MediaWiki  1.23.13
WebStart.php
Go to the documentation of this file.
1 <?php
29 # Protect against register_globals
30 # This must be done before any globals are set by the code
31 if ( ini_get( 'register_globals' ) ) {
32  if ( isset( $_REQUEST['GLOBALS'] ) || isset( $_FILES['GLOBALS'] ) ) {
33  die( '<a href="http://www.hardened-php.net/globals-problem">$GLOBALS overwrite vulnerability</a>' );
34  }
35  $verboten = array(
36  'GLOBALS',
37  '_SERVER',
38  'HTTP_SERVER_VARS',
39  '_GET',
40  'HTTP_GET_VARS',
41  '_POST',
42  'HTTP_POST_VARS',
43  '_COOKIE',
44  'HTTP_COOKIE_VARS',
45  '_FILES',
46  'HTTP_POST_FILES',
47  '_ENV',
48  'HTTP_ENV_VARS',
49  '_REQUEST',
50  '_SESSION',
51  'HTTP_SESSION_VARS'
52  );
53  foreach ( $_REQUEST as $name => $value ) {
54  if ( in_array( $name, $verboten ) ) {
55  header( "HTTP/1.1 500 Internal Server Error" );
56  echo "register_globals security paranoia: trying to overwrite superglobals, aborting.";
57  die( -1 );
58  }
59  unset( $GLOBALS[$name] );
60  }
61 }
62 
63 # bug 15461: Make IE8 turn off content sniffing. Everybody else should ignore this
64 # We're adding it here so that it's *always* set, even for alternate entry
65 # points and when $wgOut gets disabled or overridden.
66 header( 'X-Content-Type-Options: nosniff' );
67 
68 $wgRequestTime = microtime( true );
69 # getrusage() does not exist on the Microsoft Windows platforms, catching this
70 if ( function_exists ( 'getrusage' ) ) {
71  $wgRUstart = getrusage();
72 } else {
73  $wgRUstart = array();
74 }
75 unset( $IP );
76 
77 # Valid web server entry point, enable includes.
78 # Please don't move this line to includes/Defines.php. This line essentially
79 # defines a valid entry point. If you put it in includes/Defines.php, then
80 # any script that includes it becomes an entry point, thereby defeating
81 # its purpose.
82 define( 'MEDIAWIKI', true );
83 
84 # Full path to working directory.
85 # Makes it possible to for example to have effective exclude path in apc.
86 # __DIR__ breaks symlinked includes, but realpath() returns false
87 # if we don't have permissions on parent directories.
88 $IP = getenv( 'MW_INSTALL_PATH' );
89 if ( $IP === false ) {
90  if ( realpath( '.' ) ) {
91  $IP = realpath( '.' );
92  } else {
93  $IP = dirname( __DIR__ );
94  }
95 }
96 
97 # Start the autoloader, so that extensions can derive classes from core files
98 require_once "$IP/includes/AutoLoader.php";
99 
100 # Load global functions
101 require_once "$IP/includes/GlobalFunctions.php";
102 
103 # Load the profiler
104 require_once "$IP/includes/profiler/Profiler.php";
105 
106 # Load up some global defines.
107 require_once "$IP/includes/Defines.php";
108 
109 # Start the profiler
111 if ( file_exists( "$IP/StartProfiler.php" ) ) {
112  require "$IP/StartProfiler.php";
113 }
114 
115 wfProfileIn( 'WebStart.php-conf' );
116 
117 # Load default settings
118 require_once "$IP/includes/DefaultSettings.php";
119 
120 # Load composer's autoloader if present
121 if ( is_readable( "$IP/vendor/autoload.php" ) ) {
122  require_once "$IP/vendor/autoload.php";
123 }
124 
125 if ( defined( 'MW_CONFIG_CALLBACK' ) ) {
126  # Use a callback function to configure MediaWiki
127  call_user_func( MW_CONFIG_CALLBACK );
128 } else {
129  if ( !defined( 'MW_CONFIG_FILE' ) ) {
130  define( 'MW_CONFIG_FILE', "$IP/LocalSettings.php" );
131  }
132 
133  # LocalSettings.php is the per site customization file. If it does not exist
134  # the wiki installer needs to be launched or the generated file uploaded to
135  # the root wiki directory. Give a hint, if it is not readable by the server.
136  if ( !is_readable( MW_CONFIG_FILE ) ) {
137  require_once "$IP/includes/templates/NoLocalSettings.php";
138  die();
139  }
140 
141  # Include site settings. $IP may be changed (hopefully before the AutoLoader is invoked)
142  require_once MW_CONFIG_FILE;
143 }
144 
145 wfProfileOut( 'WebStart.php-conf' );
146 
147 wfProfileIn( 'WebStart.php-ob_start' );
148 # Initialise output buffering
149 # Check that there is no previous output or previously set up buffers, because
150 # that would cause us to potentially mix gzip and non-gzip output, creating a
151 # big mess.
152 if ( !defined( 'MW_NO_OUTPUT_BUFFER' ) && ob_get_level() == 0 ) {
153  require_once "$IP/includes/OutputHandler.php";
154  ob_start( 'wfOutputHandler' );
155 }
156 wfProfileOut( 'WebStart.php-ob_start' );
157 
158 if ( !defined( 'MW_NO_SETUP' ) ) {
159  require_once "$IP/includes/Setup.php";
160 }
php
skin txt MediaWiki includes four core it has been set as the default in MediaWiki since the replacing Monobook it had been been the default skin since before being replaced by Vector largely rewritten in while keeping its appearance Several legacy skins were removed in the as the burden of supporting them became too heavy to bear Those in etc for skin dependent CSS etc for skin dependent JavaScript These can also be customised on a per user by etc This feature has led to a wide variety of user styles becoming that gallery is a good place to ending in php
Definition: skin.txt:62
MW_CONFIG_CALLBACK
const MW_CONFIG_CALLBACK(!function_exists( 'version_compare')||(version_compare(phpversion(), '5.3.2')< 0))
Definition: install.php:29
wfProfileIn
wfProfileIn( $functionname)
Begin profiling of a function.
Definition: Profiler.php:33
$wgRequestTime
$wgRequestTime
Definition: WebStart.php:68
wfProfileOut
wfProfileOut( $functionname='missing')
Stop profiling of a function.
Definition: Profiler.php:46
array
the array() calling protocol came about after MediaWiki 1.4rc1.
List of Api Query prop modules.
$name
Allows to change the fields on the form that will be generated $name
Definition: hooks.txt:336
$value
$value
Definition: styleTest.css.php:45
as
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such as
Definition: distributors.txt:9
$wgProfiler
$wgProfiler
Definition: WebStart.php:110
$IP
$IP
Definition: WebStart.php:88
$GLOBALS
$GLOBALS['IP']
Definition: ComposerHookHandler.php:6