From: Brion Vibber <brion@users.mediawiki.org>
Date: Fri, 26 Mar 2004 16:47:12 +0000 (+0000)
Subject: Installation, compatibility, security fixlets:
X-Git-Tag: 1.3.0beta1~695
X-Git-Url: https://git.cyclocoop.org/admin/?a=commitdiff_plain;h=84027db7f2df8bb54b29daaf10ede871cf0f3d19;p=lhc%2Fweb%2Fwiklou.git

Installation, compatibility, security fixlets:
* Detect use of PHP as CGI and disable index.php/Title URLs
* Try to auto-create math tmp & output directories if not present
* Disable Asksql in default install ($wgAllowSysopQueries)

Added skin names to LanguageEo
---

diff --git a/config/index.php b/config/index.php
index 8291146d92..7ce92200f0 100644
--- a/config/index.php
+++ b/config/index.php
@@ -171,33 +171,51 @@ $conf = new ConfigData;
 install_version_checks();
 print "<li>PHP " . phpversion() . " ok</li>\n";
 
-/*
+$sapi = php_sapi_name();
+$conf->prettyURLs = true;
+print "<li>PHP server API is $sapi; ";
+switch( $sapi ) {
+case "apache":
+	print "ok, using pretty URLs (<tt>index.php/Page_Title</tt>)";
+	break;
+case "cgi":
+case "cgi-fcgi":
+	print "using ugly URLs (<tt>index.php?title=Page_Title</tt>)";
+	$conf->prettyURLs = false;
+	break;
+default:
+	print "unknown; using pretty URLs (<tt>index.php/Page_Title</tt>), if you have trouble change this in <tt>LocalSettings.php</tt>";
+}
+print "</li>\n";
+
 $conf->zlib = function_exists( "gzencode" );
-$z = $conf->zlib ? "Have" : "No";
-print "<li>$z zlib support</li>\n";
-*/
+if( $conf->zlib ) {
+	print "<li>Have zlib support; enabling output compression.</li>\n";
+} else {
+	print "<li>No zlib support.</li>\n";
+}
+
+$conf->ImageMagick = false;
 
 $conf->HaveGD = function_exists( "imagejpeg" );
 if( $conf->HaveGD ) {
 	print "<li>Found GD graphics library built-in, image thumbnailing will be enabled if you enable uploads.</li>\n";
 } else {
-	print "<li>No built-in GD library, image thumbnailing disabled.</li>\n";
-}
-
-/*
-if( file_exists( "/usr/bin/convert" ) ) {
-	$conf->ImageMagick = "/usr/bin/convert";
-	print "<li>Found ImageMagick: /usr/bin/convert</li>\n";
-} elseif( file_exists( "/usr/local/bin/convert" ) ) {
-	$conf->ImageMagick = "/usr/local/bin/convert";
-	print "<li>Found ImageMagick: /usr/local/bin/convert</li>\n";
-} else {
-	$conf->ImageMagick = false;
-	print "<li>No ImageMagick.</li>\n";
+	$imcheck = array( "/usr/bin", "/usr/local/bin", "/sw/bin" );
+	foreach( $imcheck as $dir ) {
+		$im = "$dir/convert";
+		if( file_exists( $im ) ) {
+			print "<li>Found ImageMagick: <tt>$im</tt>; image thumbnailing will be enabled if you enable uploads.</li>\n";
+			$conf->ImageMagick = $im;
+			break;
+		}
+	}
+	if( !$conf->ImageMagick ) {
+		print "<li>Couldn't find GD library or ImageMagick; image thumbnailing disabled.</li>\n";
+	}
 }
-*/
 
-$conf->UseImageResize = $conf->HaveGD;
+$conf->UseImageResize = $conf->HaveGD || $conf->ImageMagick;
 
 # $conf->IP = "/Users/brion/Sites/inplace";
 chdir( ".." );
@@ -374,7 +392,7 @@ if( $conf->posted && ( 0 == count( $errs ) ) ) {
 					$u->addToDatabase();
 					$u->setPassword( $conf->getSysopPass() );
 					$u->addRight( "sysop" );
-					$u->addRight( "developer" ); /* ?? */
+					$u->addRight( "bureaucrat" );
 					$u->saveSettings();
 					print "<li>Created sysop account <tt>" .
 						htmlspecialchars( $conf->SysopName ) . "</tt>.</li>\n";
@@ -411,9 +429,9 @@ if( $conf->posted && ( 0 == count( $errs ) ) ) {
 			  wfStrencode( wfMsg( "mainpagetext" ) ) . "','$now','$won','$now')";
 			$wgDatabase->query( $sql, $fname );
 			
-			print "<li>";
+			print "<li><pre>";
 			initialiseMessages();
-			print "</li>\n";
+			print "</pre></li>\n";
 			
 			if( $conf->Root ) {
 				# Grant user permissions
@@ -593,18 +611,22 @@ function writeAdminSettings( $conf ) {
 function writeLocalSettings( $conf ) {
 	$conf->DBmysql4 = $conf->DBmysql4 ? 'true' : 'false';
 	$conf->UseImageResize = $conf->UseImageResize ? 'true' : 'false';
-	$conf->DBsqluser = $conf->DBuser;
-	$conf->DBsqlpassword = $conf->DBpassword;
 	$conf->PasswordSender = $conf->EmergencyContact;
 	if( $conf->LanguageCode == "en-utf8" ) {
 		$conf->LanguageCode = "en";
 		$conf->Encoding = "UTF-8";
 	}
+	$zlib = ($conf->zlib ? "" : "# ");
+	$magic = ($conf->ImageMagick ? "" : "# ");
+	$convert = ($conf->ImageMagick ? $conf->ImageMagick : "/usr/bin/convert" );
+	$pretty = ($conf->prettyURLs ? "" : "# ");
+	$ugly = ($conf->prettyURLs ? "# " : "");
+	
 	$sep = (DIRECTORY_SEPARATOR == "\\") ? ";" : ":";
 	return "
-# This file was automatically generated. Don't touch unless you
-# know what you're doing; see LocalSettings.sample for an edit-
-# friendly file.
+# This file was automatically generated by the MediaWiki installer.
+# If you make manual changes, please keep track in case you need to
+# recreate them later.
 
 \$IP = \"{$conf->IP}\";
 ini_set( \"include_path\", \"\$IP/includes$sep\$IP/languages$sep\" . ini_get(\"include_path\") );
@@ -612,6 +634,9 @@ include_once( \"DefaultSettings.php\" );
 
 if( \$wgCommandLineMode ) {
 	die( \"Can't use command-line utils with in-place install yet, sorry.\" );
+} else {
+	## Compress output if the browser supports it
+	{$zlib}if( !ini_get( 'zlib.output_compression' ) ) ob_start( 'ob_gzhandler' );
 }
 
 \$wgSitename         = \"{$conf->Sitename}\";
@@ -620,7 +645,9 @@ if( \$wgCommandLineMode ) {
 \$wgScript           = \"\$wgScriptPath/index.php\";
 \$wgRedirectScript   = \"\$wgScriptPath/redirect.php\";
 
-\$wgArticlePath      = \"\$wgScript/\$1\";
+## If using PHP as a CGI module, use the ugly URLs
+{$pretty}\$wgArticlePath      = \"\$wgScript/\$1\";
+{$ugly}\$wgArticlePath      = \"\$wgScript?title=\$1\";
 
 \$wgStyleSheetPath   = \"\$wgScriptPath/stylesheets\";
 \$wgStyleSheetDirectory = \"\$IP/stylesheets\";
@@ -636,8 +663,16 @@ if( \$wgCommandLineMode ) {
 \$wgDBname           = \"{$conf->DBname}\";
 \$wgDBuser           = \"{$conf->DBuser}\";
 \$wgDBpassword       = \"{$conf->DBpassword}\";
-\$wgDBsqluser        = \"{$conf->DBsqluser}\";
-\$wgDBsqlpassword	= \"{$conf->DBsqlpassword}\";
+
+## To allow SQL queries through the wiki's Special:Askaql page,
+## uncomment the next lines. THIS IS VERY INSECURE. If you want
+## to allow semipublic read-only SQL access for your sysops,
+## you should define a MySQL user with limited privileges.
+## See MySQL docs: http://www.mysql.com/doc/en/GRANT.html
+#
+# $wgAllowSysopQueries = true;
+# $wgDBsqluser        = \"sqluser\";
+# $wgDBsqlpassword    = \"sqlpass\";
 
 \$wgDBmysql4 = \$wgEnablePersistentLC = {$conf->DBmysql4};
 
@@ -645,28 +680,31 @@ if( \$wgCommandLineMode ) {
 ## is writable, then uncomment this:
 # \$wgDisableUploads		= false;
 \$wgUseImageResize		= {$conf->UseImageResize};
+{$magic}\$wgUseImageMagick = true;
+{$magic}\$wgImageMagickConvertCommand = \"{$convert}\";
 
 ## If you have the appropriate support software installed
 ## you can enable inline LaTeX equations:
 # \$wgUseTeX			= true;
-# \$wgMathPath         = \"{\$wgUploadPath}/math\";
-# \$wgMathDirectory    = \"{\$wgUploadDirectory}/math\";
-# \$wgTmpDirectory     = \"{\$wgUploadDirectory}/tmp\";
-
-\$wgLocalInterwiki   = \$wgSitename;
-
-\$wgLanguageCode = \"{$conf->LanguageCode}\";
-" . ($conf->Encoding ? "\$wgInputEncoding = \$wgOutputEncoding = \"{$conf->Encoding}\";" : "" ) . "
+\$wgMathPath         = \"{\$wgUploadPath}/math\";
+\$wgMathDirectory    = \"{\$wgUploadDirectory}/math\";
+\$wgTmpDirectory     = \"{\$wgUploadDirectory}/tmp\";
 
+## Experimental layout template subsystems
 \$wgUsePHPTal = false;
 \$wgUseSmarty = false;
 if ( \$wgUsePHPTal ) {
-	ini_set( \"include_path\", \"\$IP/PHPTAL-NP-0.7.0/libs:\" . ini_get(\"include_path\") );
+      ini_set( \"include_path\", \"\$IP/PHPTAL-NP-0.7.0/libs$sep\" . ini_get(\"include_path\") );
 }
 if ( \$wgUseSmarty ) {
-	ini_set( \"include_path\", \"\$IP/Smarty-2.6.2/libs/:\" . ini_get(\"include_path\") );
+      ini_set( \"include_path\", \"\$IP/Smarty-2.6.2/libs$sep\" . ini_get(\"include_path\") );
 }
 
+\$wgLocalInterwiki   = \$wgSitename;
+
+\$wgLanguageCode = \"{$conf->LanguageCode}\";
+" . ($conf->Encoding ? "\$wgInputEncoding = \$wgOutputEncoding = \"{$conf->Encoding}\";" : "" ) . "
+
 ";
 }
 
@@ -724,4 +762,4 @@ function getLanguageList() {
 ?>
 
 </body>
-</html>
+</html>
\ No newline at end of file
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 12c30c21c0..9b9bcd0534 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -21,6 +21,9 @@ if ( @$wgCommandLineMode ) {
 $wgScriptPath	    = "/wiki";
 
 # ATTN: Old installations used wiki.phtml and redirect.phtml -
+# Whether to support URLs like index.php/Page_title
+$wgUsePathInfo		= ( strpos( php_sapi_name(), "cgi" ) === false );
+
 # make sure that LocalSettings.php is correctly set!
 $wgScript           = "{$wgScriptPath}/index.php";
 $wgRedirectScript   = "{$wgScriptPath}/redirect.php";
@@ -47,9 +50,14 @@ $wgDBserver         = "localhost";
 $wgDBname           = "wikidb";
 $wgDBconnection     = "";
 $wgDBuser           = "wikiuser";
-$wgDBpassword       = "userpass";
+
+# Sysop SQL queries
+$wgAllowSysopQueries = false; # Dangerous if not configured properly.
 $wgDBsqluser		= "sqluser";
 $wgDBsqlpassword	= "sqlpass";
+$wgDBpassword       = "userpass";
+$wgSqlLogFile           = "{$wgUploadDirectory}/sqllog_mFhyRe6";
+
 $wgDBminWordLen     = 4;
 $wgDBtransactions	= false; # Set to true if using InnoDB tables
 $wgDBmysql4			= false; # Set to true to use enhanced fulltext search
@@ -111,7 +119,6 @@ $wgDebugRedirects		= false;
 
 $wgDebugComments        = false;
 $wgReadOnly             = false;
-$wgSqlLogFile           = "{$wgUploadDirectory}/sqllog_mFhyRe6";
 $wgLogQueries           = false;
 $wgDebugDumpSql         = false;
 
diff --git a/includes/Math.php b/includes/Math.php
index 3c6075f3ff..798b569e56 100644
--- a/includes/Math.php
+++ b/includes/Math.php
@@ -42,6 +42,25 @@ function renderMath( $tex )
 		}
 	}
 	
+	# Ensure that the temp and output directories are available before continuing...
+	if( !file_exists( $wgMathDirectory ) ) {
+		if( !@mkdir( $wgMathDirectory ) ) {
+			return "<b>$mf (" . wfMsg( "math_bad_output" ) . ")</b>";
+		}
+	} elseif( !is_dir( $wgMathDirectory ) || !is_writable( $wgMathDirectory ) ) {
+		return "<b>$mf (" . wfMsg( "math_bad_output" ) . ")</b>";
+	}
+	if( !file_exists( $wgTmpDirectory ) ) {
+		if( !@mkdir( $wgTmpDirectory ) ) {
+			return "<b>$mf (" . wfMsg( "math_bad_tmpdir" ) . ")</b>";
+		}
+	} elseif( !is_dir( $wgTmpDirectory ) || !is_writable( $wgTmpDirectory ) ) {
+		return "<b>$mf (" . wfMsg( "math_bad_tmpdir" ) . ")</b>";
+	}
+	
+	if( !is_executable( $wgTexvc ) ) {
+		return "<b>$mf (" . wfMsg( "math_notexvc" ) . ")</b>";
+	}
 	$cmd = $wgTexvc." ".
 		escapeshellarg($wgTmpDirectory)." ".
 		escapeshellarg($wgMathDirectory)." ".
diff --git a/includes/SpecialAsksql.php b/includes/SpecialAsksql.php
index 150137c439..6c9c487e4f 100644
--- a/includes/SpecialAsksql.php
+++ b/includes/SpecialAsksql.php
@@ -2,9 +2,13 @@
 
 function wfSpecialAsksql()
 {
-	global $wgUser, $wgOut, $wgRequest;
+	global $wgUser, $wgOut, $wgRequest, $wgAllowSysopQueries;
 
-	if ( ! $wgUser->isSysop() ) {
+	if( !$wgAllowSysopQueries ) {
+		$wgOut->errorpage( "nosuchspecialpage", "nospecialpagetext" );
+		return;
+	}
+	if( !$wgUser->isSysop() ) {
 		$wgOut->sysopRequired();
 		return;
 	}
diff --git a/includes/SpecialSpecialpages.php b/includes/SpecialSpecialpages.php
index 91e6163af8..03f275069c 100644
--- a/includes/SpecialSpecialpages.php
+++ b/includes/SpecialSpecialpages.php
@@ -11,11 +11,16 @@ function wfSpecialSpecialpages()
 	
 	function wfSpecialSpecialpages_gen($SP,$heading,$sk)
 	{
-		global $wgLang, $wgOut;
+		global $wgLang, $wgOut, $wgAllowSysopQueries;
 
 		$wgOut->addHTML( "<h2>" . wfMsg( $heading ) . "</h2>\n<ul>" );
 		foreach ( $SP as $name => $desc ) {
-			if ( "" == $desc ) { continue; }
+			if( "" == $desc ) {
+				continue;
+			}
+			if( "Asksql" == $name && !$wgAllowSysopQueries ) {
+				continue;
+			}
 			$link = $sk->makeKnownLink( $wgLang->specialPage( $name ), $desc );
 			$wgOut->addHTML( "<li>{$link}</li>\n" );
 		}
diff --git a/index.php b/index.php
index 66a5845d83..a2f178267c 100644
--- a/index.php
+++ b/index.php
@@ -26,7 +26,7 @@ OutputPage::setEncodings(); # Not really used yet
 # Query string fields
 $action = $wgRequest->getVal( "action", "view" );
 
-if( isset( $_SERVER['PATH_INFO'] ) ) {
+if( isset( $_SERVER['PATH_INFO'] ) && $wgUsePathInfo ) {
 	$title = substr( $_SERVER['PATH_INFO'], 1 );
 } else {
 	$title = $wgRequest->getVal( "title" );
diff --git a/languages/Language.php b/languages/Language.php
index 46820b7730..c1a8e82e4f 100644
--- a/languages/Language.php
+++ b/languages/Language.php
@@ -885,7 +885,10 @@ See [[$wgMetaNamespace:User preferences help]] for help deciphering the options.
 "math_unknown_function"	=> "unknown function ",
 "math_lexing_error"	=> "lexing error",
 "math_syntax_error"	=> "syntax error",
-"math_image_error"	=> "PNG conversion failed",
+"math_image_error"	=> "PNG conversion failed; check for correct installation of latex, dvips, gs, and convert",
+"math_bad_tmpdir"	=> "Can't write to or create math temp directory",
+"math_bad_output"	=> "Can't write to or create math output directory",
+"math_notexvc"	=> "Missing texvc executable; please see math/README to configure.",
 "saveprefs"		=> "Save preferences",
 "resetprefs"	=> "Reset preferences",
 "oldpassword"	=> "Old password",
diff --git a/languages/LanguageEo.php b/languages/LanguageEo.php
index b3c88d746e..6b1906634d 100644
--- a/languages/LanguageEo.php
+++ b/languages/LanguageEo.php
@@ -35,7 +35,7 @@ $wgEditEncoding		= "x";
 );
 
 /* private */ $wgSkinNamesEo = array(
-	"Norma", "Nostalgio", "Kolonja Bluo"
+	"Norma", "Nostalgio", "Kolonja Bluo", "Paddington", "Montparnasse", "DaVinci"
 );
 
 /* private */ $wgMathNamesEo = array(