forked from mantisbt/mantisbt
-
Notifications
You must be signed in to change notification settings - Fork 0
/
core.php
375 lines (318 loc) · 11.2 KB
/
core.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
<?php
# MantisBT - A PHP based bugtracking system
# MantisBT is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# MantisBT is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
/**
* MantisBT Core
*
* Initialises the MantisBT core, connects to the database, starts plugins and
* performs other global operations that either help initialise MantisBT or
* are required to be executed on every page load.
*
* @package MantisBT
* @copyright Copyright 2000 - 2002 Kenzaburo Ito - [email protected]
* @copyright Copyright 2002 MantisBT Team - [email protected]
* @link http://www.mantisbt.org
*
* @uses authentication_api.php
* @uses collapse_api.php
* @uses compress_api.php
* @uses config_api.php
* @uses config_defaults_inc.php
* @uses config_inc.php
* @uses constant_inc.php
* @uses crypto_api.php
* @uses custom_constants_inc.php
* @uses custom_functions_inc.php
* @uses database_api.php
* @uses event_api.php
* @uses http_api.php
* @uses lang_api.php
* @uses mantis_offline.php
* @uses plugin_api.php
* @uses php_api.php
* @uses user_pref_api.php
* @uses wiki_api.php
*
* @noinspection PhpIncludeInspection
*/
/**
* Before doing anything... check if MantisBT is down for maintenance
*
* To make MantisBT 'offline' simply create a file called
* 'mantis_offline.php' in the MantisBT root directory.
* Users are redirected to that file if it exists.
* If you have to test MantisBT while it's offline, add the
* parameter 'mbadmin=1' to the URL.
*/
if( file_exists( 'mantis_offline.php' ) && !isset( $_GET['mbadmin'] ) ) {
include( 'mantis_offline.php' );
exit;
}
$g_request_time = microtime( true );
# Load supplied constants
require_once( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'core' . DIRECTORY_SEPARATOR . 'constant_inc.php' );
# Enforce our minimum PHP requirements
if( version_compare( PHP_VERSION, PHP_MIN_VERSION, '<' ) ) {
echo '<strong>FATAL ERROR: Your version of PHP is too old. '
. 'MantisBT requires ' . PHP_MIN_VERSION . ' or newer</strong><br />'
. 'Your are running PHP version <em>' . PHP_VERSION . '</em>';
die();
}
ensure_php_extension_loaded( 'mbstring', 'for Unicode (UTF-8) support' );
# Ensure that encoding is always UTF-8 independent from any PHP default or ini setting
mb_internal_encoding( 'UTF-8' );
if( php_sapi_name() != 'cli' ) {
ob_start();
}
# Load Composer autoloader
require_once( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'vendor/autoload.php' );
# Include default configuration settings
require_once( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'config_defaults_inc.php' );
# Load user-defined constants (if required)
global $g_config_path;
if( file_exists( $g_config_path . 'custom_constants_inc.php' ) ) {
require_once( $g_config_path . 'custom_constants_inc.php' );
}
# config_inc may not be present if this is a new install
$t_config_inc_found = file_exists( $g_config_path . 'config_inc.php' );
if( $t_config_inc_found ) {
require_once( $g_config_path . 'config_inc.php' );
}
# Ensure PHP LDAP extension is available when Login Method is LDAP
global $g_login_method;
if ( $g_login_method == LDAP ) {
ensure_php_extension_loaded( 'ldap', 'when using LDAP as Login Method' );
}
# Register the autoload function to make it effective immediately
spl_autoload_register( 'autoload_mantis' );
# Include PHP compatibility file
require_api( 'php_api.php' );
# Ensure that output is blank so far (output at this stage generally denotes
# that an error has occurred)
if( ( $t_output = ob_get_contents() ) != '' ) {
echo 'Possible Whitespace/Error in Configuration File - Aborting. Output so far follows:<br />';
var_dump( $t_output );
die;
}
unset( $t_output );
# Start HTML compression handler (if enabled)
require_api( 'compress_api.php' );
compress_start_handler();
# If no configuration file exists, redirect the user to the admin page so
# they can complete installation and configuration of MantisBT
if( false === $t_config_inc_found ) {
if( php_sapi_name() == 'cli' ) {
echo 'Error: ' . $g_config_path . "config_inc.php file not found; ensure MantisBT is properly setup.\n";
exit( 1 );
}
if( !( isset( $_SERVER['SCRIPT_NAME'] ) && ( 0 < strpos( $_SERVER['SCRIPT_NAME'], 'admin' ) ) ) ) {
header( 'Content-Type: text/html' );
# Temporary redirect (307) instead of Found (302) default
header( 'Location: admin/install.php', true, 307 );
# Make sure it's not cached
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
exit;
}
}
# Initialise cryptographic keys
require_api( 'crypto_api.php' );
crypto_init();
# Connect to the database
require_api( 'database_api.php' );
require_api( 'config_api.php' );
# Set the default timezone
# To reduce overhead, we assume that the timezone configuration is valid,
# i.e. it exists in timezone_identifiers_list(). If not, a PHP NOTICE will
# be raised and we fall back to the system's default timezone.
# Use admin checks to validate configuration.
$t_tz = config_get_global( 'default_timezone' );
if( empty( $t_tz ) || !date_default_timezone_set( $t_tz ) ) {
$t_tz = date_default_timezone_get();
}
config_set_global( 'default_timezone', $t_tz );
if( !defined( 'MANTIS_MAINTENANCE_MODE' ) ) {
global $g_use_persistent_connections, $g_hostname, $g_db_username, $g_db_password, $g_database_name;
if( OFF == $g_use_persistent_connections ) {
db_connect( config_get_global( 'dsn', false ), $g_hostname, $g_db_username, $g_db_password, $g_database_name );
} else {
db_connect( config_get_global( 'dsn', false ), $g_hostname, $g_db_username, $g_db_password, $g_database_name, true );
}
}
# Register global shutdown function
shutdown_functions_register();
# Initialise plugins
require_api( 'plugin_api.php' ); # necessary for some upgrade steps
if( !defined( 'PLUGINS_DISABLED' ) && !defined( 'MANTIS_MAINTENANCE_MODE' ) ) {
plugin_init_installed();
}
# Initialise Wiki integration
if( config_get_global( 'wiki_enable' ) == ON ) {
require_api( 'wiki_api.php' );
wiki_init();
}
if( !isset( $g_login_anonymous ) ) {
$g_login_anonymous = true;
}
if( !defined( 'MANTIS_MAINTENANCE_MODE' ) ) {
require_api( 'authentication_api.php' );
# Override the default timezone according to user's preferences
if( auth_is_user_authenticated() ) {
require_api( 'user_pref_api.php' );
$t_tz = user_pref_get_pref( auth_get_current_user_id(), 'timezone' );
@date_default_timezone_set( $t_tz );
}
}
unset( $t_tz );
# Cache current user's collapse API data
if( !defined( 'MANTIS_MAINTENANCE_MODE' ) ) {
require_api( 'collapse_api.php' );
collapse_cache_token();
}
# Load custom functions
require_api( 'custom_function_api.php' );
if( file_exists( $g_config_path . 'custom_functions_inc.php' ) ) {
require_once( $g_config_path . 'custom_functions_inc.php' );
}
# Set HTTP response headers
require_api( 'http_api.php' );
event_signal( 'EVENT_CORE_HEADERS' );
http_all_headers();
# Push default language to speed calls to lang_get
if( !defined( 'LANG_LOAD_DISABLED' ) ) {
require_api( 'lang_api.php' );
lang_push( lang_get_default() );
}
# Signal plugins that the core system is loaded
if( !defined( 'PLUGINS_DISABLED' ) && !defined( 'MANTIS_MAINTENANCE_MODE' ) ) {
require_api( 'event_api.php' );
event_signal( 'EVENT_CORE_READY' );
}
/**
* Define an API inclusion function to replace require_once
*
* @param string $p_api_name An API file name.
* @return void
*/
function require_api( $p_api_name ) {
static $s_api_included;
global $g_core_path;
if( !isset( $s_api_included[$p_api_name] ) ) {
require_once( $g_core_path . $p_api_name );
$t_new_globals = array_diff_key( get_defined_vars(), $GLOBALS, array( 't_new_globals' => 0 ) );
foreach ( $t_new_globals as $t_global_name => $t_global_value ) {
$GLOBALS[$t_global_name] = $t_global_value;
}
$s_api_included[$p_api_name] = 1;
}
}
/**
* Define an API inclusion function to replace require_once
*
* @param string $p_library_name A library file name.
* @return void
*/
function require_lib( $p_library_name ) {
static $s_libraries_included;
if( !isset( $s_libraries_included[$p_library_name] ) ) {
global $g_library_path;
$t_library_file_path = $g_library_path . $p_library_name;
if( file_exists( $t_library_file_path ) ) {
require_once( $t_library_file_path );
} else {
echo 'External library \'' . $t_library_file_path . '\' not found.';
exit;
}
$t_new_globals = array_diff_key( get_defined_vars(), $GLOBALS, array( 't_new_globals' => 0 ) );
foreach ( $t_new_globals as $t_global_name => $t_global_value ) {
$GLOBALS[$t_global_name] = $t_global_value;
}
$s_libraries_included[$p_library_name] = 1;
}
}
/**
* Checks to see if script was queried through the HTTPS protocol
* @return boolean True if protocol is HTTPS
*/
function http_is_protocol_https() {
if( isset( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) ) {
return strtolower( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) == 'https';
}
if( !empty( $_SERVER['HTTPS'] ) && ( strtolower( $_SERVER['HTTPS'] ) != 'off' ) ) {
return true;
}
return false;
}
/**
* Define an autoload function to automatically load classes when referenced
*
* @param string $p_class Class name being autoloaded.
* @return void
*/
function autoload_mantis( $p_class ) {
global $g_core_path;
# Remove namespace from class name
$t_end_of_namespace = strrpos( $p_class, '\\' );
if( $t_end_of_namespace !== false ) {
$p_class = substr( $p_class, $t_end_of_namespace + 1 );
}
# Commands
if( substr( $p_class, -7 ) === 'Command' ) {
$t_require_path = $g_core_path . 'commands/' . $p_class . '.php';
if( file_exists( $t_require_path ) ) {
require_once( $t_require_path );
return;
}
}
# Exceptions
if( substr( $p_class, -9 ) === 'Exception' ) {
$t_require_path = $g_core_path . 'exceptions/' . $p_class . '.php';
if( file_exists( $t_require_path ) ) {
require_once( $t_require_path );
return;
}
}
global $g_class_path;
global $g_library_path;
$t_require_path = $g_class_path . $p_class . '.class.php';
if( file_exists( $t_require_path ) ) {
require_once( $t_require_path );
return;
}
$t_require_path = $g_library_path . 'rssbuilder' . DIRECTORY_SEPARATOR . 'class.' . $p_class . '.inc.php';
if( file_exists( $t_require_path ) ) {
require_once( $t_require_path );
return;
}
}
/**
* Ensures the given extension is loaded, dies with an error message if not.
*
* @param string $p_extension Extension name
* @param string $p_reason_message Justification for requiring the extension
* @return bool
*/
function ensure_php_extension_loaded( $p_extension, $p_reason_message ) {
if( extension_loaded( $p_extension ) ) {
return true;
}
/** @noinspection HtmlUnknownTarget */
printf( '<strong>FATAL ERROR: PHP <i>%1$s</i> extension is not enabled.</strong><br>'
. 'MantisBT requires this extension %2$s.<br>'
. '<a href="%3$s">%3$s</a>',
$p_extension,
$p_reason_message,
"https://www.php.net/manual/en/$p_extension.installation.php"
);
die;
}