* (bug 11342) Fix several 'returnto' links in permissions/error pages which
linked to the main page instead of targetted page
* Strike the link to the redirect rather than using an asterisk in Special:Listredirects
-
+* (bug 11355) Fix false positives in Safe Mode and other config detection
+ when boolean settings are disabled with 'Off' via php_admin_value/php_value
=== API changes in 1.12 ===
}
print "</li>\n";
-if( ini_get( "register_globals" ) ) {
+if( wfIniGetBool( "register_globals" ) ) {
?>
<li>
<div style="font-size:110%">
$fatal = false;
-if( ini_get( "magic_quotes_runtime" ) ) {
+if( wfIniGetBool( "magic_quotes_runtime" ) ) {
$fatal = true;
?><li class='error'><strong>Fatal: <a href='http://www.php.net/manual/en/ref.info.php#ini.magic-quotes-runtime'>magic_quotes_runtime</a> is active!</strong>
This option corrupts data input unpredictably; you cannot install or use
<?php
}
-if( ini_get( "magic_quotes_sybase" ) ) {
+if( wfIniGetBool( "magic_quotes_sybase" ) ) {
$fatal = true;
?><li class='error'><strong>Fatal: <a href='http://www.php.net/manual/en/ref.sybase.php#ini.magic-quotes-sybase'>magic_quotes_sybase</a> is active!</strong>
This option corrupts data input unpredictably; you cannot install or use
<?php
}
-if( ini_get( "mbstring.func_overload" ) ) {
+if( wfIniGetBool( "mbstring.func_overload" ) ) {
$fatal = true;
?><li class='error'><strong>Fatal: <a href='http://www.php.net/manual/en/ref.mbstring.php#mbstring.overload'>mbstring.func_overload</a> is active!</strong>
This option causes errors and may corrupt data unpredictably;
<?php
}
-if( ini_get( "zend.ze1_compatibility_mode" ) ) {
+if( wfIniGetBool( "zend.ze1_compatibility_mode" ) ) {
$fatal = true;
?><li class="error"><strong>Fatal: <a href="http://www.php.net/manual/en/ini.core.php">zend.ze1_compatibility_mode</a> is active!</strong>
This option causes horrible bugs with MediaWiki; you cannot install or use
dieout( "</ul><p>Cannot install MediaWiki.</p>" );
}
-if( ini_get( "safe_mode" ) ) {
+if( wfIniGetBool( "safe_mode" ) ) {
$conf->safeMode = true;
?>
<li><b class='error'>Warning:</b> <strong>PHP's
/* -------------------------------------------------------------------------------------- */
function writeSuccessMessage() {
$script = defined('MW_INSTALL_PHP5_EXT') ? 'index.php5' : 'index.php';
- if ( ini_get( 'safe_mode' ) && !ini_get( 'open_basedir' ) ) {
+ if ( wfIniGetBool( 'safe_mode' ) && !ini_get( 'open_basedir' ) ) {
echo <<<EOT
<div class="success-box">
<p>Installation successful!</p>
}
}
+/**
+ * Safety wrapper around ini_get() for boolean settings.
+ * The values returned from ini_get() are pre-normalized for settings
+ * set via php.ini or php_flag/php_admin_flag... but *not*
+ * for those set via php_value/php_admin_value.
+ *
+ * It's fairly common for people to use php_value instead of php_flag,
+ * which can leave you with an 'off' setting giving a false positive
+ * for code that just takes the ini_get() return value as a boolean.
+ *
+ * To make things extra interesting, setting via php_value accepts
+ * "true" as true, but php.ini and php_flag consider it false. :)
+ * Unrecognized values go false... again opposite PHP's own coercion
+ * from string to bool.
+ *
+ * Luckily, 'properly' set settings will always come back as '0' or '1',
+ * so we only have to worry about them and the 'improper' settings.
+ *
+ * I frickin' hate PHP... :P
+ *
+ * @param string $setting
+ * @return bool
+ */
+function wfIniGetBool( $setting ) {
+ $val = ini_get( $setting );
+ // 'on' and 'true' can't have whitespace around them, but '1' can.
+ return trim( $val ) == '1'
+ || strtolower( $val ) == 'on'
+ || strtolower( $val ) == 'true';
+}
+
/**
* Execute a shell command, with time and memory limits mirrored from the PHP
* configuration if supported.
function wfShellExec( $cmd, &$retval=null ) {
global $IP, $wgMaxShellMemory, $wgMaxShellFileSize;
- if( ini_get( 'safe_mode' ) ) {
+ if( wfIniGetBool( 'safe_mode' ) ) {
wfDebug( "wfShellExec can't run in safe_mode, PHP's exec functions are too broken.\n" );
$retval = 1;
return "Unable to run external programs in safe mode.";
# If session.auto_start is there, we can't touch session name
#
-if( !ini_get( 'session.auto_start' ) )
+if( !wfIniGetBool( 'session.auto_start' ) )
session_name( $wgSessionName ? $wgSessionName : $wgCookiePrefix . '_session' );
if( !$wgCommandLineMode && ( $wgRequest->checkSessionCookie() || isset( $_COOKIE[$wgCookiePrefix.'Token'] ) ) ) {
function mw_have_dl() {
return function_exists( 'dl' )
&& is_callable( 'dl' )
- && ini_get( 'enable_dl' )
- && !ini_get( 'safe_mode' );
+ && wfIniGetBool( 'enable_dl' )
+ && !wfIniGetBool( 'safe_mode' );
}
\ No newline at end of file