00001 <?php
00002
00003 # This does the initial setup for a web request. It does some security checks,
00004 # starts the profiler and loads the configuration, and optionally loads
00005 # Setup.php depending on whether MW_NO_SETUP is defined.
00006
00007 # Protect against register_globals
00008 # This must be done before any globals are set by the code
00009 if ( ini_get( 'register_globals' ) ) {
00010 if ( isset( $_REQUEST['GLOBALS'] ) ) {
00011 die( '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>');
00012 }
00013 $verboten = array(
00014 'GLOBALS',
00015 '_SERVER',
00016 'HTTP_SERVER_VARS',
00017 '_GET',
00018 'HTTP_GET_VARS',
00019 '_POST',
00020 'HTTP_POST_VARS',
00021 '_COOKIE',
00022 'HTTP_COOKIE_VARS',
00023 '_FILES',
00024 'HTTP_POST_FILES',
00025 '_ENV',
00026 'HTTP_ENV_VARS',
00027 '_REQUEST',
00028 '_SESSION',
00029 'HTTP_SESSION_VARS'
00030 );
00031 foreach ( $_REQUEST as $name => $value ) {
00032 if( in_array( $name, $verboten ) ) {
00033 header( "HTTP/1.x 500 Internal Server Error" );
00034 echo "register_globals security paranoia: trying to overwrite superglobals, aborting.";
00035 die( -1 );
00036 }
00037 unset( $GLOBALS[$name] );
00038 }
00039 }
00040
00041 $wgRequestTime = microtime(true);
00042 # getrusage() does not exist on the Microsoft Windows platforms, catching this
00043 if ( function_exists ( 'getrusage' ) ) {
00044 $wgRUstart = getrusage();
00045 } else {
00046 $wgRUstart = array();
00047 }
00048 unset( $IP );
00049
00050 # Valid web server entry point, enable includes.
00051 # Please don't move this line to includes/Defines.php. This line essentially
00052 # defines a valid entry point. If you put it in includes/Defines.php, then
00053 # any script that includes it becomes an entry point, thereby defeating
00054 # its purpose.
00055 define( 'MEDIAWIKI', true );
00056
00057 # Full path to working directory.
00058 # Makes it possible to for example to have effective exclude path in apc.
00059 # Also doesn't break installations using symlinked includes, like
00060 # dirname( __FILE__ ) would do.
00061 $IP = getenv( 'MW_INSTALL_PATH' );
00062 if ( $IP === false ) {
00063 $IP = realpath( '.' );
00064 }
00065
00066
00067 # Start profiler
00068 if( file_exists("$IP/StartProfiler.php") ) {
00069 require_once( "$IP/StartProfiler.php" );
00070 } else {
00071 require_once( "$IP/includes/ProfilerStub.php" );
00072 }
00073 wfProfileIn( 'WebStart.php-conf' );
00074
00075 # Load up some global defines.
00076 require_once( "$IP/includes/Defines.php" );
00077
00078 # Check for PHP 5
00079 if ( !function_exists( 'version_compare' )
00080 || version_compare( phpversion(), '5.0.0' ) < 0
00081 ) {
00082 define( 'MW_PHP4', '1' );
00083 require( "$IP/includes/DefaultSettings.php" );
00084 require( "$IP/includes/templates/PHP4.php" );
00085 exit;
00086 }
00087
00088 # Test for PHP bug which breaks PHP 5.0.x on 64-bit...
00089 # As of 1.8 this breaks lots of common operations instead
00090 # of just some rare ones like export.
00091 $borked = str_replace( 'a', 'b', array( -1 => -1 ) );
00092 if( !isset( $borked[-1] ) ) {
00093 echo "PHP 5.0.x is buggy on your 64-bit system; you must upgrade to PHP 5.1.x\n" .
00094 "or higher. ABORTING. (http://bugs.php.net/bug.php?id=34879 for details)\n";
00095 exit;
00096 }
00097
00098 # Start the autoloader, so that extensions can derive classes from core files
00099 require_once( "$IP/includes/AutoLoader.php" );
00100
00101 if ( defined( 'MW_CONFIG_CALLBACK' ) ) {
00102 # Use a callback function to configure MediaWiki
00103 require_once( "$IP/includes/DefaultSettings.php" );
00104 call_user_func( MW_CONFIG_CALLBACK );
00105 } else {
00106 # LocalSettings.php is the per site customization file. If it does not exit
00107 # the wiki installer need to be launched or the generated file moved from
00108 # ./config/ to ./
00109 if( !file_exists( "$IP/LocalSettings.php" ) ) {
00110 require_once( "$IP/includes/DefaultSettings.php" ); # used for printing the version
00111 require_once( "$IP/includes/templates/NoLocalSettings.php" );
00112 die();
00113 }
00114
00115 # Include site settings. $IP may be changed (hopefully before the AutoLoader is invoked)
00116 require_once( "$IP/LocalSettings.php" );
00117 }
00118 wfProfileOut( 'WebStart.php-conf' );
00119
00120 wfProfileIn( 'WebStart.php-ob_start' );
00121 # Initialise output buffering
00122 if ( ob_get_level() ) {
00123 # Someone's been mixing configuration data with code!
00124 # How annoying.
00125 } elseif ( !defined( 'MW_NO_OUTPUT_BUFFER' ) ) {
00126 require_once( "$IP/includes/OutputHandler.php" );
00127 ob_start( 'wfOutputHandler' );
00128 }
00129 wfProfileOut( 'WebStart.php-ob_start' );
00130
00131 if ( !defined( 'MW_NO_SETUP' ) ) {
00132 require_once( "$IP/includes/Setup.php" );
00133 }