449 lines
18 KiB
PHP
449 lines
18 KiB
PHP
<?php
|
|
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
|
|
# All rights reserved. See LICENSE file for licensing details
|
|
|
|
if (defined('S9Y_FRAMEWORK')) {
|
|
return;
|
|
}
|
|
|
|
@define('S9Y_FRAMEWORK', true);
|
|
if (!headers_sent() && php_sapi_name() !== 'cli') {
|
|
// Only set the session name, if no session has yet been issued.
|
|
if (session_id() == '') {
|
|
$secure = (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on');
|
|
if (PHP_VERSION_ID >= 70300) {
|
|
session_set_cookie_params(array("secure"=>$secure, "httponly"=>true, "samesite"=>"Lax"));
|
|
} else {
|
|
// Support for PHP before 7.3, can be removed at some point
|
|
session_set_cookie_params(0, '/', '', $secure, true);
|
|
}
|
|
session_name('s9y_' . md5(dirname(__FILE__)));
|
|
session_start();
|
|
}
|
|
|
|
// Prevent session fixation by only allowing sessions that have been sent by the server.
|
|
// Any session that does not contain our unique token will be regarded as foreign/fixated
|
|
// and be regenerated with a system-generated SID.
|
|
// Patch by David Vieira-Kurz of majorsecurity.de
|
|
if (!isset($_SESSION['SERVER_GENERATED_SID'])) {
|
|
session_regenerate_id(true);
|
|
@session_start();
|
|
header('X-Session-Reinit: true');
|
|
$_SESSION['SERVER_GENERATED_SID'] = $_SERVER['REMOTE_ADDR'] . $_SERVER['QUERY_STRING'];
|
|
}
|
|
}
|
|
|
|
if (!defined('S9Y_INCLUDE_PATH')) {
|
|
define('S9Y_INCLUDE_PATH', dirname(__FILE__) . '/');
|
|
}
|
|
define('S9Y_CONFIG_TEMPLATE', S9Y_INCLUDE_PATH . 'include/tpl/config_local.inc.php');
|
|
define('S9Y_CONFIG_USERTEMPLATE', S9Y_INCLUDE_PATH . 'include/tpl/config_personal.inc.php');
|
|
|
|
define('IS_installed', file_exists('serendipity_config_local.inc.php') && (filesize('serendipity_config_local.inc.php') > 0));
|
|
|
|
if (!defined('IN_serendipity')) {
|
|
define('IN_serendipity', true);
|
|
}
|
|
|
|
include(S9Y_INCLUDE_PATH . 'include/compat.inc.php');
|
|
if (defined('USE_MEMSNAP')) {
|
|
echo memSnap('Framework init');
|
|
}
|
|
|
|
// The version string
|
|
$serendipity['version'] = '3.0-beta';
|
|
|
|
|
|
// Setting this to 'false' will enable debugging output. All alpha/beta/cvs snapshot versions will emit debug information by default. To increase the debug level (to enable Smarty debugging), set this flag to 'debug'.
|
|
if (!isset($serendipity['production'])) {
|
|
$serendipity['production'] = ! preg_match('@\-(alpha|cvs).*@', $serendipity['version']);
|
|
}
|
|
|
|
// Default rewrite method
|
|
$serendipity['rewrite'] = 'none';
|
|
|
|
// Message container
|
|
$serendipity['messagestack'] = array();
|
|
|
|
// Can the user change the date of publishing for an entry?
|
|
$serendipity['allowDateManipulation'] = true;
|
|
|
|
// How much time is allowed to pass since the publising of an entry, so that a comment to that entry
|
|
// will update it's LastModified stamp? If the time is passed, a comment to an old entry will no longer
|
|
// push an article as being updated.
|
|
$serendipity['max_last_modified'] = 60 * 60 * 24 * 7;
|
|
|
|
// Clients can send a If-Modified Header to the RSS Feed (Conditional Get) and receive all articles beyond
|
|
// that date. However it is still limited by the number below of maximum entries
|
|
$serendipity['max_fetch_limit'] = 50;
|
|
|
|
// How many bytes are allowed for fetching trackbacks, so that no binary files get accidentally trackbacked?
|
|
$serendipity['trackback_filelimit'] = 150 * 1024;
|
|
|
|
// Allow "Access-Control-Allow-Origin: *" to be used in sensible locations (RSS feed)
|
|
$serendipity['cors'] = false;
|
|
|
|
if (!isset($serendipity['fetchLimit'])) {
|
|
$serendipity['fetchLimit'] = 15;
|
|
}
|
|
|
|
if (!isset($serendipity['RSSfetchLimit'])) {
|
|
$serendipity['RSSfetchLimit'] = 15;
|
|
}
|
|
|
|
if (!isset($serendipity['mediaProperties'])) {
|
|
$serendipity['mediaProperties'] = 'DPI;COPYRIGHT;TITLE;COMMENT1:MULTI;COMMENT2:MULTI;ALT';
|
|
}
|
|
|
|
if (!isset($serendipity['use_PEAR'])) {
|
|
$serendipity['use_PEAR'] = true;
|
|
}
|
|
|
|
if (!isset($serendipity['useHTTP-Auth'])) {
|
|
$serendipity['useHTTP-Auth'] = true;
|
|
}
|
|
|
|
if (!isset($serendipity['CacheControl'])) {
|
|
$serendipity['CacheControl'] = true;
|
|
}
|
|
|
|
if (!isset($serendipity['expose_s9y'])) {
|
|
$serendipity['expose_s9y'] = true;
|
|
}
|
|
|
|
// If set to true (in serendipity_config_local.inc.php) this prevents using imap_8bit
|
|
// functions to send a mail, and use base64 encoding instead
|
|
if (!isset($serendipity['forceBase64'])) {
|
|
$serendipity['forceBase64'] = false;
|
|
}
|
|
|
|
// Should IFRAMEs be used for previewing entries and sending trackbacks?
|
|
$serendipity['use_iframe'] = true;
|
|
|
|
// Default language for autodetection
|
|
$serendipity['autolang'] = 'en';
|
|
|
|
// Name of folder for the default theme
|
|
$serendipity['defaultTemplate'] = '2k11';
|
|
|
|
// Default backend theme
|
|
if (!isset($serendipity['template_backend'])) {
|
|
$serendipity['template_backend'] = '2k11';
|
|
}
|
|
|
|
// The default page title of backend pages is "section | blog title | SERENDIPITY_ADMIN_SUITE"
|
|
// If set to true (in serendipity_config_local.inc.php), the page title will be
|
|
// "blog title | section | SERENDIPITY_ADMIN_SUITE" instead
|
|
if (!isset($serendipity['backendBlogtitleFirst'])) {
|
|
$serendipity['backendBlogtitleFirst'] = false;
|
|
}
|
|
|
|
// Dashboard: set number of comments and drafts / future entries to be shown
|
|
if (!isset($serendipity['dashboardCommentsLimit'])) {
|
|
$serendipity['dashboardCommentsLimit'] = 5;
|
|
}
|
|
|
|
if (!isset($serendipity['dashboardEntriesLimit'])) {
|
|
$serendipity['dashboardEntriesLimit'] = 5;
|
|
}
|
|
|
|
// Available languages
|
|
if (!isset($serendipity['languages'])) {
|
|
$serendipity['languages'] = array('en' => 'English',
|
|
'de' => 'Deutsch',
|
|
'da' => 'Dansk',
|
|
'es' => 'Español',
|
|
'fr' => 'Français',
|
|
'fi' => 'Suomalainen',
|
|
'cs' => 'čeština (Win-1250)',
|
|
'cz' => 'čeština (ISO-8859-2)',
|
|
'sk' => 'Slovenský',
|
|
'nl' => 'Nederlands',
|
|
'is' => 'Íslensku',
|
|
'tr' => 'Türk',
|
|
'se' => 'svenska',
|
|
'pt' => 'português brasileiro',
|
|
'pt_PT' => 'português europeu',
|
|
'bg' => 'Български',
|
|
'hu' => 'magyar',
|
|
'no' => 'norsk',
|
|
'pl' => 'polski',
|
|
'ro' => 'limba română',
|
|
'it' => 'italiano',
|
|
'ru' => 'Русский язык',
|
|
'fa' => 'Fārsī',
|
|
'tw' => '正體字/繁體字 (Big5)',
|
|
'tn' => '正體字/繁體字 (UTF-8)',
|
|
'zh' => '简化字 (GB2312)',
|
|
'cn' => '简化字 (UTF-8)',
|
|
'ja' => '日本語',
|
|
'ko' => '한국어, 조선말',
|
|
'sa' => 'العربية',
|
|
'ta' => 'தமிழ்');
|
|
}
|
|
|
|
// Available Calendars
|
|
$serendipity['calendars'] = array('gregorian' => 'Gregorian',
|
|
'persian-utf8' => 'Persian (utf8)');
|
|
// Load main language file
|
|
// if installed === false language autodetect or 'en', else nothing happens
|
|
// because serendipity['lang'] is not defined yet
|
|
include($serendipity['serendipityPath'] . 'include/lang.inc.php');
|
|
|
|
$serendipity['charsets'] = array(
|
|
'UTF-8/' => 'UTF-8',
|
|
'' => (defined('CHARSET_NATIVE') ? CHARSET_NATIVE : 'CHARSET_NATIVE')
|
|
);
|
|
|
|
@define('PATH_SMARTY_COMPILE', 'templates_c'); // will be placed inside the template directory
|
|
@define('USERLEVEL_ADMIN', 255);
|
|
@define('USERLEVEL_CHIEF', 1);
|
|
@define('USERLEVEL_EDITOR', 0);
|
|
|
|
@define('VIEWMODE_THREADED', 'threaded');
|
|
@define('VIEWMODE_LINEAR', 'linear');
|
|
|
|
// Kill the script if we are not installed, and not inside the installer
|
|
if ( !defined('IN_installer') && IS_installed === false ) {
|
|
header('Status: 302 Found');
|
|
header('X-RequireInstall: 1');
|
|
header('Location: ' . (strtolower($_SERVER['HTTPS']) == 'on' ? 'https://' : 'http://') . $_SERVER['HTTP_HOST'] . str_replace('\\', '/', dirname($_SERVER['PHP_SELF'])) . '/serendipity_admin.php');
|
|
serendipity_die(sprintf(SERENDIPITY_NOT_INSTALLED, 'serendipity_admin.php'));
|
|
}
|
|
|
|
// Do the PEAR dance. If $serendipity['use_PEAR'] is set to FALSE, Serendipity will first put its own PEAR include path.
|
|
// By default, a local PEAR will be used.
|
|
$old_include = @get_include_path();
|
|
$new_include = ($serendipity['use_PEAR'] ? $old_include . PATH_SEPARATOR : '')
|
|
. S9Y_INCLUDE_PATH . 'bundled-libs/' . PATH_SEPARATOR
|
|
. $serendipity['serendipityPath'] . PATH_SEPARATOR
|
|
. (!$serendipity['use_PEAR'] ? $old_include . PATH_SEPARATOR : '');
|
|
$use_include = @set_include_path($new_include);
|
|
|
|
if ($use_include !== false && $use_include == $new_include) {
|
|
@define('S9Y_PEAR', true);
|
|
@define('S9Y_PEAR_PATH', '');
|
|
} else {
|
|
@define('S9Y_PEAR', false);
|
|
@define('S9Y_PEAR_PATH', S9Y_INCLUDE_PATH . 'bundled-libs/');
|
|
}
|
|
// PEAR path setup inclusion finished
|
|
|
|
if (defined('IN_installer') && IS_installed === false) {
|
|
$serendipity['lang'] = $serendipity['autolang'];
|
|
$css_mode = 'serendipity_admin.css';
|
|
return 1;
|
|
}
|
|
|
|
/*
|
|
* Load DB configuration information
|
|
* Load Functions
|
|
* Make sure that the file included is in the current directory and not any possible
|
|
* include path
|
|
*/
|
|
if (!defined('S9Y_DATA_PATH') && file_exists(dirname(__FILE__) . '/serendipity_config_local.inc.php')) {
|
|
$local_config = dirname(__FILE__) . '/serendipity_config_local.inc.php';
|
|
} elseif (@file_exists($_SERVER['DOCUMENT_ROOT'] . dirname($_SERVER['PHP_SELF']) . '/serendipity_config_local.inc.php')) {
|
|
$local_config = $_SERVER['DOCUMENT_ROOT'] . dirname($_SERVER['PHP_SELF']) . '/serendipity_config_local.inc.php';
|
|
} elseif (defined('S9Y_DATA_PATH')) {
|
|
// Shared installation!
|
|
$local_config = S9Y_DATA_PATH . '/serendipity_config_local.inc.php';
|
|
} elseif (@file_exists($serendipity['serendipityPath'] . '/serendipity_config_local.inc.php')) {
|
|
$local_config = $serendipity['serendipityPath'] . '/serendipity_config_local.inc.php';
|
|
} else {
|
|
// Installation fallback
|
|
$local_config = S9Y_INCLUDE_PATH . '/serendipity_config_local.inc.php';
|
|
}
|
|
|
|
if (!is_readable($local_config)) {
|
|
$serendipity['lang'] = 'en';
|
|
include(S9Y_INCLUDE_PATH . 'include/lang.inc.php');
|
|
serendipity_die(sprintf(INCLUDE_ERROR . '<br />' . FILE_CREATE_YOURSELF, $local_config));
|
|
}
|
|
|
|
include($local_config);
|
|
|
|
define('IS_up2date', version_compare($serendipity['version'], $serendipity['versionInstalled'], '<='));
|
|
|
|
// Include main functions
|
|
include(S9Y_INCLUDE_PATH . 'include/functions.inc.php');
|
|
|
|
if (serendipity_FUNCTIONS_LOADED !== true) {
|
|
$serendipity['lang'] = 'en';
|
|
include(S9Y_INCLUDE_PATH . 'include/lang.inc.php');
|
|
serendipity_die(sprintf(INCLUDE_ERROR . '<br />' . FILE_CREATE_YOURSELF, 'include/functions.inc.php'));
|
|
}
|
|
|
|
// Attempt to connect to the database
|
|
if (!serendipity_db_connect()) {
|
|
$serendipity['lang'] = 'en';
|
|
include(S9Y_INCLUDE_PATH . 'include/lang.inc.php');
|
|
if (is_object($serendipity['logger'])) $serendipity['logger']->critical(DATABASE_ERROR);
|
|
serendipity_die(DATABASE_ERROR);
|
|
}
|
|
|
|
// Load Configuration options from the database
|
|
|
|
if (defined('USE_MEMSNAP')) {
|
|
echo memSnap('Framework init');
|
|
}
|
|
|
|
serendipity_load_configuration();
|
|
$serendipity['lang'] = serendipity_getSessionLanguage();
|
|
|
|
serendipity_initLog();
|
|
|
|
if ( (isset($serendipity['autodetect_baseURL']) && serendipity_db_bool($serendipity['autodetect_baseURL'])) ||
|
|
(isset($serendipity['embed']) && serendipity_db_bool($serendipity['embed'])) ) {
|
|
$serendipity['baseURL'] = 'http' . (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' ? 's' : '') . '://' . $_SERVER['HTTP_HOST'] . (!strstr($_SERVER['HTTP_HOST'], ':') && !empty($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] != '80' && $_SERVER['SERVER_PORT'] != '443' ? ':' . $_SERVER['SERVER_PORT'] : '') . $serendipity['serendipityHTTPPath'];
|
|
}
|
|
|
|
// If a user is logged in, fetch his preferences. He possibly wants to have a different language
|
|
if (IS_installed === true && php_sapi_name() !== 'cli') {
|
|
// Import HTTP auth (mostly used for RSS feeds)
|
|
if ($serendipity['useHTTP-Auth'] && (isset($_REQUEST['http_auth']) || isset($_SERVER['PHP_AUTH_USER']))) {
|
|
if (!isset($_SERVER['PHP_AUTH_USER'])) {
|
|
header("WWW-Authenticate: Basic realm=\"Feed Login\"");
|
|
header("HTTP/1.0 401 Unauthorized");
|
|
header("Status: 401 Unauthorized");
|
|
exit;
|
|
} else {
|
|
if (!isset($serendipity['POST']['user'])) {
|
|
$serendipity['POST']['user'] = $_SERVER['PHP_AUTH_USER'];
|
|
}
|
|
if (!isset($serendipity['POST']['pass'])) {
|
|
$serendipity['POST']['pass'] = $_SERVER['PHP_AUTH_PW'];
|
|
}
|
|
}
|
|
} elseif (isset($_REQUEST['http_auth_user']) && isset($_REQUEST['http_auth_pw'])) {
|
|
$serendipity['POST']['user'] = $_REQUEST['http_auth_user'];
|
|
$serendipity['POST']['pass'] = $_REQUEST['http_auth_pw'];
|
|
}
|
|
|
|
serendipity_login(false);
|
|
}
|
|
|
|
if (isset($_SESSION['serendipityAuthorid'])) {
|
|
serendipity_load_configuration($_SESSION['serendipityAuthorid']);
|
|
// load_configuration overwrites $serendipity['lang'], so roll back if another language was detected
|
|
// in the backend should always the user language be shown
|
|
// in the frontend logged in same as any other user, exept with fallback to user instead of default
|
|
$serendipity['lang'] = serendipity_getPostAuthSessionLanguage();
|
|
}
|
|
|
|
// Ensure that these limits do not contain strings and have positive values
|
|
$serendipity['fetchLimit'] = (int)$serendipity['fetchLimit'];
|
|
if ($serendipity['fetchLimit'] < 1) $serendipity['fetchLimit'] = 1;
|
|
$serendipity['RSSfetchLimit'] = (int)$serendipity['RSSfetchLimit'];
|
|
if ($serendipity['RSSfetchLimit'] < 1) $serendipity['RSSfetchLimit'] = 1;
|
|
|
|
// Try to fix some path settings. It seems common users have this setting wrong
|
|
// when s9y is installed into the root directory, especially 0.7.1 upgrade users.
|
|
if (empty($serendipity['serendipityHTTPPath'])) {
|
|
$serendipity['serendipityHTTPPath'] = '/';
|
|
}
|
|
|
|
// Changing this is NOT recommended, rewrite rules does not take them into account - yet
|
|
serendipity_initPermalinks();
|
|
|
|
// Apply constants/definitions from custom permalinks
|
|
serendipity_permalinkPatterns();
|
|
|
|
// Load main language file again, because now we have the preferred language
|
|
include(S9Y_INCLUDE_PATH . 'include/lang.inc.php');
|
|
|
|
// Reset charset definition now that final language is known
|
|
$serendipity['charsets'] = array(
|
|
'UTF-8/' => 'UTF-8',
|
|
'' => (defined('CHARSET_NATIVE') ? CHARSET_NATIVE : 'CHARSET_NATIVE')
|
|
);
|
|
|
|
// Set current locale, if any has been defined
|
|
if (defined('DATE_LOCALES')) {
|
|
$locales = explode(',', DATE_LOCALES);
|
|
foreach ($locales as $locale) {
|
|
$locale = trim($locale);
|
|
if (setlocale(LC_TIME, $locale) == $locale) {
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
if (function_exists('date_default_timezone_set')) {
|
|
if(isset($serendipity['useServerOffset']) && $serendipity['useServerOffset']==false) {
|
|
date_default_timezone_set('UTC');
|
|
}
|
|
}
|
|
|
|
// Create array of permission levels, with descriptions
|
|
$serendipity['permissionLevels'] = array(USERLEVEL_EDITOR => USERLEVEL_EDITOR_DESC,
|
|
USERLEVEL_CHIEF => USERLEVEL_CHIEF_DESC,
|
|
USERLEVEL_ADMIN => USERLEVEL_ADMIN_DESC);
|
|
|
|
// Some stuff...
|
|
if (!isset($_SESSION['serendipityAuthedUser'])) {
|
|
$_SESSION['serendipityAuthedUser'] = false;
|
|
}
|
|
|
|
if (isset($_SESSION['serendipityUser'])) {
|
|
$serendipity['user'] = $_SESSION['serendipityUser'];
|
|
}
|
|
|
|
# && maintenanceMode is on
|
|
//if ( {
|
|
if (($_SESSION['serendipityAuthedUser'] === false) && (serendipity_db_bool(serendipity_get_config_var("maintenanceMode", false)) === true) && time() < serendipity_get_config_var("maintenanceModeEnd", 0)) {
|
|
header('HTTP/1.1 503 Service Unavailable');
|
|
serendipity_die("Maintenance mode is on, please check back later");
|
|
}
|
|
|
|
// Redirect to the upgrader
|
|
if (IS_up2date === false && !defined('IN_upgrader')) {
|
|
if (preg_match(PAT_CSS, $_SERVER['REQUEST_URI'], $matches)) {
|
|
$css_mode = 'serendipity_admin.css';
|
|
return 1;
|
|
}
|
|
if (preg_match('@/(serendipity_editor\.js$)@', $_SERVER['REQUEST_URI'], $matches)) {
|
|
return 1;
|
|
}
|
|
serendipity_die(sprintf(SERENDIPITY_NEEDS_UPGRADE, $serendipity['versionInstalled'], $serendipity['version'], $serendipity['serendipityHTTPPath'] . 'serendipity_admin.php'));
|
|
}
|
|
|
|
// We don't care who tells us what to do
|
|
if (!isset($serendipity['GET']['action'])) {
|
|
$serendipity['GET']['action'] = (isset($serendipity['POST']['action']) ? $serendipity['POST']['action'] : '');
|
|
}
|
|
|
|
if (!isset($serendipity['GET']['adminAction'])) {
|
|
$serendipity['GET']['adminAction'] = (isset($serendipity['POST']['adminAction']) ? $serendipity['POST']['adminAction'] : '');
|
|
}
|
|
|
|
// Make sure this variable is always properly sanitized. Previously in compat.inc.php, but there LANG_CHARSET was not defined.
|
|
if (isset($serendipity['GET']['searchTerm'])) {
|
|
$serendipity['GET']['searchTerm'] = (is_string($serendipity['GET']['searchTerm']) ? serendipity_specialchars(strip_tags($serendipity['GET']['searchTerm'])) : '');
|
|
}
|
|
|
|
if (isset($_SESSION['serendipityEmail'])) {
|
|
$serendipity['email'] = $_SESSION['serendipityEmail'];
|
|
}
|
|
|
|
if (defined('IN_serendipity_admin') && !isset($serendipity['use_autosave'])) {
|
|
$serendipity['use_autosave'] = true;
|
|
}
|
|
|
|
if (!isset($serendipity['useInternalCache'])) {
|
|
$serendipity['useInternalCache'] = true;
|
|
}
|
|
|
|
// You can set parameters which ImageMagick should use to generate the thumbnails
|
|
// by default, thumbs will get a little more brightness and saturation (modulate)
|
|
// an unsharp-mask (unsharp)
|
|
// and quality-compression of 75% (default would be to use quality of original image)
|
|
if (!isset($serendipity['imagemagick_thumb_parameters'])) {
|
|
$serendipity['imagemagick_thumb_parameters'] = '';
|
|
// Set a variable like below in your serendpity_config_local.inc.php
|
|
//$serendipity['imagemagick_thumb_parameters'] = '-modulate 105,140 -unsharp 0.5x0.5+1.0 -quality 75';
|
|
}
|
|
|
|
serendipity_plugin_api::hook_event('frontend_configure', $serendipity);
|
|
|
|
/* vim: set sts=4 ts=4 expandtab : */
|