From 983e2d0ff7a14c5a4afa29e9cb945fce4434946f Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Mon, 17 Sep 2007 19:44:15 +0000 Subject: [PATCH] * (bug 11355) Fix false positives in Safe Mode and other config detection when boolean settings are disabled with 'Off' via php_admin_value/php_value --- RELEASE-NOTES | 3 ++- config/index.php | 14 +++++++------- includes/GlobalFunctions.php | 33 ++++++++++++++++++++++++++++++++- includes/Setup.php | 2 +- install-utils.inc | 4 ++-- 5 files changed, 44 insertions(+), 12 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 9142fcda41..aaae526b45 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -57,7 +57,8 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN * (bug 11342) Fix several 'returnto' links in permissions/error pages which linked to the main page instead of targetted page * Strike the link to the redirect rather than using an asterisk in Special:Listredirects - +* (bug 11355) Fix false positives in Safe Mode and other config detection + when boolean settings are disabled with 'Off' via php_admin_value/php_value === API changes in 1.12 === diff --git a/config/index.php b/config/index.php index 0de3814caf..cd514d20f3 100644 --- a/config/index.php +++ b/config/index.php @@ -325,7 +325,7 @@ foreach (array_keys($ourdb) AS $db) { } print "\n"; -if( ini_get( "register_globals" ) ) { +if( wfIniGetBool( "register_globals" ) ) { ?>
  • @@ -339,7 +339,7 @@ if( ini_get( "register_globals" ) ) { $fatal = false; -if( ini_get( "magic_quotes_runtime" ) ) { +if( wfIniGetBool( "magic_quotes_runtime" ) ) { $fatal = true; ?>
  • Fatal: magic_quotes_runtime is active! This option corrupts data input unpredictably; you cannot install or use @@ -347,7 +347,7 @@ if( ini_get( "magic_quotes_runtime" ) ) {
  • Fatal: magic_quotes_sybase is active! This option corrupts data input unpredictably; you cannot install or use @@ -355,7 +355,7 @@ if( ini_get( "magic_quotes_sybase" ) ) {
  • Fatal: mbstring.func_overload is active! This option causes errors and may corrupt data unpredictably; @@ -363,7 +363,7 @@ if( ini_get( "mbstring.func_overload" ) ) {
  • Fatal: zend.ze1_compatibility_mode is active! This option causes horrible bugs with MediaWiki; you cannot install or use @@ -376,7 +376,7 @@ if( $fatal ) { dieout( "

    Cannot install MediaWiki.

    " ); } -if( ini_get( "safe_mode" ) ) { +if( wfIniGetBool( "safe_mode" ) ) { $conf->safeMode = true; ?>
  • Warning: PHP's @@ -1435,7 +1435,7 @@ window.onload = toggleDBarea('DBtype; ?>', /* -------------------------------------------------------------------------------------- */ function writeSuccessMessage() { $script = defined('MW_INSTALL_PHP5_EXT') ? 'index.php5' : 'index.php'; - if ( ini_get( 'safe_mode' ) && !ini_get( 'open_basedir' ) ) { + if ( wfIniGetBool( 'safe_mode' ) && !ini_get( 'open_basedir' ) ) { echo <<

    Installation successful!

    diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php index 51c3121022..a67972ded0 100644 --- a/includes/GlobalFunctions.php +++ b/includes/GlobalFunctions.php @@ -1772,6 +1772,37 @@ function wfUrlProtocols() { } } +/** + * Safety wrapper around ini_get() for boolean settings. + * The values returned from ini_get() are pre-normalized for settings + * set via php.ini or php_flag/php_admin_flag... but *not* + * for those set via php_value/php_admin_value. + * + * It's fairly common for people to use php_value instead of php_flag, + * which can leave you with an 'off' setting giving a false positive + * for code that just takes the ini_get() return value as a boolean. + * + * To make things extra interesting, setting via php_value accepts + * "true" as true, but php.ini and php_flag consider it false. :) + * Unrecognized values go false... again opposite PHP's own coercion + * from string to bool. + * + * Luckily, 'properly' set settings will always come back as '0' or '1', + * so we only have to worry about them and the 'improper' settings. + * + * I frickin' hate PHP... :P + * + * @param string $setting + * @return bool + */ +function wfIniGetBool( $setting ) { + $val = ini_get( $setting ); + // 'on' and 'true' can't have whitespace around them, but '1' can. + return trim( $val ) == '1' + || strtolower( $val ) == 'on' + || strtolower( $val ) == 'true'; +} + /** * Execute a shell command, with time and memory limits mirrored from the PHP * configuration if supported. @@ -1783,7 +1814,7 @@ function wfUrlProtocols() { function wfShellExec( $cmd, &$retval=null ) { global $IP, $wgMaxShellMemory, $wgMaxShellFileSize; - if( ini_get( 'safe_mode' ) ) { + if( wfIniGetBool( 'safe_mode' ) ) { wfDebug( "wfShellExec can't run in safe_mode, PHP's exec functions are too broken.\n" ); $retval = 1; return "Unable to run external programs in safe mode."; diff --git a/includes/Setup.php b/includes/Setup.php index 66bae0a8ca..81436bbff9 100644 --- a/includes/Setup.php +++ b/includes/Setup.php @@ -198,7 +198,7 @@ $wgCookiePrefix = strtr($wgCookiePrefix, "=,; +.\"'\\[", "__________"); # If session.auto_start is there, we can't touch session name # -if( !ini_get( 'session.auto_start' ) ) +if( !wfIniGetBool( 'session.auto_start' ) ) session_name( $wgSessionName ? $wgSessionName : $wgCookiePrefix . '_session' ); if( !$wgCommandLineMode && ( $wgRequest->checkSessionCookie() || isset( $_COOKIE[$wgCookiePrefix.'Token'] ) ) ) { diff --git a/install-utils.inc b/install-utils.inc index a9892578c0..5b632d2071 100644 --- a/install-utils.inc +++ b/install-utils.inc @@ -135,6 +135,6 @@ function mw_get_session_save_path() { function mw_have_dl() { return function_exists( 'dl' ) && is_callable( 'dl' ) - && ini_get( 'enable_dl' ) - && !ini_get( 'safe_mode' ); + && wfIniGetBool( 'enable_dl' ) + && !wfIniGetBool( 'safe_mode' ); } \ No newline at end of file -- 2.20.1