00001 <?php
00002
00003 # This does the initial setup for a web request. It does some security checks,
00004 # starts the profiler and loads the configuration, and optionally loads
00005 # Setup.php depending on whether MW_NO_SETUP is defined.
00006
00007 # Protect against register_globals
00008 # This must be done before any globals are set by the code
00009 if ( ini_get( 'register_globals' ) ) {
00010 if ( isset( $_REQUEST['GLOBALS'] ) ) {
00011 die( '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>');
00012 }
00013 $verboten = array(
00014 'GLOBALS',
00015 '_SERVER',
00016 'HTTP_SERVER_VARS',
00017 '_GET',
00018 'HTTP_GET_VARS',
00019 '_POST',
00020 'HTTP_POST_VARS',
00021 '_COOKIE',
00022 'HTTP_COOKIE_VARS',
00023 '_FILES',
00024 'HTTP_POST_FILES',
00025 '_ENV',
00026 'HTTP_ENV_VARS',
00027 '_REQUEST',
00028 '_SESSION',
00029 'HTTP_SESSION_VARS'
00030 );
00031 foreach ( $_REQUEST as $name => $value ) {
00032 if( in_array( $name, $verboten ) ) {
00033 header( "HTTP/1.x 500 Internal Server Error" );
00034 echo "register_globals security paranoia: trying to overwrite superglobals, aborting.";
00035 die( -1 );
00036 }
00037 unset( $GLOBALS[$name] );
00038 }
00039 }
00040
00041 $wgRequestTime = microtime(true);
00042 # getrusage() does not exist on the Microsoft Windows platforms, catching this
00043 if ( function_exists ( 'getrusage' ) ) {
00044 $wgRUstart = getrusage();
00045 } else {
00046 $wgRUstart = array();
00047 }
00048 unset( $IP );
00049 @ini_set( 'allow_url_fopen', 0 ); # For security
00050
00051 # Valid web server entry point, enable includes.
00052 # Please don't move this line to includes/Defines.php. This line essentially
00053 # defines a valid entry point. If you put it in includes/Defines.php, then
00054 # any script that includes it becomes an entry point, thereby defeating
00055 # its purpose.
00056 define( 'MEDIAWIKI', true );
00057
00058 # Full path to working directory.
00059 # Makes it possible to for example to have effective exclude path in apc.
00060 # Also doesn't break installations using symlinked includes, like
00061 # dirname( __FILE__ ) would do.
00062 $IP = getenv( 'MW_INSTALL_PATH' );
00063 if ( $IP === false ) {
00064 $IP = realpath( '.' );
00065 }
00066
00067
00068 # Start profiler
00069 require_once( "$IP/StartProfiler.php" );
00070 wfProfileIn( 'WebStart.php-conf' );
00071
00072 # Load up some global defines.
00073 require_once( "$IP/includes/Defines.php" );
00074
00075 # Check for PHP 5
00076 if ( !function_exists( 'version_compare' )
00077 || version_compare( phpversion(), '5.0.0' ) < 0
00078 ) {
00079 define( 'MW_PHP4', '1' );
00080 require( "$IP/includes/DefaultSettings.php" );
00081 require( "$IP/includes/templates/PHP4.php" );
00082 exit;
00083 }
00084
00085 # Test for PHP bug which breaks PHP 5.0.x on 64-bit...
00086 # As of 1.8 this breaks lots of common operations instead
00087 # of just some rare ones like export.
00088 $borked = str_replace( 'a', 'b', array( -1 => -1 ) );
00089 if( !isset( $borked[-1] ) ) {
00090 echo "PHP 5.0.x is buggy on your 64-bit system; you must upgrade to PHP 5.1.x\n" .
00091 "or higher. ABORTING. (http://bugs.php.net/bug.php?id=34879 for details)\n";
00092 exit;
00093 }
00094
00095 # Start the autoloader, so that extensions can derive classes from core files
00096 require_once( "$IP/includes/AutoLoader.php" );
00097
00098 if ( defined( 'MW_CONFIG_CALLBACK' ) ) {
00099 # Use a callback function to configure MediaWiki
00100 require_once( "$IP/includes/DefaultSettings.php" );
00101 call_user_func( MW_CONFIG_CALLBACK );
00102 } else {
00103 # LocalSettings.php is the per site customization file. If it does not exit
00104 # the wiki installer need to be launched or the generated file moved from
00105 # ./config/ to ./
00106 if( !file_exists( "$IP/LocalSettings.php" ) ) {
00107 require_once( "$IP/includes/DefaultSettings.php" ); # used for printing the version
00108 require_once( "$IP/includes/templates/NoLocalSettings.php" );
00109 die();
00110 }
00111
00112 # Include site settings. $IP may be changed (hopefully before the AutoLoader is invoked)
00113 require_once( "$IP/LocalSettings.php" );
00114 }
00115 wfProfileOut( 'WebStart.php-conf' );
00116
00117 wfProfileIn( 'WebStart.php-ob_start' );
00118 # Initialise output buffering
00119 if ( ob_get_level() ) {
00120 # Someone's been mixing configuration data with code!
00121 # How annoying.
00122 } elseif ( !defined( 'MW_NO_OUTPUT_BUFFER' ) ) {
00123 require_once( "$IP/includes/OutputHandler.php" );
00124 ob_start( 'wfOutputHandler' );
00125 }
00126 wfProfileOut( 'WebStart.php-ob_start' );
00127
00128 if ( !defined( 'MW_NO_SETUP' ) ) {
00129 require_once( "$IP/includes/Setup.php" );
00130 }