root/branches/1.5/wp-settings.php

Revision 3627, 5.9 kB (checked in by ryan, 3 years ago)

Security back ports from masquerade and MarkJaquith?.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
Line 
1 <?php
2 // Turn register globals off
3 function unregister_GLOBALS() {
4     if ( !ini_get('register_globals') )
5         return;
6
7     if ( isset($_REQUEST['GLOBALS']) )
8         die('GLOBALS overwrite attempt detected');
9
10     // Variables that shouldn't be unset
11     $noUnset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES', 'table_prefix');
12     
13     $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());
14     foreach ( $input as $k => $v )
15         if ( !in_array($k, $noUnset) && isset($GLOBALS[$k]) )
16             unset($GLOBALS[$k]);
17 }
18
19 unregister_GLOBALS();
20
21 $HTTP_HOST = getenv('HTTP_HOST');  /* domain name */
22 $REMOTE_ADDR = getenv('REMOTE_ADDR'); /* visitor's IP */
23 $HTTP_USER_AGENT = getenv('HTTP_USER_AGENT'); /* visitor's browser */
24 unset( $wp_filter, $cache_userdata, $cache_lastcommentmodified, $cache_lastpostdate, $cache_settings, $category_cache, $cache_categories );
25
26 // Fix for IIS, which doesn't set REQUEST_URI
27 if (! isset($_SERVER['REQUEST_URI'])) {
28     $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'];
29     
30     // Append the query string if it exists and isn't null
31     if (isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING'])) {
32         $_SERVER['REQUEST_URI'] .= '?' . $_SERVER['QUERY_STRING'];
33     }
34 }
35
36 if ( !(phpversion() >= '4.1') )
37     die( 'Your server is running PHP version ' . phpversion() . ' but WordPress requires at least 4.1' );
38
39 if ( !extension_loaded('mysql') )
40     die( 'Your PHP installation appears to be missing the MySQL which is required for WordPress.' );
41
42 function timer_start() {
43     global $timestart;
44     $mtime = explode(' ', microtime() );
45     $mtime = $mtime[1] + $mtime[0];
46     $timestart = $mtime;
47     return true;
48 }
49 timer_start();
50
51 // Change to E_ALL for development/debugging
52 error_reporting(E_ALL ^ E_NOTICE);
53
54 // For an advanced caching plugin to use, static because you would only want one
55 if ( defined('WP_CACHE') )
56     require (ABSPATH . 'wp-content/advanced-cache.php');
57
58 define('WPINC', 'wp-includes');
59 require_once (ABSPATH . WPINC . '/wp-db.php');
60
61 // Table names
62 $wpdb->posts            = $table_prefix . 'posts';
63 $wpdb->users            = $table_prefix . 'users';
64 $wpdb->categories       = $table_prefix . 'categories';
65 $wpdb->post2cat         = $table_prefix . 'post2cat';
66 $wpdb->comments         = $table_prefix . 'comments';
67 $wpdb->links            = $table_prefix . 'links';
68 $wpdb->linkcategories   = $table_prefix . 'linkcategories';
69 $wpdb->options          = $table_prefix . 'options';
70 $wpdb->postmeta         = $table_prefix . 'postmeta';
71
72 if ( defined('CUSTOM_USER_TABLE') )
73     $wpdb->users = CUSTOM_USER_TABLE;
74
75 // We're going to need to keep this around for a few months even though we're not using it internally
76
77 $tableposts = $wpdb->posts;
78 $tableusers = $wpdb->users;
79 $tablecategories = $wpdb->categories;
80 $tablepost2cat = $wpdb->post2cat;
81 $tablecomments = $wpdb->comments;
82 $tablelinks = $wpdb->links;
83 $tablelinkcategories = $wpdb->linkcategories;
84 $tableoptions = $wpdb->options;
85 $tablepostmeta = $wpdb->postmeta;
86
87 require (ABSPATH . WPINC . '/functions.php');
88 require (ABSPATH . WPINC . '/default-filters.php');
89 require_once (ABSPATH . WPINC . '/wp-l10n.php');
90
91 $wpdb->hide_errors();
92 if ( !update_user_cache() && (!strstr($_SERVER['PHP_SELF'], 'install.php') && !defined('WP_INSTALLING')) ) {
93     if ( strstr($_SERVER['PHP_SELF'], 'wp-admin') )
94         $link = 'install.php';
95     else
96         $link = 'wp-admin/install.php';
97     die(sprintf(__("It doesn't look like you've installed WP yet. Try running <a href='%s'>install.php</a>."), $link));
98 }
99 $wpdb->show_errors();
100
101 require (ABSPATH . WPINC . '/functions-formatting.php');
102 require (ABSPATH . WPINC . '/functions-post.php');
103 require (ABSPATH . WPINC . '/classes.php');
104 require (ABSPATH . WPINC . '/template-functions-general.php');
105 require (ABSPATH . WPINC . '/template-functions-links.php');
106 require (ABSPATH . WPINC . '/template-functions-author.php');
107 require (ABSPATH . WPINC . '/template-functions-post.php');
108 require (ABSPATH . WPINC . '/template-functions-category.php');
109 require (ABSPATH . WPINC . '/comment-functions.php');
110 require (ABSPATH . WPINC . '/feed-functions.php');
111 require (ABSPATH . WPINC . '/links.php');
112 require (ABSPATH . WPINC . '/kses.php');
113 require (ABSPATH . WPINC . '/version.php');
114
115 if (!strstr($_SERVER['PHP_SELF'], 'install.php') && !strstr($_SERVER['PHP_SELF'], 'wp-admin/import')) :
116     // Used to guarantee unique hash cookies
117     $cookiehash = md5(get_settings('siteurl')); // Remove in 1.4
118     define('COOKIEHASH', $cookiehash);
119 endif;
120
121 require (ABSPATH . WPINC . '/vars.php');
122
123 do_action('core_files_loaded');
124
125 // Check for hacks file if the option is enabled
126 if (get_settings('hack_file')) {
127     if (file_exists(ABSPATH . '/my-hacks.php'))
128         require(ABSPATH . '/my-hacks.php');
129 }
130
131 if ( get_settings('active_plugins') ) {
132     $current_plugins = get_settings('active_plugins');
133     if ( is_array($current_plugins) ) {
134         foreach ($current_plugins as $plugin) {
135             if ('' != $plugin && file_exists(ABSPATH . 'wp-content/plugins/' . $plugin))
136                 include_once(ABSPATH . 'wp-content/plugins/' . $plugin);
137         }
138     }
139 }
140
141 require (ABSPATH . WPINC . '/pluggable-functions.php');
142
143 if ( defined('WP_CACHE') && function_exists('wp_cache_postload') )
144     wp_cache_postload();
145
146 do_action('plugins_loaded');
147
148 define('TEMPLATEPATH', get_template_directory());
149
150 // Load the default text localization domain.
151 load_default_textdomain();
152
153 // Pull in locale data after loading text domain.
154 require_once(ABSPATH . WPINC . '/locale.php');
155
156 // If already slashed, strip.
157 if ( get_magic_quotes_gpc() ) {
158     $_GET    = stripslashes_deep($_GET   );
159     $_POST   = stripslashes_deep($_POST  );
160     $_COOKIE = stripslashes_deep($_COOKIE);
161 }
162
163 // Escape with wpdb.
164 $_GET    = add_magic_quotes($_GET   );
165 $_POST   = add_magic_quotes($_POST  );
166 $_COOKIE = add_magic_quotes($_COOKIE);
167 $_SERVER = add_magic_quotes($_SERVER);
168
169 function shutdown_action_hook() {
170     do_action('shutdown');
171 }
172 register_shutdown_function('shutdown_action_hook');
173
174 // Everything is loaded.
175 do_action('init');
176 ?>
177
Note: See TracBrowser for help on using the browser.