dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
fix xss attack
[lhc/web/wiklou.git] / index.php
1 <?php
2 #apd_set_pprof_trace();
3 # Main wiki script; see design.doc
4 #
5 $wgRequestTime = microtime();
6
7 unset( $IP );
8 @ini_set( 'allow_url_fopen', 0 ); # For security...
9 if( !file_exists( 'LocalSettings.php' ) ) {
10 if ( file_exists( 'config/LocalSettings.php' ) ) {
11 die( "To complete the installation, move <tt>config/LocalSettings.php</tt> to the parent directory.\n" );
12 } else {
13 die( "You'll have to <a href='config/index.php'>set the wiki up</a> first!" );
14 }
15 }
16
17 # Valid web server entry point, enable includes.
18 # Please don't move this line to includes/Defines.php. This line essentially defines
19 # a valid entry point. If you put it in includes/Defines.php, then any script that includes
20 # it becomes an entry point, thereby defeating its purpose.
21 define( "MEDIAWIKI", true );
22
23 require_once( "./includes/Defines.php" );
24 require_once( "./LocalSettings.php" );
25 require_once( "includes/Setup.php" );
26
27 wfProfileIn( "main-misc-setup" );
28 OutputPage::setEncodings(); # Not really used yet
29
30 # Query string fields
31 $action = $wgRequest->getVal( "action", "view" );
32 $title = $wgRequest->getVal( "title" );
33
34 # Placeholders in case of DB error
35 $wgTitle = Title::newFromText( wfMsgForContent( "badtitle" ) );
36 $wgArticle = new Article($wgTitle);
37
38 $action = strtolower( trim( $action ) );
39 if ($wgRequest->getVal( "printable" ) == "yes") {
40 $wgOut->setPrintable();
41 }
42
43 if ( "" == $title && "delete" != $action ) {
44 $wgTitle = Title::newFromText( wfMsgForContent( "mainpage" ) );
45 } elseif ( $curid = $wgRequest->getInt( 'curid' ) ) {
46 # URLs like this are generated by RC, because rc_title isn't always accurate
47 $wgTitle = Title::newFromID( $curid );
48 } else {
49 $wgTitle = Title::newFromURL( $title );
50 }
51 wfProfileOut( "main-misc-setup" );
52
53 # If the user is not logged in, the Namespace:title of the article must be in
54 # the Read array in order for the user to see it. (We have to check here to
55 # catch special pages etc. We check again in Article::view())
56 if ( !is_null( $wgTitle ) && !$wgTitle->userCanRead() ) {
57 $wgOut->loginToUse();
58 $wgOut->output();
59 exit;
60 }
61
62 wfProfileIn( "main-action" );
63 $search = $wgRequest->getText( 'search' );
64 if( !is_null( $search ) && $search !== '' ) {
65 require_once( 'includes/SearchEngine.php' );
66 $wgTitle = Title::makeTitle( NS_SPECIAL, "Search" );
67 $searchEngine = new SearchEngine( $search );
68 if( $wgRequest->getVal( 'fulltext' ) ||
69 !is_null( $wgRequest->getVal( 'offset' ) ) ||
70 !is_null ($wgRequest->getVal( 'searchx' ) ) ) {
71 $searchEngine->showResults();
72 } else {
73 $searchEngine->goResult();
74 }
75 } else if( !$wgTitle or $wgTitle->getDBkey() == "" ) {
76 $wgTitle = Title::newFromText( wfMsgForContent( "badtitle" ) );
77 $wgOut->errorpage( "badtitle", "badtitletext" );
78 } else if ( $wgTitle->getInterwiki() != "" ) {
79 $url = $wgTitle->getFullURL();
80 # Check for a redirect loop
81 if ( !preg_match( "/^" . preg_quote( $wgServer, "/" ) . "/", $url ) && $wgTitle->isLocal() ) {
82 $wgOut->redirect( $url );
83 } else {
84 $wgTitle = Title::newFromText( wfMsgForContent( "badtitle" ) );
85 $wgOut->errorpage( "badtitle", "badtitletext" );
86 }
87 } else if ( ( $action == "view" ) &&
88 (!isset( $_GET['title'] ) || $wgTitle->getPrefixedDBKey() != $_GET['title'] ) &&
89 !count( array_diff( array_keys( $_GET ), array( 'action', 'title' ) ) ) )
90 {
91 /* redirect to canonical url, make it a 301 to allow caching */
92 $wgOut->redirect( $wgTitle->getFullURL(), '301');
93 } else if ( Namespace::getSpecial() == $wgTitle->getNamespace() ) {
94 # actions that need to be made when we have a special pages
95 require_once( 'includes/SpecialPage.php' );
96 if ( !$wgAllowSysopQueries ) {SpecialPage::removePage( 'Asksql' ); }
97 SpecialPage::executePath( $wgTitle );
98 } else {
99 if ( Namespace::getMedia() == $wgTitle->getNamespace() ) {
100 $wgTitle = Title::makeTitle( NS_IMAGE, $wgTitle->getDBkey() );
101 }
102
103 switch( $wgTitle->getNamespace() ) {
104 case NS_IMAGE:
105 require_once( "includes/ImagePage.php" );
106 $wgArticle = new ImagePage( $wgTitle );
107 break;
108 case NS_CATEGORY:
109 if ( $wgUseCategoryMagic ) {
110 require_once( "includes/CategoryPage.php" );
111 $wgArticle = new CategoryPage( $wgTitle );
112 break;
113 }
114 # NO break if wgUseCategoryMagic is false, drop through to next (default).
115 # Don't insert other cases between NS_CATEGORY and default.
116 default:
117 $wgArticle = new Article( $wgTitle );
118 }
119
120 switch( $action ) {
121 case "view":
122 $wgOut->setSquidMaxage( $wgSquidMaxage );
123 $wgArticle->view();
124 break;
125 case "watch":
126 case "unwatch":
127 case "delete":
128 case "revert":
129 case "rollback":
130 case "protect":
131 case "unprotect":
132 case "validate":
133 case "info":
134 case "markpatrolled":
135 $wgArticle->$action();
136 break;
137 case "print":
138 $wgArticle->view();
139 break;
140 case "dublincore":
141 if( !$wgEnableDublinCoreRdf ) {
142 wfHttpError( 403, "Forbidden", wfMsg( "nodublincore" ) );
143 } else {
144 require_once( "includes/Metadata.php" );
145 wfDublinCoreRdf( $wgArticle );
146 }
147 break;
148 case "creativecommons":
149 if( !$wgEnableCreativeCommonsRdf ) {
150 wfHttpError( 403, "Forbidden", wfMsg("nocreativecommons") );
151 } else {
152 require_once( "includes/Metadata.php" );
153 wfCreativeCommonsRdf( $wgArticle );
154 }
155 break;
156 case "credits":
157 require_once( "includes/Credits.php" );
158 showCreditsPage( $wgArticle );
159 break;
160 case "edit":
161 case "submit":
162 if( !$wgCommandLineMode && !$wgRequest->checkSessionCookie() ) {
163 User::SetupSession();
164 }
165 require_once( "includes/EditPage.php" );
166 $editor = new EditPage( $wgArticle );
167 $editor->submit();
168 break;
169 case "history":
170 if ($_SERVER["REQUEST_URI"] == $wgTitle->getInternalURL('action=history')) {
171 $wgOut->setSquidMaxage( $wgSquidMaxage );
172 }
173 require_once( "includes/PageHistory.php" );
174 $history = new PageHistory( $wgArticle );
175 $history->history();
176 break;
177 case "raw":
178 require_once( "includes/RawPage.php" );
179 $raw = new RawPage( $wgArticle );
180 $raw->view();
181 break;
182 case "purge":
183 wfPurgeSquidServers(array($wgTitle->getInternalURL()));
184 $wgOut->setSquidMaxage( $wgSquidMaxage );
185 $wgTitle->invalidateCache();
186 $wgArticle->view();
187 break;
188 default:
189 $wgOut->errorpage( "nosuchaction", "nosuchactiontext" );
190 }
191 }
192 wfProfileOut( "main-action" );
193
194 # Deferred updates aren't really deferred anymore. It's important to report errors to the
195 # user, and that means doing this before OutputPage::output(). Note that for page saves,
196 # the client will wait until the script exits anyway before following the redirect.
197 wfProfileIn( "main-updates" );
198 foreach ( $wgDeferredUpdateList as $up ) {
199 $up->doUpdate();
200 }
201 wfProfileOut( "main-updates" );
202
203 wfProfileIn( "main-cleanup" );
204 $wgLoadBalancer->saveMasterPos();
205
206 # Now commit any transactions, so that unreported errors after output() don't roll back the whole thing
207 $wgLoadBalancer->commitAll();
208
209 $wgOut->output();
210 wfProfileOut( "main-cleanup" );
211
212 logProfilingData();
213 $wgLoadBalancer->closeAll();
214 wfDebug( "Request ended normally\n" );
215 ?>
Wiklou, le Wiki du Wiklou