/includes/AutoLoader.php" );
 101
 102         # Start profiler
 103         # @todo FIXME: Rewrite wfProfileIn/wfProfileOut so that they can work in compiled mode
 104         require_once( "$IP/includes/profiler/Profiler.php" );
 105         if ( file_exists( "$IP/StartProfiler.php" ) ) {
 106                 require_once( "$IP/StartProfiler.php" );
 107         }
 108
 109         # Load up some global defines.
 110         require_once( "$IP/includes/Defines.php" );
 111 }
 112
 113 wfProfileIn( 'WebStart.php-conf' );
 114
 115 # Load default settings
 116 require_once( MWInit::compiledPath( "includes/DefaultSettings.php" ) );
 117
 118 if ( defined( 'MW_CONFIG_CALLBACK' ) ) {
 119         # Use a callback function to configure MediaWiki
 120         MWFunction::call( MW_CONFIG_CALLBACK );
 121 } else {
 122         if ( !defined( 'MW_CONFIG_FILE' ) ) {
 123                 define('MW_CONFIG_FILE', MWInit::interpretedPath( 'LocalSettings.php' ) );
 124         }
 125
 126         # LocalSettings.php is the per site customization file. If it does not exist
 127         # the wiki installer needs to be launched or the generated file uploaded to
 128         # the root wiki directory
 129         if( !file_exists( MW_CONFIG_FILE ) ) {
 130                 $script = $_SERVER['SCRIPT_NAME'];
 131                 $path = htmlspecialchars( str_replace( '//', '/', pathinfo( $script, PATHINFO_DIRNAME ) ) );
 132                 $ext = htmlspecialchars( pathinfo( $script, PATHINFO_EXTENSION ) );
 133
 134                 # Check to see if the installer is running
 135                 if ( !function_exists( 'session_name' ) ) {
 136                         $installerStarted = false;
 137                 } else {
 138                         session_name( 'mw_installer_session' );
 139                         $oldReporting = error_reporting( E_ALL & ~E_NOTICE );
 140                         $success = session_start();
 141                         error_reporting( $oldReporting );
 142                         $installerStarted = ( $success && isset( $_SESSION['installData'] ) );
 143                 }
 144
 145                 $please = $installerStarted
 146                         ? "Please <a href=\"$path/mw-config/index.$ext\"> complete the installation</a> and download LocalSettings.php."
 147                         : "Please <a href=\"$path/mw-config/index.$ext\"> set up the wiki</a> first.";
 148
 149                 wfDie( "<p>LocalSettings.php not found.</p><p>$please</p>" );
 150         }
 151
 152         # Include site settings. $IP may be changed (hopefully before the AutoLoader is invoked)
 153         require_once( MW_CONFIG_FILE );
 154 }
 155
 156 if ( $wgEnableSelenium ) {
 157         require_once( MWInit::compiledPath( "includes/SeleniumWebSettings.php" ) );
 158 }
 159
 160 wfProfileOut( 'WebStart.php-conf' );
 161
 162 wfProfileIn( 'WebStart.php-ob_start' );
 163 # Initialise output buffering
 164 # Check that there is no previous output or previously set up buffers, because
 165 # that would cause us to potentially mix gzip and non-gzip output, creating a
 166 # big mess.
 167 if ( !defined( 'MW_NO_OUTPUT_BUFFER' ) && ob_get_level() == 0 ) {
 168         if ( !defined( 'MW_COMPILED' ) ) {
 169                 require_once( "$IP/includes/OutputHandler.php" );
 170         }
 171         ob_start( 'wfOutputHandler' );
 172 }
 173 wfProfileOut( 'WebStart.php-ob_start' );
 174
 175 if ( !defined( 'MW_NO_SETUP' ) ) {
 176         require_once( MWInit::compiledPath( "includes/Setup.php" ) );
 177 }
 178