defined('INTERNAL') || die;
if (defined('CLI') && php_sapi_name() != 'cli') {
die;
}
$CFG = new StdClass();
$CFG->docroot = dirname(__FILE__) . DIRECTORY_SEPARATOR;
//array containing site options from database that are overrided by $CFG
$OVERRIDDEN = array();
$CFG->libroot = dirname(__FILE__) . DIRECTORY_SEPARATOR . 'lib' . DIRECTORY_SEPARATOR;
set_include_path($CFG->libroot . PATH_SEPARATOR . $CFG->libroot . 'pear/' . PATH_SEPARATOR . get_include_path());
// Set up error handling
require 'errors.php';
if (!is_readable($CFG->docroot . 'config.php')) {
// @todo Later, this will redirect to the installer script. For now, we
// just log and exit.
log_environ('Not installed! Please create config.php from config-dist.php');
exit;
}
init_performance_info();
// Because the default XML loader is vulnerable to XEE attacks, we're disabling it by default.
// If you need to use it, you can re-enable the function, call it while passing in the
// LIBXML_NONET parameter, and then disable the function again, like this:
//
// EXAMPLE
// if (function_exists('libxml_disable_entity_loader')) {
// libxml_disable_entity_loader(false);
// }
// $options =
// LIBXML_COMPACT | // Reported to greatly speed XML parsing
// LIBXML_NONET // Disable network access - security check
// ;
/**
* work around silly php settings
* and broken setup stuff about the install
* and raise a warning/fail depending on severity
*/
function ensure_sanity()
{
// PHP version
if (version_compare(phpversion(), '5.1.3') < 0) {
throw new ConfigSanityException(get_string('phpversion', 'error'));
}
// Various required extensions
if (!extension_loaded('json')) {
throw new ConfigSanityException(get_string('jsonextensionnotloaded', 'error'));
}
switch (get_config('dbtype')) {
case 'postgres8':
if (!extension_loaded('pgsql')) {
throw new ConfigSanityException(get_string('pgsqldbextensionnotloaded', 'error'));
}
break;
case 'mysql5':
if (!extension_loaded('mysql')) {
throw new ConfigSanityException(get_string('mysqldbextensionnotloaded', 'error'));
}
break;
default:
throw new ConfigSanityException(get_string('unknowndbtype', 'error'));
}
if (!extension_loaded('xml')) {
throw new ConfigSanityException(get_string('xmlextensionnotloaded', 'error', 'xml'));
}
if (!extension_loaded('libxml')) {
throw new ConfigSanityException(get_string('xmlextensionnotloaded', 'error', 'libxml'));
}
if (!extension_loaded('gd')) {
throw new ConfigSanityException(get_string('gdextensionnotloaded', 'error'));
}
if (!extension_loaded('session')) {
throw new ConfigSanityException(get_string('sessionextensionnotloaded', 'error'));
}
if (!extension_loaded('curl')) {
throw new ConfigSanityException(get_string('curllibrarynotinstalled', 'error'));
}
//Check for freetype in the gd extension
$gd_info = gd_info();
if (!$gd_info['FreeType Support']) {
throw new ConfigSanityException(get_string('gdfreetypenotloaded', 'error'));
}
// register globals workaround
if (ini_get_bool('register_globals')) {
log_environ(get_string('registerglobals', 'error'));
$massivearray = array_keys(array_merge($_POST, $_GET, $_COOKIE, $_SERVER, $_REQUEST, $_FILES));
foreach ($massivearray as $tounset) {
unset($GLOBALS[$tounset]);
}
}
// magic_quotes_gpc workaround
if (!defined('CRON') && ini_get_bool('magic_quotes_gpc')) {
log_environ(get_string('magicquotesgpc', 'error'));
function stripslashes_deep($value)
{
$value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value);
return $value;
}
$_POST = array_map('stripslashes_deep', $_POST);
$_GET = array_map('stripslashes_deep', $_GET);
$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
$servervars = array('REQUEST_URI', 'QUERY_STRING', 'HTTP_REFERER', 'PATH_INFO', 'PHP_SELF', 'PATH_TRANSLATED');
foreach ($servervars as $tocheck) {
if (array_key_exists($tocheck, $_SERVER) && !empty($_SERVER[$tocheck])) {
$_SERVER[$tocheck] = stripslashes($_SERVER[$tocheck]);
}
}
}
if (ini_get_bool('magic_quotes_runtime')) {
// Turn of magic_quotes_runtime. Anyone with this on deserves a slap in the face
set_magic_quotes_runtime(0);
log_environ(get_string('magicquotesruntime', 'error'));
}
if (ini_get_bool('magic_quotes_sybase')) {
// See above comment re. magic_quotes_runtime
@ini_set('magic_quotes_sybase', 0);
log_environ(get_string('magicquotessybase', 'error'));
}
if (ini_get_bool('safe_mode')) {
// We don't run with safe mode
throw new ConfigSanityException(get_string('safemodeon', 'error'));
}
// Other things that might be worth checking:
// memory limit
// file_uploads (off|on)
// upload_max_filesize
// allow_url_fopen (only if we use this)
//
// dataroot inside document root.
if (strpos(get_config('dataroot'), get_config('docroot')) !== false) {
throw new ConfigSanityException(get_string('datarootinsidedocroot', 'error'));
}
// dataroot not writable..
if (!check_dir_exists(get_config('dataroot')) || !is_writable(get_config('dataroot'))) {
throw new ConfigSanityException(get_string('datarootnotwritable', 'error', get_config('dataroot')));
}
if (!check_dir_exists(get_config('dataroot') . 'smarty/compile') || !check_dir_exists(get_config('dataroot') . 'smarty/cache') || !check_dir_exists(get_config('dataroot') . 'sessions') || !check_dir_exists(get_config('dataroot') . 'langpacks') || !check_dir_exists(get_config('dataroot') . 'htmlpurifier')) {
throw new ConfigSanityException(get_string('couldnotmakedatadirectories', 'error'));
}
raise_memory_limit('32M');
}
