MediaWiki  REL1_23
WebStart.php
Go to the documentation of this file.
00001 <?php
00029 # Protect against register_globals
00030 # This must be done before any globals are set by the code
00031 if ( ini_get( 'register_globals' ) ) {
00032     if ( isset( $_REQUEST['GLOBALS'] ) || isset( $_FILES['GLOBALS'] ) ) {
00033         die( '<a href="http://www.hardened-php.net/globals-problem">$GLOBALS overwrite vulnerability</a>' );
00034     }
00035     $verboten = array(
00036         'GLOBALS',
00037         '_SERVER',
00038         'HTTP_SERVER_VARS',
00039         '_GET',
00040         'HTTP_GET_VARS',
00041         '_POST',
00042         'HTTP_POST_VARS',
00043         '_COOKIE',
00044         'HTTP_COOKIE_VARS',
00045         '_FILES',
00046         'HTTP_POST_FILES',
00047         '_ENV',
00048         'HTTP_ENV_VARS',
00049         '_REQUEST',
00050         '_SESSION',
00051         'HTTP_SESSION_VARS'
00052     );
00053     foreach ( $_REQUEST as $name => $value ) {
00054         if ( in_array( $name, $verboten ) ) {
00055             header( "HTTP/1.1 500 Internal Server Error" );
00056             echo "register_globals security paranoia: trying to overwrite superglobals, aborting.";
00057             die( -1 );
00058         }
00059         unset( $GLOBALS[$name] );
00060     }
00061 }
00062 
00063 # bug 15461: Make IE8 turn off content sniffing. Everybody else should ignore this
00064 # We're adding it here so that it's *always* set, even for alternate entry
00065 # points and when $wgOut gets disabled or overridden.
00066 header( 'X-Content-Type-Options: nosniff' );
00067 
00068 $wgRequestTime = microtime( true );
00069 # getrusage() does not exist on the Microsoft Windows platforms, catching this
00070 if ( function_exists ( 'getrusage' ) ) {
00071     $wgRUstart = getrusage();
00072 } else {
00073     $wgRUstart = array();
00074 }
00075 unset( $IP );
00076 
00077 # Valid web server entry point, enable includes.
00078 # Please don't move this line to includes/Defines.php. This line essentially
00079 # defines a valid entry point. If you put it in includes/Defines.php, then
00080 # any script that includes it becomes an entry point, thereby defeating
00081 # its purpose.
00082 define( 'MEDIAWIKI', true );
00083 
00084 # Full path to working directory.
00085 # Makes it possible to for example to have effective exclude path in apc.
00086 # __DIR__ breaks symlinked includes, but realpath() returns false
00087 # if we don't have permissions on parent directories.
00088 $IP = getenv( 'MW_INSTALL_PATH' );
00089 if ( $IP === false ) {
00090     if ( realpath( '.' ) ) {
00091         $IP = realpath( '.' );
00092     } else {
00093         $IP = dirname( __DIR__ );
00094     }
00095 }
00096 
00097 # Start the autoloader, so that extensions can derive classes from core files
00098 require_once "$IP/includes/AutoLoader.php";
00099 
00100 # Load the profiler
00101 require_once "$IP/includes/profiler/Profiler.php";
00102 
00103 # Load up some global defines.
00104 require_once "$IP/includes/Defines.php";
00105 
00106 # Start the profiler
00107 $wgProfiler = array();
00108 if ( file_exists( "$IP/StartProfiler.php" ) ) {
00109     require "$IP/StartProfiler.php";
00110 }
00111 
00112 wfProfileIn( 'WebStart.php-conf' );
00113 
00114 # Load default settings
00115 require_once "$IP/includes/DefaultSettings.php";
00116 
00117 # Load composer's autoloader if present
00118 if ( is_readable( "$IP/vendor/autoload.php" ) ) {
00119     require_once "$IP/vendor/autoload.php";
00120 }
00121 
00122 if ( defined( 'MW_CONFIG_CALLBACK' ) ) {
00123     # Use a callback function to configure MediaWiki
00124     call_user_func( MW_CONFIG_CALLBACK );
00125 } else {
00126     if ( !defined( 'MW_CONFIG_FILE' ) ) {
00127         define( 'MW_CONFIG_FILE', "$IP/LocalSettings.php" );
00128     }
00129 
00130     # LocalSettings.php is the per site customization file. If it does not exist
00131     # the wiki installer needs to be launched or the generated file uploaded to
00132     # the root wiki directory. Give a hint, if it is not readable by the server.
00133     if ( !is_readable( MW_CONFIG_FILE ) ) {
00134         require_once "$IP/includes/templates/NoLocalSettings.php";
00135         die();
00136     }
00137 
00138     # Include site settings. $IP may be changed (hopefully before the AutoLoader is invoked)
00139     require_once MW_CONFIG_FILE;
00140 }
00141 
00142 wfProfileOut( 'WebStart.php-conf' );
00143 
00144 wfProfileIn( 'WebStart.php-ob_start' );
00145 # Initialise output buffering
00146 # Check that there is no previous output or previously set up buffers, because
00147 # that would cause us to potentially mix gzip and non-gzip output, creating a
00148 # big mess.
00149 if ( !defined( 'MW_NO_OUTPUT_BUFFER' ) && ob_get_level() == 0 ) {
00150     require_once "$IP/includes/OutputHandler.php";
00151     ob_start( 'wfOutputHandler' );
00152 }
00153 wfProfileOut( 'WebStart.php-ob_start' );
00154 
00155 if ( !defined( 'MW_NO_SETUP' ) ) {
00156     require_once "$IP/includes/Setup.php";
00157 }