* http://www.gnu.org/copyleft/gpl.html
*/
-$wgApiStartTime = microtime(true);
+// Initialise common code
+require (dirname(__FILE__) . '/includes/WebStart.php');
/**
* When no format parameter is given, this format will be used
'yamlfm' => 'ApiFormatYaml'
);
-// Initialise common code
-require (dirname(__FILE__) . '/includes/WebStart.php');
wfProfileIn('api.php');
// Verify that the API has not been disabled
-// The next line should be
-// if (isset ($wgEnableAPI) && !$wgEnableAPI) {
-// but will be in a safe mode until api is stabler
-if (!isset ($wgEnableAPI) || !$wgEnableAPI) {
+if (!$wgEnableAPI) {
echo 'MediaWiki API is not enabled for this site. Add the following line to your LocalSettings.php';
echo '<pre><b>$wgEnableAPI=true;</b></pre>';
die(-1);
$wgAutoloadClasses = array_merge($wgAutoloadClasses, $wgApiAutoloadClasses);
-if (!isset($wgEnableWriteAPI))
- $wgEnableWriteAPI = false; // This should be 'true' later, once the api is stable.
-
-$processor = new ApiMain($wgApiStartTime, $wgApiModules, $wgApiFormats, $wgEnableWriteAPI);
+$processor = new ApiMain($wgRequestTime, $wgApiModules, $wgApiFormats, $wgEnableWriteAPI);
$processor->execute();
wfProfileOut('api.php');
wfLogProfilingData();
-exit; // Done!
?>
# starts the profiler and loads the configuration, and optionally loads
# Setup.php depending on whether MW_NO_SETUP is defined.
+# Protect against register_globals
+# This must be done before any globals are set by the code
+if ( ini_get( 'register_globals' ) ) {
+ if ( isset( $_REQUEST['GLOBALS'] ) ) {
+ die( '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>');
+ }
+ foreach ( $_REQUEST as $name => $value ) {
+ unset( $GLOBALS[$name] );
+ }
+}
+
$wgRequestTime = microtime(true);
# getrusage() does not exist on the Microsoft Windows platforms, catching this
if ( function_exists ( 'getrusage' ) ) {
unset( $IP );
@ini_set( 'allow_url_fopen', 0 ); # For security
-if ( isset( $_REQUEST['GLOBALS'] ) ) {
- die( '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>');
-}
-
# Valid web server entry point, enable includes.
# Please don't move this line to includes/Defines.php. This line essentially
# defines a valid entry point. If you put it in includes/Defines.php, then