MediaWiki  REL1_21
WebStart.php
Go to the documentation of this file.
00001 <?php
00026 # Protect against register_globals
00027 # This must be done before any globals are set by the code
00028 if ( ini_get( 'register_globals' ) ) {
00029         if ( isset( $_REQUEST['GLOBALS'] ) || isset( $_FILES['GLOBALS'] ) ) {
00030                 die( '<a href="http://www.hardened-php.net/globals-problem">$GLOBALS overwrite vulnerability</a>' );
00031         }
00032         $verboten = array(
00033                 'GLOBALS',
00034                 '_SERVER',
00035                 'HTTP_SERVER_VARS',
00036                 '_GET',
00037                 'HTTP_GET_VARS',
00038                 '_POST',
00039                 'HTTP_POST_VARS',
00040                 '_COOKIE',
00041                 'HTTP_COOKIE_VARS',
00042                 '_FILES',
00043                 'HTTP_POST_FILES',
00044                 '_ENV',
00045                 'HTTP_ENV_VARS',
00046                 '_REQUEST',
00047                 '_SESSION',
00048                 'HTTP_SESSION_VARS'
00049         );
00050         foreach ( $_REQUEST as $name => $value ) {
00051                 if( in_array( $name, $verboten ) ) {
00052                         header( "HTTP/1.1 500 Internal Server Error" );
00053                         echo "register_globals security paranoia: trying to overwrite superglobals, aborting.";
00054                         die( -1 );
00055                 }
00056                 unset( $GLOBALS[$name] );
00057         }
00058 }
00059 
00060 # bug 15461: Make IE8 turn off content sniffing. Everybody else should ignore this
00061 # We're adding it here so that it's *always* set, even for alternate entry
00062 # points and when $wgOut gets disabled or overridden.
00063 header( 'X-Content-Type-Options: nosniff' );
00064 
00065 $wgRequestTime = microtime( true );
00066 # getrusage() does not exist on the Microsoft Windows platforms, catching this
00067 if ( function_exists ( 'getrusage' ) ) {
00068         $wgRUstart = getrusage();
00069 } else {
00070         $wgRUstart = array();
00071 }
00072 unset( $IP );
00073 
00074 # Valid web server entry point, enable includes.
00075 # Please don't move this line to includes/Defines.php. This line essentially
00076 # defines a valid entry point. If you put it in includes/Defines.php, then
00077 # any script that includes it becomes an entry point, thereby defeating
00078 # its purpose.
00079 define( 'MEDIAWIKI', true );
00080 
00081 # Full path to working directory.
00082 # Makes it possible to for example to have effective exclude path in apc.
00083 # __DIR__ breaks symlinked includes, but realpath() returns false
00084 # if we don't have permissions on parent directories.
00085 $IP = getenv( 'MW_INSTALL_PATH' );
00086 if ( $IP === false ) {
00087         if( realpath( '.' ) ) {
00088                 $IP = realpath( '.' );
00089         } else {
00090                 $IP = dirname( __DIR__ );
00091         }
00092 }
00093 
00094 if ( isset( $_SERVER['MW_COMPILED'] ) ) {
00095         define( 'MW_COMPILED', 1 );
00096 } else {
00097         # Get MWInit class
00098         require_once( "$IP/includes/Init.php" );
00099 
00100         # Start the autoloader, so that extensions can derive classes from core files
00101         require_once( "$IP/includes/AutoLoader.php" );
00102 
00103         # Load the profiler
00104         require_once( "$IP/includes/profiler/Profiler.php" );
00105 
00106         # Load up some global defines.
00107         require_once( "$IP/includes/Defines.php" );
00108 }
00109 
00110 # Start the profiler
00111 $wgProfiler = array();
00112 if ( file_exists( "$IP/StartProfiler.php" ) ) {
00113         require( "$IP/StartProfiler.php" );
00114 }
00115 
00116 wfProfileIn( 'WebStart.php-conf' );
00117 
00118 # Load default settings
00119 require_once( MWInit::compiledPath( "includes/DefaultSettings.php" ) );
00120 
00121 if ( defined( 'MW_CONFIG_CALLBACK' ) ) {
00122         # Use a callback function to configure MediaWiki
00123         MWFunction::call( MW_CONFIG_CALLBACK );
00124 } else {
00125         if ( !defined( 'MW_CONFIG_FILE' ) ) {
00126                 define( 'MW_CONFIG_FILE', MWInit::interpretedPath( 'LocalSettings.php' ) );
00127         }
00128 
00129         # LocalSettings.php is the per site customization file. If it does not exist
00130         # the wiki installer needs to be launched or the generated file uploaded to
00131         # the root wiki directory
00132         if( !file_exists( MW_CONFIG_FILE ) ) {
00133                 require_once( "$IP/includes/templates/NoLocalSettings.php" );
00134                 die();
00135         }
00136 
00137         # Include site settings. $IP may be changed (hopefully before the AutoLoader is invoked)
00138         require_once( MW_CONFIG_FILE );
00139 }
00140 
00141 if ( $wgEnableSelenium ) {
00142         require_once( MWInit::compiledPath( "includes/SeleniumWebSettings.php" ) );
00143 }
00144 
00145 wfProfileOut( 'WebStart.php-conf' );
00146 
00147 wfProfileIn( 'WebStart.php-ob_start' );
00148 # Initialise output buffering
00149 # Check that there is no previous output or previously set up buffers, because
00150 # that would cause us to potentially mix gzip and non-gzip output, creating a
00151 # big mess.
00152 if ( !defined( 'MW_NO_OUTPUT_BUFFER' ) && ob_get_level() == 0 ) {
00153         if ( !defined( 'MW_COMPILED' ) ) {
00154                 require_once( "$IP/includes/OutputHandler.php" );
00155         }
00156         ob_start( 'wfOutputHandler' );
00157 }
00158 wfProfileOut( 'WebStart.php-ob_start' );
00159 
00160 if ( !defined( 'MW_NO_SETUP' ) ) {
00161         require_once( MWInit::compiledPath( "includes/Setup.php" ) );
00162 }