3 # This does the initial setup for a web request. It does some security checks,
4 # starts the profiler and loads the configuration, and optionally loads
5 # Setup.php depending on whether MW_NO_SETUP is defined.
7 # Protect against register_globals
8 # This must be done before any globals are set by the code
9 if ( ini_get( 'register_globals' ) ) {
10 if ( isset( $_REQUEST['GLOBALS'] ) ) {
11 die( '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>');
31 foreach ( $_REQUEST as $name => $value ) {
32 if( in_array( $name, $verboten ) ) {
33 header( "HTTP/1.x 500 Internal Server Error" );
34 echo "register_globals security paranoia: trying to overwrite superglobals, aborting.";
37 unset( $GLOBALS[$name] );
41 $wgRequestTime = microtime(true);
42 # getrusage() does not exist on the Microsoft Windows platforms, catching this
43 if ( function_exists ( 'getrusage' ) ) {
44 $wgRUstart = getrusage();
49 @ini_set
( 'allow_url_fopen', 0 ); # For security
51 # Valid web server entry point, enable includes.
52 # Please don't move this line to includes/Defines.php. This line essentially
53 # defines a valid entry point. If you put it in includes/Defines.php, then
54 # any script that includes it becomes an entry point, thereby defeating
56 define( 'MEDIAWIKI', true );
59 require_once( './StartProfiler.php' );
60 wfProfileIn( 'WebStart.php-conf' );
62 # Load up some global defines.
63 require_once( './includes/Defines.php' );
65 # LocalSettings.php is the per site customization file. If it does not exit
66 # the wiki installer need to be launched or the generated file moved from
68 if( !file_exists( './LocalSettings.php' ) ) {
70 require_once( './includes/DefaultSettings.php' ); # used for printing the version
71 require_once( './includes/templates/NoLocalSettings.php' );
75 # Include this site setttings
76 require_once( './LocalSettings.php' );
77 wfProfileOut( 'WebStart.php-conf' );
79 if ( !defined( 'MW_NO_SETUP' ) ) {
80 require_once( './includes/Setup.php' );