MediaWiki  REL1_19
WebStart.php
Go to the documentation of this file.
00001 <?php
00026 # Protect against register_globals
00027 # This must be done before any globals are set by the code
00028 if ( ini_get( 'register_globals' ) ) {
00029         if ( isset( $_REQUEST['GLOBALS'] ) || isset( $_FILES['GLOBALS'] ) ) {
00030                 die( '<a href="http://www.hardened-php.net/globals-problem">$GLOBALS overwrite vulnerability</a>');
00031         }
00032         $verboten = array(
00033                 'GLOBALS',
00034                 '_SERVER',
00035                 'HTTP_SERVER_VARS',
00036                 '_GET',
00037                 'HTTP_GET_VARS',
00038                 '_POST',
00039                 'HTTP_POST_VARS',
00040                 '_COOKIE',
00041                 'HTTP_COOKIE_VARS',
00042                 '_FILES',
00043                 'HTTP_POST_FILES',
00044                 '_ENV',
00045                 'HTTP_ENV_VARS',
00046                 '_REQUEST',
00047                 '_SESSION',
00048                 'HTTP_SESSION_VARS'
00049         );
00050         foreach ( $_REQUEST as $name => $value ) {
00051                 if( in_array( $name, $verboten ) ) {
00052                         header( "HTTP/1.1 500 Internal Server Error" );
00053                         echo "register_globals security paranoia: trying to overwrite superglobals, aborting.";
00054                         die( -1 );
00055                 }
00056                 unset( $GLOBALS[$name] );
00057         }
00058 }
00059 
00060 # bug 15461: Make IE8 turn off content sniffing. Everbody else should ignore this
00061 # We're adding it here so that it's *always* set, even for alternate entry
00062 # points and when $wgOut gets disabled or overridden.
00063 header( 'X-Content-Type-Options: nosniff' );
00064 
00065 $wgRequestTime = microtime(true);
00066 # getrusage() does not exist on the Microsoft Windows platforms, catching this
00067 if ( function_exists ( 'getrusage' ) ) {
00068         $wgRUstart = getrusage();
00069 } else {
00070         $wgRUstart = array();
00071 }
00072 unset( $IP );
00073 
00074 # Valid web server entry point, enable includes.
00075 # Please don't move this line to includes/Defines.php. This line essentially
00076 # defines a valid entry point. If you put it in includes/Defines.php, then
00077 # any script that includes it becomes an entry point, thereby defeating
00078 # its purpose.
00079 define( 'MEDIAWIKI', true );
00080 
00081 # Full path to working directory.
00082 # Makes it possible to for example to have effective exclude path in apc.
00083 # Also doesn't break installations using symlinked includes, like
00084 # dirname( __FILE__ ) would do.
00085 $IP = getenv( 'MW_INSTALL_PATH' );
00086 if ( $IP === false ) {
00087         $IP = realpath( '.' );
00088 }
00089 
00090 if ( isset( $_SERVER['MW_COMPILED'] ) ) {
00091         define( 'MW_COMPILED', 1 );
00092 } else {
00093         # Get MWInit class
00094         require_once( "$IP/includes/Init.php" );
00095 
00096         # Start the autoloader, so that extensions can derive classes from core files
00097         require_once( "$IP/includes/AutoLoader.php" );
00098 
00099         # Load the profiler
00100         require_once( "$IP/includes/profiler/Profiler.php" );
00101 
00102         # Load up some global defines.
00103         require_once( "$IP/includes/Defines.php" );
00104 }
00105 
00106 # Start the profiler
00107 $wgProfiler = array();
00108 if ( file_exists( "$IP/StartProfiler.php" ) ) {
00109         require( "$IP/StartProfiler.php" );
00110 }
00111 
00112 wfProfileIn( 'WebStart.php-conf' );
00113 
00114 # Load default settings
00115 require_once( MWInit::compiledPath( "includes/DefaultSettings.php" ) );
00116 
00117 if ( defined( 'MW_CONFIG_CALLBACK' ) ) {
00118         # Use a callback function to configure MediaWiki
00119         MWFunction::call( MW_CONFIG_CALLBACK );
00120 } else {
00121         if ( !defined( 'MW_CONFIG_FILE' ) ) {
00122                 define('MW_CONFIG_FILE', MWInit::interpretedPath( 'LocalSettings.php' ) );
00123         }
00124 
00125         # LocalSettings.php is the per site customization file. If it does not exist
00126         # the wiki installer needs to be launched or the generated file uploaded to
00127         # the root wiki directory
00128         if( !file_exists( MW_CONFIG_FILE ) ) {
00129                 require_once( "$IP/includes/templates/NoLocalSettings.php" );
00130                 die();
00131         }
00132 
00133         # Include site settings. $IP may be changed (hopefully before the AutoLoader is invoked)
00134         require_once( MW_CONFIG_FILE );
00135 }
00136 
00137 if ( $wgEnableSelenium ) {
00138         require_once( MWInit::compiledPath( "includes/SeleniumWebSettings.php" ) );
00139 }
00140 
00141 wfProfileOut( 'WebStart.php-conf' );
00142 
00143 wfProfileIn( 'WebStart.php-ob_start' );
00144 # Initialise output buffering
00145 # Check that there is no previous output or previously set up buffers, because
00146 # that would cause us to potentially mix gzip and non-gzip output, creating a
00147 # big mess.
00148 if ( !defined( 'MW_NO_OUTPUT_BUFFER' ) && ob_get_level() == 0 ) {
00149         if ( !defined( 'MW_COMPILED' ) ) {
00150                 require_once( "$IP/includes/OutputHandler.php" );
00151         }
00152         ob_start( 'wfOutputHandler' );
00153 }
00154 wfProfileOut( 'WebStart.php-ob_start' );
00155 
00156 if ( !defined( 'MW_NO_SETUP' ) ) {
00157         require_once( MWInit::compiledPath( "includes/Setup.php" ) );
00158 }
00159