Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
0.00% |
0 / 32 |
|
0.00% |
0 / 2 |
CRAP | n/a |
0 / 0 |
|
| wfWebStartNoLocalSettings | |
0.00% |
0 / 2 |
|
0.00% |
0 / 1 |
2 | |||
| wfWebStartSetup | |
0.00% |
0 / 2 |
|
0.00% |
0 / 1 |
6 | |||
| 1 | <?php |
| 2 | /** |
| 3 | * The set up for all MediaWiki web requests. |
| 4 | * |
| 5 | * It does: |
| 6 | * - web-related security checks, |
| 7 | * - decide how and from where to load site configuration (LocalSettings.php), |
| 8 | * - load Setup.php. |
| 9 | * |
| 10 | * @license GPL-2.0-or-later |
| 11 | * @file |
| 12 | */ |
| 13 | |
| 14 | use MediaWiki\Context\RequestContext; |
| 15 | use MediaWiki\Settings\SettingsBuilder; |
| 16 | use Wikimedia\Http\HttpStatus; |
| 17 | |
| 18 | # T17461: Make IE8 turn off content sniffing. Everybody else should ignore this |
| 19 | # We're adding it here so that it's *always* set, even for alternate entry |
| 20 | # points and when $wgOut gets disabled or overridden. |
| 21 | header( 'X-Content-Type-Options: nosniff' ); |
| 22 | |
| 23 | # Valid web server entry point, enable includes. |
| 24 | # Please don't move this line to includes/Defines.php. This line essentially |
| 25 | # defines a valid entry point. If you put it in includes/Defines.php, then |
| 26 | # any script that includes it becomes an entry point, thereby defeating |
| 27 | # its purpose. |
| 28 | define( 'MEDIAWIKI', true ); |
| 29 | |
| 30 | /** |
| 31 | * @param SettingsBuilder $settings |
| 32 | * @return never |
| 33 | */ |
| 34 | function wfWebStartNoLocalSettings( SettingsBuilder $settings ): never { |
| 35 | # LocalSettings.php is the per-site customization file. If it does not exist |
| 36 | # the wiki installer needs to be launched or the generated file uploaded to |
| 37 | # the root wiki directory. Give a hint, if it is not readable by the server. |
| 38 | require_once __DIR__ . '/Output/NoLocalSettings.php'; |
| 39 | die(); |
| 40 | } |
| 41 | |
| 42 | require_once __DIR__ . '/BootstrapHelperFunctions.php'; |
| 43 | |
| 44 | // If no LocalSettings file exists, try to display an error page |
| 45 | // (use a callback because it depends on TemplateParser) |
| 46 | if ( !defined( 'MW_CONFIG_CALLBACK' ) ) { |
| 47 | wfDetectLocalSettingsFile(); |
| 48 | if ( !is_readable( MW_CONFIG_FILE ) ) { |
| 49 | define( 'MW_CONFIG_CALLBACK', 'wfWebStartNoLocalSettings' ); |
| 50 | } |
| 51 | } |
| 52 | |
| 53 | function wfWebStartSetup( SettingsBuilder $settings ) { |
| 54 | // Initialize the default MediaWiki output buffering if no buffer is already active. |
| 55 | // This avoids clashes with existing buffers in order to avoid problems, |
| 56 | // like mixing gzip and non-gzip output. |
| 57 | if ( ob_get_level() == 0 ) { |
| 58 | // During HTTP requests, MediaWiki normally buffers the response body in a string |
| 59 | // within OutputPage and prints it when ready. PHP buffers provide protection against |
| 60 | // premature sending of HTTP headers due to output from PHP warnings and notices. |
| 61 | // They also can be used to implement gzip support in PHP without the webserver knowing |
| 62 | // which requests yield HTML and which yield large files that can be streamed. |
| 63 | ob_start( MediaWiki\Output\OutputHandler::handle( ... ) ); |
| 64 | } |
| 65 | } |
| 66 | |
| 67 | // Custom setup for WebStart entry point |
| 68 | if ( !defined( 'MW_SETUP_CALLBACK' ) ) { |
| 69 | define( 'MW_SETUP_CALLBACK', 'wfWebStartSetup' ); |
| 70 | } |
| 71 | |
| 72 | require_once __DIR__ . '/Setup.php'; |
| 73 | |
| 74 | # Multiple DBs or commits might be used; keep the request as transactional as possible |
| 75 | if ( isset( $_SERVER['REQUEST_METHOD'] ) && $_SERVER['REQUEST_METHOD'] === 'POST' ) { |
| 76 | ignore_user_abort( true ); |
| 77 | } |
| 78 | |
| 79 | if ( !defined( 'MW_API' ) && !defined( 'MW_REST_API' ) && |
| 80 | RequestContext::getMain()->getRequest()->getHeader( 'Promise-Non-Write-API-Action' ) |
| 81 | ) { |
| 82 | header( 'Cache-Control: no-cache' ); |
| 83 | header( 'Content-Type: text/html; charset=utf-8' ); |
| 84 | HttpStatus::header( 400 ); |
| 85 | $errorHtml = wfMessage( 'nonwrite-api-promise-error' ) |
| 86 | ->useDatabase( false ) |
| 87 | ->inContentLanguage() |
| 88 | ->escaped(); |
| 89 | $content = <<<HTML |
| 90 | <!DOCTYPE html> |
| 91 | <html> |
| 92 | <head><meta charset="UTF-8" /><meta name="color-scheme" content="light dark" /></head> |
| 93 | <body> |
| 94 | $errorHtml |
| 95 | </body> |
| 96 | </html> |
| 97 | |
| 98 | HTML; |
| 99 | header( 'Content-Length: ' . strlen( $content ) ); |
| 100 | echo $content; |
| 101 | die(); |
| 102 | } |