MediaWiki  1.23.0
WebStart.php
Go to the documentation of this file.
1 <?php
29 # Protect against register_globals
30 # This must be done before any globals are set by the code
31 if ( ini_get( 'register_globals' ) ) {
32  if ( isset( $_REQUEST['GLOBALS'] ) || isset( $_FILES['GLOBALS'] ) ) {
33  die( '<a href="http://www.hardened-php.net/globals-problem">$GLOBALS overwrite vulnerability</a>' );
34  }
35  $verboten = array(
36  'GLOBALS',
37  '_SERVER',
38  'HTTP_SERVER_VARS',
39  '_GET',
40  'HTTP_GET_VARS',
41  '_POST',
42  'HTTP_POST_VARS',
43  '_COOKIE',
44  'HTTP_COOKIE_VARS',
45  '_FILES',
46  'HTTP_POST_FILES',
47  '_ENV',
48  'HTTP_ENV_VARS',
49  '_REQUEST',
50  '_SESSION',
51  'HTTP_SESSION_VARS'
52  );
53  foreach ( $_REQUEST as $name => $value ) {
54  if ( in_array( $name, $verboten ) ) {
55  header( "HTTP/1.1 500 Internal Server Error" );
56  echo "register_globals security paranoia: trying to overwrite superglobals, aborting.";
57  die( -1 );
58  }
59  unset( $GLOBALS[$name] );
60  }
61 }
62 
63 # bug 15461: Make IE8 turn off content sniffing. Everybody else should ignore this
64 # We're adding it here so that it's *always* set, even for alternate entry
65 # points and when $wgOut gets disabled or overridden.
66 header( 'X-Content-Type-Options: nosniff' );
67 
68 $wgRequestTime = microtime( true );
69 # getrusage() does not exist on the Microsoft Windows platforms, catching this
70 if ( function_exists ( 'getrusage' ) ) {
71  $wgRUstart = getrusage();
72 } else {
73  $wgRUstart = array();
74 }
75 unset( $IP );
76 
77 # Valid web server entry point, enable includes.
78 # Please don't move this line to includes/Defines.php. This line essentially
79 # defines a valid entry point. If you put it in includes/Defines.php, then
80 # any script that includes it becomes an entry point, thereby defeating
81 # its purpose.
82 define( 'MEDIAWIKI', true );
83 
84 # Full path to working directory.
85 # Makes it possible to for example to have effective exclude path in apc.
86 # __DIR__ breaks symlinked includes, but realpath() returns false
87 # if we don't have permissions on parent directories.
88 $IP = getenv( 'MW_INSTALL_PATH' );
89 if ( $IP === false ) {
90  if ( realpath( '.' ) ) {
91  $IP = realpath( '.' );
92  } else {
93  $IP = dirname( __DIR__ );
94  }
95 }
96 
97 # Start the autoloader, so that extensions can derive classes from core files
98 require_once "$IP/includes/AutoLoader.php";
99 
100 # Load the profiler
101 require_once "$IP/includes/profiler/Profiler.php";
102 
103 # Load up some global defines.
104 require_once "$IP/includes/Defines.php";
105 
106 # Start the profiler
108 if ( file_exists( "$IP/StartProfiler.php" ) ) {
109  require "$IP/StartProfiler.php";
110 }
111 
112 wfProfileIn( 'WebStart.php-conf' );
113 
114 # Load default settings
115 require_once "$IP/includes/DefaultSettings.php";
116 
117 # Load composer's autoloader if present
118 if ( is_readable( "$IP/vendor/autoload.php" ) ) {
119  require_once "$IP/vendor/autoload.php";
120 }
121 
122 if ( defined( 'MW_CONFIG_CALLBACK' ) ) {
123  # Use a callback function to configure MediaWiki
124  call_user_func( MW_CONFIG_CALLBACK );
125 } else {
126  if ( !defined( 'MW_CONFIG_FILE' ) ) {
127  define( 'MW_CONFIG_FILE', "$IP/LocalSettings.php" );
128  }
129 
130  # LocalSettings.php is the per site customization file. If it does not exist
131  # the wiki installer needs to be launched or the generated file uploaded to
132  # the root wiki directory. Give a hint, if it is not readable by the server.
133  if ( !is_readable( MW_CONFIG_FILE ) ) {
134  require_once "$IP/includes/templates/NoLocalSettings.php";
135  die();
136  }
137 
138  # Include site settings. $IP may be changed (hopefully before the AutoLoader is invoked)
139  require_once MW_CONFIG_FILE;
140 }
141 
142 wfProfileOut( 'WebStart.php-conf' );
143 
144 wfProfileIn( 'WebStart.php-ob_start' );
145 # Initialise output buffering
146 # Check that there is no previous output or previously set up buffers, because
147 # that would cause us to potentially mix gzip and non-gzip output, creating a
148 # big mess.
149 if ( !defined( 'MW_NO_OUTPUT_BUFFER' ) && ob_get_level() == 0 ) {
150  require_once "$IP/includes/OutputHandler.php";
151  ob_start( 'wfOutputHandler' );
152 }
153 wfProfileOut( 'WebStart.php-ob_start' );
154 
155 if ( !defined( 'MW_NO_SETUP' ) ) {
156  require_once "$IP/includes/Setup.php";
157 }
php
skin txt MediaWiki includes four core it has been set as the default in MediaWiki since the replacing Monobook it had been been the default skin since before being replaced by Vector largely rewritten in while keeping its appearance Several legacy skins were removed in the as the burden of supporting them became too heavy to bear Those in etc for skin dependent CSS etc for skin dependent JavaScript These can also be customised on a per user by etc This feature has led to a wide variety of user styles becoming that gallery is a good place to ending in php
Definition: skin.txt:62
MW_CONFIG_CALLBACK
const MW_CONFIG_CALLBACK(!function_exists( 'version_compare')||(version_compare(phpversion(), '5.3.2')< 0))
Definition: install.php:29
wfProfileIn
wfProfileIn( $functionname)
Begin profiling of a function.
Definition: Profiler.php:33
$wgRequestTime
$wgRequestTime
Definition: WebStart.php:68
wfProfileOut
wfProfileOut( $functionname='missing')
Stop profiling of a function.
Definition: Profiler.php:46
array
the array() calling protocol came about after MediaWiki 1.4rc1.
List of Api Query prop modules.
$name
Allows to change the fields on the form that will be generated $name
Definition: hooks.txt:336
$value
$value
Definition: styleTest.css.php:45
as
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such as
Definition: distributors.txt:9
$wgProfiler
$wgProfiler
Definition: WebStart.php:107
$IP
$IP
Definition: WebStart.php:88
$GLOBALS
$GLOBALS['IP']
Definition: ComposerHookHandler.php:6