00001 <?php 00002 00003 # This does the initial setup for a web request. It does some security checks, 00004 # starts the profiler and loads the configuration, and optionally loads 00005 # Setup.php depending on whether MW_NO_SETUP is defined. 00006 00007 # Protect against register_globals 00008 # This must be done before any globals are set by the code 00009 if ( ini_get( 'register_globals' ) ) { 00010 if ( isset( $_REQUEST['GLOBALS'] ) ) { 00011 die( '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>'); 00012 } 00013 $verboten = array( 00014 'GLOBALS', 00015 '_SERVER', 00016 'HTTP_SERVER_VARS', 00017 '_GET', 00018 'HTTP_GET_VARS', 00019 '_POST', 00020 'HTTP_POST_VARS', 00021 '_COOKIE', 00022 'HTTP_COOKIE_VARS', 00023 '_FILES', 00024 'HTTP_POST_FILES', 00025 '_ENV', 00026 'HTTP_ENV_VARS', 00027 '_REQUEST', 00028 '_SESSION', 00029 'HTTP_SESSION_VARS' 00030 ); 00031 foreach ( $_REQUEST as $name => $value ) { 00032 if( in_array( $name, $verboten ) ) { 00033 header( "HTTP/1.x 500 Internal Server Error" ); 00034 echo "register_globals security paranoia: trying to overwrite superglobals, aborting."; 00035 die( -1 ); 00036 } 00037 unset( $GLOBALS[$name] ); 00038 } 00039 } 00040 00041 $wgRequestTime = microtime(true); 00042 # getrusage() does not exist on the Microsoft Windows platforms, catching this 00043 if ( function_exists ( 'getrusage' ) ) { 00044 $wgRUstart = getrusage(); 00045 } else { 00046 $wgRUstart = array(); 00047 } 00048 unset( $IP ); 00049 00050 # Valid web server entry point, enable includes. 00051 # Please don't move this line to includes/Defines.php. This line essentially 00052 # defines a valid entry point. If you put it in includes/Defines.php, then 00053 # any script that includes it becomes an entry point, thereby defeating 00054 # its purpose. 00055 define( 'MEDIAWIKI', true ); 00056 00057 # Full path to working directory. 00058 # Makes it possible to for example to have effective exclude path in apc. 00059 # Also doesn't break installations using symlinked includes, like 00060 # dirname( __FILE__ ) would do. 00061 $IP = getenv( 'MW_INSTALL_PATH' ); 00062 if ( $IP === false ) { 00063 $IP = realpath( '.' ); 00064 } 00065 00066 00067 # Start profiler 00068 if( file_exists("$IP/StartProfiler.php") ) { 00069 require_once( "$IP/StartProfiler.php" ); 00070 } else { 00071 require_once( "$IP/includes/ProfilerStub.php" ); 00072 } 00073 wfProfileIn( 'WebStart.php-conf' ); 00074 00075 # Load up some global defines. 00076 require_once( "$IP/includes/Defines.php" ); 00077 00078 # Check for PHP 5 00079 if ( !function_exists( 'version_compare' ) 00080 || version_compare( phpversion(), '5.0.0' ) < 0 00081 ) { 00082 define( 'MW_PHP4', '1' ); 00083 require( "$IP/includes/DefaultSettings.php" ); 00084 require( "$IP/includes/templates/PHP4.php" ); 00085 exit; 00086 } 00087 00088 # Test for PHP bug which breaks PHP 5.0.x on 64-bit... 00089 # As of 1.8 this breaks lots of common operations instead 00090 # of just some rare ones like export. 00091 $borked = str_replace( 'a', 'b', array( -1 => -1 ) ); 00092 if( !isset( $borked[-1] ) ) { 00093 echo "PHP 5.0.x is buggy on your 64-bit system; you must upgrade to PHP 5.1.x\n" . 00094 "or higher. ABORTING. (http://bugs.php.net/bug.php?id=34879 for details)\n"; 00095 exit; 00096 } 00097 00098 # Start the autoloader, so that extensions can derive classes from core files 00099 require_once( "$IP/includes/AutoLoader.php" ); 00100 00101 if ( defined( 'MW_CONFIG_CALLBACK' ) ) { 00102 # Use a callback function to configure MediaWiki 00103 require_once( "$IP/includes/DefaultSettings.php" ); 00104 call_user_func( MW_CONFIG_CALLBACK ); 00105 } else { 00106 # LocalSettings.php is the per site customization file. If it does not exit 00107 # the wiki installer need to be launched or the generated file moved from 00108 # ./config/ to ./ 00109 if( !file_exists( "$IP/LocalSettings.php" ) ) { 00110 require_once( "$IP/includes/DefaultSettings.php" ); # used for printing the version 00111 require_once( "$IP/includes/templates/NoLocalSettings.php" ); 00112 die(); 00113 } 00114 00115 # Include site settings. $IP may be changed (hopefully before the AutoLoader is invoked) 00116 require_once( "$IP/LocalSettings.php" ); 00117 } 00118 wfProfileOut( 'WebStart.php-conf' ); 00119 00120 wfProfileIn( 'WebStart.php-ob_start' ); 00121 # Initialise output buffering 00122 if ( ob_get_level() ) { 00123 # Someone's been mixing configuration data with code! 00124 # How annoying. 00125 } elseif ( !defined( 'MW_NO_OUTPUT_BUFFER' ) ) { 00126 require_once( "$IP/includes/OutputHandler.php" ); 00127 ob_start( 'wfOutputHandler' ); 00128 } 00129 wfProfileOut( 'WebStart.php-ob_start' ); 00130 00131 if ( !defined( 'MW_NO_SETUP' ) ) { 00132 require_once( "$IP/includes/Setup.php" ); 00133 }