includes/WebStart.php

   1 <?php
   2 /**
   3  * The set up for all MediaWiki web requests.
   4  *
   5  * It does:
   6  * - web-related security checks,
   7  * - decide how and from where to load site configuration (LocalSettings.php),
   8  * - load Setup.php.
   9  *
  10  * This program is free software; you can redistribute it and/or modify
  11  * it under the terms of the GNU General Public License as published by
  12  * the Free Software Foundation; either version 2 of the License, or
  13  * (at your option) any later version.
  14  *
  15  * This program is distributed in the hope that it will be useful,
  16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  18  * GNU General Public License for more details.
  19  *
  20  * You should have received a copy of the GNU General Public License along
  21  * with this program; if not, write to the Free Software Foundation, Inc.,
  22  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  23  * http://www.gnu.org/copyleft/gpl.html
  24  *
  25  * @file
  26  */
  27
  28 /**
  29  * @defgroup entrypoint Entry points
  30  *
  31  * These primary scripts live in the root directory. They are the ones used by
  32  * web requests to interact with the wiki. Other PHP files in the repository
  33  * do not need to be accessed directly by the web.
  34  */
  35
  36 # T17461: Make IE8 turn off content sniffing. Everybody else should ignore this
  37 # We're adding it here so that it's *always* set, even for alternate entry
  38 # points and when $wgOut gets disabled or overridden.
  39 use MediaWiki\Settings\SettingsBuilder;
  40
  41 header( 'X-Content-Type-Options: nosniff' );
  42
  43 # Valid web server entry point, enable includes.
  44 # Please don't move this line to includes/Defines.php. This line essentially
  45 # defines a valid entry point. If you put it in includes/Defines.php, then
  46 # any script that includes it becomes an entry point, thereby defeating
  47 # its purpose.
  48 define( 'MEDIAWIKI', true );
  49
  50 /**
  51  * @param SettingsBuilder $settings
  52  * @return never
  53  */
  54 function wfWebStartNoLocalSettings( SettingsBuilder $settings ) {
  55         # LocalSettings.php is the per-site customization file. If it does not exist
  56         # the wiki installer needs to be launched or the generated file uploaded to
  57         # the root wiki directory. Give a hint, if it is not readable by the server.
  58         require_once __DIR__ . '/NoLocalSettings.php';
  59         die();
  60 }
  61
  62 require_once __DIR__ . '/BootstrapHelperFunctions.php';
  63
  64 // If no LocalSettings file exists, try to display an error page
  65 // (use a callback because it depends on TemplateParser)
  66 if ( !defined( 'MW_CONFIG_CALLBACK' ) ) {
  67         wfDetectLocalSettingsFile();
  68         if ( !is_readable( MW_CONFIG_FILE ) ) {
  69                 define( 'MW_CONFIG_CALLBACK', 'wfWebStartNoLocalSettings' );
  70         }
  71 }
  72
  73 function wfWebStartSetup( SettingsBuilder $settings ) {
  74         // Initialize the default MediaWiki output buffering if no buffer is already active.
  75         // This avoids clashes with existing buffers in order to avoid problems,
  76         // like mixing gzip and non-gzip output.
  77         if ( ob_get_level() == 0 ) {
  78                 // During HTTP requests, MediaWiki normally buffers the response body in a string
  79                 // within OutputPage and prints it when ready. PHP buffers provide protection against
  80                 // premature sending of HTTP headers due to output from PHP warnings and notices.
  81                 // They also can be used to implement gzip support in PHP without the webserver knowing
  82                 // which requests yield HTML and which yield large files that can be streamed.
  83                 ob_start( 'MediaWiki\\OutputHandler::handle' );
  84         }
  85 }
  86
  87 // Custom setup for WebStart entry point
  88 if ( !defined( 'MW_SETUP_CALLBACK' ) ) {
  89         define( 'MW_SETUP_CALLBACK', 'wfWebStartSetup' );
  90 }
  91
  92 require_once __DIR__ . '/Setup.php';
  93
  94 # Multiple DBs or commits might be used; keep the request as transactional as possible
  95 if ( isset( $_SERVER['REQUEST_METHOD'] ) && $_SERVER['REQUEST_METHOD'] === 'POST' ) {
  96         ignore_user_abort( true );
  97 }
  98
  99 if ( !defined( 'MW_API' ) && !defined( 'MW_REST_API' ) &&
 100         RequestContext::getMain()->getRequest()->getHeader( 'Promise-Non-Write-API-Action' )
 101 ) {
 102         header( 'Cache-Control: no-cache' );
 103         header( 'Content-Type: text/html; charset=utf-8' );
 104         HttpStatus::header( 400 );
 105         $errorHtml = wfMessage( 'nonwrite-api-promise-error' )
 106                 ->useDatabase( false )
 107                 ->inContentLanguage()
 108                 ->escaped();
 109         $content = <<<HTML
 110 <!DOCTYPE html>
 111 <html>
 112 <head><meta charset="UTF-8" /></head>
 113 <body>
 114 $errorHtml
 115 </body>
 116 </html>
 117
 118 HTML;
 119         header( 'Content-Length: ' . strlen( $content ) );
 120         echo $content;
 121         die();
 122 }