defined('INTERNAL') || die; if (defined('CLI') && php_sapi_name() != 'cli') { die; } $CFG = new StdClass(); $CFG->docroot = dirname(__FILE__) . DIRECTORY_SEPARATOR; //array containing site options from database that are overrided by $CFG $OVERRIDDEN = array(); $CFG->libroot = dirname(__FILE__) . DIRECTORY_SEPARATOR . 'lib' . DIRECTORY_SEPARATOR; set_include_path($CFG->libroot . PATH_SEPARATOR . $CFG->libroot . 'pear/' . PATH_SEPARATOR . get_include_path()); // Set up error handling require 'errors.php'; if (!is_readable($CFG->docroot . 'config.php')) { // @todo Later, this will redirect to the installer script. For now, we // just log and exit. log_environ('Not installed! Please create config.php from config-dist.php'); exit; } init_performance_info(); // Because the default XML loader is vulnerable to XEE attacks, we're disabling it by default. // If you need to use it, you can re-enable the function, call it while passing in the // LIBXML_NONET parameter, and then disable the function again, like this: // // EXAMPLE // if (function_exists('libxml_disable_entity_loader')) { // libxml_disable_entity_loader(false); // } // $options = // LIBXML_COMPACT | // Reported to greatly speed XML parsing // LIBXML_NONET // Disable network access - security check // ;
/** * work around silly php settings * and broken setup stuff about the install * and raise a warning/fail depending on severity */ function ensure_sanity() { // PHP version if (version_compare(phpversion(), '5.1.3') < 0) { throw new ConfigSanityException(get_string('phpversion', 'error')); } // Various required extensions if (!extension_loaded('json')) { throw new ConfigSanityException(get_string('jsonextensionnotloaded', 'error')); } switch (get_config('dbtype')) { case 'postgres8': if (!extension_loaded('pgsql')) { throw new ConfigSanityException(get_string('pgsqldbextensionnotloaded', 'error')); } break; case 'mysql5': if (!extension_loaded('mysql')) { throw new ConfigSanityException(get_string('mysqldbextensionnotloaded', 'error')); } break; default: throw new ConfigSanityException(get_string('unknowndbtype', 'error')); } if (!extension_loaded('xml')) { throw new ConfigSanityException(get_string('xmlextensionnotloaded', 'error', 'xml')); } if (!extension_loaded('libxml')) { throw new ConfigSanityException(get_string('xmlextensionnotloaded', 'error', 'libxml')); } if (!extension_loaded('gd')) { throw new ConfigSanityException(get_string('gdextensionnotloaded', 'error')); } if (!extension_loaded('session')) { throw new ConfigSanityException(get_string('sessionextensionnotloaded', 'error')); } if (!extension_loaded('curl')) { throw new ConfigSanityException(get_string('curllibrarynotinstalled', 'error')); } //Check for freetype in the gd extension $gd_info = gd_info(); if (!$gd_info['FreeType Support']) { throw new ConfigSanityException(get_string('gdfreetypenotloaded', 'error')); } // register globals workaround if (ini_get_bool('register_globals')) { log_environ(get_string('registerglobals', 'error')); $massivearray = array_keys(array_merge($_POST, $_GET, $_COOKIE, $_SERVER, $_REQUEST, $_FILES)); foreach ($massivearray as $tounset) { unset($GLOBALS[$tounset]); } } // magic_quotes_gpc workaround if (!defined('CRON') && ini_get_bool('magic_quotes_gpc')) { log_environ(get_string('magicquotesgpc', 'error')); function stripslashes_deep($value) { $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value); return $value; } $_POST = array_map('stripslashes_deep', $_POST); $_GET = array_map('stripslashes_deep', $_GET); $_COOKIE = array_map('stripslashes_deep', $_COOKIE); $_REQUEST = array_map('stripslashes_deep', $_REQUEST); $servervars = array('REQUEST_URI', 'QUERY_STRING', 'HTTP_REFERER', 'PATH_INFO', 'PHP_SELF', 'PATH_TRANSLATED'); foreach ($servervars as $tocheck) { if (array_key_exists($tocheck, $_SERVER) && !empty($_SERVER[$tocheck])) { $_SERVER[$tocheck] = stripslashes($_SERVER[$tocheck]); } } } if (ini_get_bool('magic_quotes_runtime')) { // Turn of magic_quotes_runtime. Anyone with this on deserves a slap in the face set_magic_quotes_runtime(0); log_environ(get_string('magicquotesruntime', 'error')); } if (ini_get_bool('magic_quotes_sybase')) { // See above comment re. magic_quotes_runtime @ini_set('magic_quotes_sybase', 0); log_environ(get_string('magicquotessybase', 'error')); } if (ini_get_bool('safe_mode')) { // We don't run with safe mode throw new ConfigSanityException(get_string('safemodeon', 'error')); } // Other things that might be worth checking: // memory limit // file_uploads (off|on) // upload_max_filesize // allow_url_fopen (only if we use this) // // dataroot inside document root. if (strpos(get_config('dataroot'), get_config('docroot')) !== false) { throw new ConfigSanityException(get_string('datarootinsidedocroot', 'error')); } // dataroot not writable.. if (!check_dir_exists(get_config('dataroot')) || !is_writable(get_config('dataroot'))) { throw new ConfigSanityException(get_string('datarootnotwritable', 'error', get_config('dataroot'))); } if (!check_dir_exists(get_config('dataroot') . 'smarty/compile') || !check_dir_exists(get_config('dataroot') . 'smarty/cache') || !check_dir_exists(get_config('dataroot') . 'sessions') || !check_dir_exists(get_config('dataroot') . 'langpacks') || !check_dir_exists(get_config('dataroot') . 'htmlpurifier')) { throw new ConfigSanityException(get_string('couldnotmakedatadirectories', 'error')); } raise_memory_limit('32M'); }