search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
SOAP API: do not try to unserialize an invalid filter
[mantis.git] / core.php
blob87ae42f59a48816b3ec652ff1b00bce03bf30134
1 <?php
2 # MantisBT - A PHP based bugtracking system
3
4 # MantisBT is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation, either version 2 of the License, or
7 # (at your option) any later version.
8 #
9 # MantisBT is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU General Public License
15 # along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
16
17 /**
18 * MantisBT Core
19 *
20 * Initialises the MantisBT core, connects to the database, starts plugins and
21 * performs other global operations that either help initialise MantisBT or
22 * are required to be executed on every page load.
23 *
24 * @package MantisBT
25 * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
26 * @copyright Copyright (C) 2002 - 2011 MantisBT Team - mantisbt-dev@lists.sourceforge.net
27 * @link http://www.mantisbt.org
28 *
29 * @uses authentication_api.php
30 * @uses collapse_api.php
31 * @uses compress_api.php
32 * @uses config_api.php
33 * @uses config_defaults_inc.php
34 * @uses config_inc.php
35 * @uses constant_inc.php
36 * @uses crypto_api.php
37 * @uses custom_constants_inc.php
38 * @uses custom_functions_inc.php
39 * @uses database_api.php
40 * @uses event_api.php
41 * @uses http_api.php
42 * @uses lang_api.php
43 * @uses mantis_offline.php
44 * @uses plugin_api.php
45 * @uses php_api.php
46 * @uses user_pref_api.php
47 * @uses wiki_api.php
48 * @uses utf8/utf8.php
49 * @uses utf8/str_pad.php
50 */
51
52 /**
53 * Before doing anything... check if MantisBT is down for maintenance
54 *
55 * To make MantisBT 'offline' simply create a file called
56 * 'mantis_offline.php' in the MantisBT root directory.
57 * Users are redirected to that file if it exists.
58 * If you have to test MantisBT while it's offline, add the
59 * parameter 'mbadmin=1' to the URL.
60 */
61 if ( file_exists( 'mantis_offline.php' ) && !isset( $_GET['mbadmin'] ) ) {
62 include( 'mantis_offline.php' );
63 exit;
64 }
65
66 $g_request_time = microtime( true );
67
68 ob_start();
69
70 # Load supplied constants
71 require_once( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'core' . DIRECTORY_SEPARATOR . 'constant_inc.php' );
72
73 # Load user-defined constants (if required)
74 if ( file_exists( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'custom_constants_inc.php' ) ) {
75 require_once( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'custom_constants_inc.php' );
76 }
77
78 $t_config_inc_found = false;
79
80 # Include default configuration settings
81 require_once( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'config_defaults_inc.php' );
82
83 # config_inc may not be present if this is a new install
84 if ( file_exists( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'config_inc.php' ) ) {
85 require_once( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'config_inc.php' );
86 $t_config_inc_found = true;
87 }
88
89 # Allow an environment variable (defined in an Apache vhost for example)
90 # to specify a config file to load to override other local settings
91 $t_local_config = getenv( 'MANTIS_CONFIG' );
92 if ( $t_local_config && file_exists( $t_local_config ) ){
93 require_once( $t_local_config );
94 $t_config_inc_found = true;
95 }
96
97 # Remember (globally) which API files have already been loaded
98 $g_api_included = array();
99
100 # Define an API inclusion function to replace require_once
101 function require_api( $p_api_name ) {
102 global $g_api_included;
103 global $g_core_path;
104 if ( !isset( $g_api_included[$p_api_name] ) ) {
105 $t_existing_globals = get_defined_vars();
106 require_once( $g_core_path . $p_api_name );
107 $t_new_globals = array_diff_key( get_defined_vars(), $GLOBALS, array( 't_existing_globals' => 0, 't_new_globals' => 0 ) );
108 foreach ( $t_new_globals as $t_global_name => $t_global_value ) {
109 global $$t_global_name;
110 }
111 extract( $t_new_globals );
112 $g_api_included[$p_api_name] = 1;
113 }
114 }
115
116 # Remember (globally) which library files have already been loaded
117 $g_libraries_included = array();
118
119 # Define an API inclusion function to replace require_once
120 function require_lib( $p_library_name ) {
121 global $g_libraries_included;
122 global $g_library_path;
123 if ( !isset( $g_libraries_included[$p_library_name] ) ) {
124 $t_existing_globals = get_defined_vars();
125 require_once( $g_library_path . $p_library_name );
126 $t_new_globals = array_diff_key( get_defined_vars(), $GLOBALS, array( 't_existing_globals' => 0, 't_new_globals' => 0 ) );
127 foreach ( $t_new_globals as $t_global_name => $t_global_value ) {
128 global $$t_global_name;
129 }
130 extract( $t_new_globals );
131 $g_libraries_included[$p_library_name] = 1;
132 }
133 }
134
135 # Define an autoload function to automatically load classes when referenced
136 function __autoload( $className ) {
137 global $g_class_path;
138 global $g_library_path;
139
140 $t_require_path = $g_class_path . $className . '.class.php';
141
142 if ( file_exists( $t_require_path ) ) {
143 require_once( $t_require_path );
144 return;
145 }
146
147 $t_require_path = $g_library_path . 'rssbuilder' . DIRECTORY_SEPARATOR . 'class.' . $className . '.inc.php';
148
149 if ( file_exists( $t_require_path ) ) {
150 require_once( $t_require_path );
151 return;
152 }
153 }
154
155 # Register the autoload function to make it effective immediately
156 spl_autoload_register( '__autoload' );
157
158 # Load UTF8-capable string functions
159 define( 'UTF8', $g_library_path . 'utf8' );
160 require_lib( 'utf8/utf8.php' );
161 require_lib( 'utf8/str_pad.php' );
162
163 # Include PHP compatibility file
164 require_api( 'php_api.php' );
165
166 # Enforce our minimum PHP requirements
167 if( !php_version_at_least( PHP_MIN_VERSION ) ) {
168 @ob_end_clean();
169 echo '<strong>FATAL ERROR: Your version of PHP is too old. MantisBT requires PHP version ' . PHP_MIN_VERSION . ' or newer</strong><br />Your version of PHP is version ' . phpversion();
170 die();
171 }
172
173 # Ensure that output is blank so far (output at this stage generally denotes
174 # that an error has occurred)
175 if ( ( $t_output = ob_get_contents() ) != '' ) {
176 echo 'Possible Whitespace/Error in Configuration File - Aborting. Output so far follows:<br />';
177 echo var_dump( $t_output );
178 die;
179 }
180
181 # Start HTML compression handler (if enabled)
182 require_api( 'compress_api.php' );
183 compress_start_handler();
184
185 # If no configuration file exists, redirect the user to the admin page so
186 # they can complete installation and configuration of MantisBT
187 if ( false === $t_config_inc_found ) {
188 if ( !( isset( $_SERVER['SCRIPT_NAME'] ) && ( 0 < strpos( $_SERVER['SCRIPT_NAME'], 'admin' ) ) ) ) {
189 header( 'Content-Type: text/html' );
190 header( "Location: admin/install.php" );
191 exit;
192 }
193 }
194
195 # Initialise cryptographic keys
196 require_api( 'crypto_api.php' );
197 crypto_init();
198
199 # Connect to the database
200 require_api( 'database_api.php' );
201 require_api( 'config_api.php' );
202
203 if ( !defined( 'MANTIS_MAINTENANCE_MODE' ) ) {
204 if( OFF == $g_use_persistent_connections ) {
205 db_connect( config_get_global( 'dsn', false ), $g_hostname, $g_db_username, $g_db_password, $g_database_name, config_get_global( 'db_schema' ) );
206 } else {
207 db_connect( config_get_global( 'dsn', false ), $g_hostname, $g_db_username, $g_db_password, $g_database_name, config_get_global( 'db_schema' ), true );
208 }
209 }
210
211 # Initialise plugins
212 if ( !defined( 'PLUGINS_DISABLED' ) && !defined( 'MANTIS_MAINTENANCE_MODE' ) ) {
213 require_api( 'plugin_api.php' );
214 plugin_init_installed();
215 }
216
217 # Initialise Wiki integration
218 if( config_get_global( 'wiki_enable' ) == ON ) {
219 require_api( 'wiki_api.php' );
220 wiki_init();
221 }
222
223 if ( !isset( $g_login_anonymous ) ) {
224 $g_login_anonymous = true;
225 }
226
227 # Attempt to set the current timezone to the user's desired value
228 # Note that PHP 5.1 on RHEL/CentOS doesn't support the timezone functions
229 # used here so we just skip this action on RHEL/CentOS platforms.
230 if ( function_exists( 'timezone_identifiers_list' ) ) {
231 if ( in_array ( config_get_global( 'default_timezone' ), timezone_identifiers_list() ) ) {
232 // if a default timezone is set in config, set it here, else we use php.ini's value
233 // having a timezone set avoids a php warning
234 date_default_timezone_set( config_get_global( 'default_timezone' ) );
235 }
236
237 require_api( 'authentication_api.php' );
238 if( auth_is_user_authenticated() ) {
239 require_api( 'user_pref_api.php' );
240 date_default_timezone_set( user_pref_get_pref( auth_get_current_user_id(), 'timezone' ) );
241 }
242 }
243
244 if ( !defined( 'MANTIS_MAINTENANCE_MODE' ) ) {
245 require_api( 'collapse_api.php' );
246 collapse_cache_token();
247 }
248
249 # Load custom functions
250 require_api( 'custom_function_api.php' );
251 if ( file_exists( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'custom_functions_inc.php' ) ) {
252 require_once( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'custom_functions_inc.php' );
253 }
254
255 # Set HTTP response headers
256 require_api( 'http_api.php' );
257 http_all_headers();
258
259 # Push default language to speed calls to lang_get
260 if ( !defined( 'LANG_LOAD_DISABLED' ) ) {
261 require_api( 'lang_api.php' );
262 lang_push( lang_get_default() );
263 }
264
265 # Signal plugins that the core system is loaded
266 if ( !defined( 'PLUGINS_DISABLED' ) && !defined( 'MANTIS_MAINTENANCE_MODE' ) ) {
267 require_api( 'event_api.php' );
268 event_signal( 'EVENT_CORE_READY' );
269 }