2007-07-19 10:40:28 +00:00
|
|
|
<?php
|
2012-03-31 20:09:45 +13:00
|
|
|
|
2008-12-04 22:38:32 +00:00
|
|
|
/************************************************************************************
|
|
|
|
************************************************************************************
|
|
|
|
** **
|
|
|
|
** If you can read this text in your browser then you don't have PHP installed. **
|
2013-10-23 11:10:42 +03:00
|
|
|
** Please install PHP 5.3.3 or higher, preferably PHP 5.3.4+. **
|
2008-12-04 22:38:32 +00:00
|
|
|
** **
|
|
|
|
************************************************************************************
|
|
|
|
************************************************************************************/
|
|
|
|
|
2009-03-22 22:59:14 +00:00
|
|
|
/**
|
2012-04-12 18:02:46 +12:00
|
|
|
* @package framework
|
2009-03-22 22:59:14 +00:00
|
|
|
* @subpackage core
|
|
|
|
*/
|
2009-08-11 03:50:40 +00:00
|
|
|
|
2013-10-23 11:10:42 +03:00
|
|
|
if (version_compare(phpversion(), '5.3.3', '<')) {
|
2008-12-04 22:38:32 +00:00
|
|
|
header("HTTP/1.1 500 Server Error");
|
|
|
|
echo str_replace('$PHPVersion', phpversion(), file_get_contents("dev/install/php5-required.html"));
|
|
|
|
die();
|
|
|
|
}
|
|
|
|
|
2007-07-19 10:40:28 +00:00
|
|
|
/**
|
2008-01-09 04:18:36 +00:00
|
|
|
* Main file that handles every page request.
|
2008-02-25 02:10:37 +00:00
|
|
|
*
|
|
|
|
* The main.php does a number of set-up activities for the request.
|
2014-08-15 18:53:05 +12:00
|
|
|
*
|
|
|
|
* - Includes the first one of the following files that it finds: (root)/_ss_environment.php,
|
2008-08-10 23:29:30 +00:00
|
|
|
* (root)/../_ss_environment.php, or (root)/../../_ss_environment.php
|
2008-02-25 02:10:37 +00:00
|
|
|
* - Gets an up-to-date manifest from {@link ManifestBuilder}
|
|
|
|
* - Sets up error handlers with {@link Debug::loadErrorHandlers()}
|
2014-08-15 18:53:05 +12:00
|
|
|
* - Calls {@link DB::connect()}, passing it the global variable $databaseConfig that should
|
2009-03-22 22:59:14 +00:00
|
|
|
* be defined in an _config.php
|
2013-03-21 19:48:54 +01:00
|
|
|
* - Sets up the default director rules using {@link Director::$rules}
|
2014-08-15 18:53:05 +12:00
|
|
|
*
|
|
|
|
* After that, it calls {@link Director::direct()}, which is responsible for doing most of the
|
2008-08-10 23:29:30 +00:00
|
|
|
* real work.
|
2008-02-25 02:10:37 +00:00
|
|
|
*
|
|
|
|
* CONFIGURING THE WEBSERVER
|
|
|
|
*
|
2012-03-24 16:38:57 +13:00
|
|
|
* To use SilverStripe, every request that doesn't point directly to a file should be rewritten to
|
2014-08-15 18:53:05 +12:00
|
|
|
* framework/main.php?url=(url). For example, http://www.example.com/about-us/rss would be rewritten
|
2012-03-24 16:38:57 +13:00
|
|
|
* to http://www.example.com/framework/main.php?url=about-us/rss
|
2008-02-25 02:10:37 +00:00
|
|
|
*
|
2014-08-15 18:53:05 +12:00
|
|
|
* It's important that requests that point directly to a file aren't rewritten; otherwise, visitors
|
2008-08-10 23:29:30 +00:00
|
|
|
* won't be able to download any CSS, JS, image files, or other downloads.
|
2008-02-25 02:10:37 +00:00
|
|
|
*
|
|
|
|
* On Apache, RewriteEngine can be used to do this.
|
|
|
|
*
|
2012-04-12 18:02:46 +12:00
|
|
|
* @package framework
|
2008-02-25 02:10:37 +00:00
|
|
|
* @subpackage core
|
|
|
|
* @see Director::direct()
|
2007-07-19 10:40:28 +00:00
|
|
|
*/
|
|
|
|
|
2013-07-22 13:52:00 +12:00
|
|
|
/**
|
|
|
|
* Include the defines that set BASE_PATH, etc
|
|
|
|
*/
|
|
|
|
require_once('core/Constants.php');
|
|
|
|
|
2013-07-24 12:09:44 +12:00
|
|
|
// IIS will sometimes generate this.
|
|
|
|
if(!empty($_SERVER['HTTP_X_ORIGINAL_URL'])) {
|
|
|
|
$_SERVER['REQUEST_URI'] = $_SERVER['HTTP_X_ORIGINAL_URL'];
|
|
|
|
}
|
|
|
|
|
2016-10-16 17:48:41 +02:00
|
|
|
// Enable the entity loader to be able to load XML in Zend_Locale_Data
|
|
|
|
libxml_disable_entity_loader(false);
|
|
|
|
|
2013-07-22 13:52:00 +12:00
|
|
|
/**
|
|
|
|
* Figure out the request URL
|
|
|
|
*/
|
|
|
|
global $url;
|
|
|
|
|
2015-01-01 12:01:01 +13:00
|
|
|
// Helper to safely parse and load a querystring fragment
|
|
|
|
$parseQuery = function($query) {
|
|
|
|
parse_str($query, $_GET);
|
|
|
|
if ($_GET) $_REQUEST = array_merge((array)$_REQUEST, (array)$_GET);
|
|
|
|
};
|
|
|
|
|
|
|
|
// Apache rewrite rules and IIS use this
|
|
|
|
if (isset($_GET['url']) && php_sapi_name() !== 'cli-server') {
|
|
|
|
|
|
|
|
// Prevent injection of url= querystring argument by prioritising any leading url argument
|
|
|
|
if(isset($_SERVER['QUERY_STRING']) &&
|
|
|
|
preg_match('/^(?<url>url=[^&?]*)(?<query>.*[&?]url=.*)$/', $_SERVER['QUERY_STRING'], $results)
|
|
|
|
) {
|
|
|
|
$queryString = $results['query'].'&'.$results['url'];
|
|
|
|
$parseQuery($queryString);
|
2013-07-24 12:09:44 +12:00
|
|
|
}
|
|
|
|
|
2013-07-22 13:52:00 +12:00
|
|
|
$url = $_GET['url'];
|
2015-01-01 12:01:01 +13:00
|
|
|
|
2013-07-22 13:52:00 +12:00
|
|
|
// IIS includes get variables in url
|
|
|
|
$i = strpos($url, '?');
|
|
|
|
if($i !== false) {
|
|
|
|
$url = substr($url, 0, $i);
|
|
|
|
}
|
|
|
|
|
2015-01-01 12:01:01 +13:00
|
|
|
// Lighttpd and PHP 5.4's built-in webserver use this
|
2013-07-22 13:52:00 +12:00
|
|
|
} else {
|
2016-04-01 11:44:29 -07:00
|
|
|
// Get raw URL -- still needs to be decoded below (after parsing out query string).
|
2015-01-01 12:01:01 +13:00
|
|
|
$url = $_SERVER['REQUEST_URI'];
|
|
|
|
|
|
|
|
// Querystring args need to be explicitly parsed
|
|
|
|
if(strpos($url,'?') !== false) {
|
|
|
|
list($url, $query) = explode('?',$url,2);
|
|
|
|
$parseQuery($query);
|
|
|
|
}
|
|
|
|
|
2016-04-01 11:44:29 -07:00
|
|
|
// Decode URL now that it has been separated from query string.
|
|
|
|
$url = urldecode($url);
|
|
|
|
|
2015-01-01 12:01:01 +13:00
|
|
|
// Pass back to the webserver for files that exist
|
|
|
|
if(php_sapi_name() === 'cli-server' && file_exists(BASE_PATH . $url) && is_file(BASE_PATH . $url)) {
|
|
|
|
return false;
|
2013-07-22 13:52:00 +12:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Remove base folders from the URL if webroot is hosted in a subfolder
|
|
|
|
if (substr(strtolower($url), 0, strlen(BASE_URL)) == strtolower(BASE_URL)) $url = substr($url, strlen(BASE_URL));
|
2008-02-25 02:10:37 +00:00
|
|
|
|
|
|
|
/**
|
2012-03-24 16:38:57 +13:00
|
|
|
* Include SilverStripe's core code
|
2008-02-25 02:10:37 +00:00
|
|
|
*/
|
2018-09-26 17:33:32 +01:00
|
|
|
require_once('core/startup/ConfirmationTokenChain.php');
|
2013-07-18 17:09:21 +12:00
|
|
|
require_once('core/startup/ErrorControlChain.php');
|
|
|
|
require_once('core/startup/ParameterConfirmationToken.php');
|
2018-09-26 17:33:32 +01:00
|
|
|
require_once('core/startup/URLConfirmationToken.php');
|
2007-07-19 10:40:28 +00:00
|
|
|
|
2014-07-01 19:07:13 +12:00
|
|
|
// Prepare tokens and execute chain
|
2018-09-26 17:33:32 +01:00
|
|
|
$confirmationTokenChain = new ConfirmationTokenChain();
|
|
|
|
$confirmationTokenChain->pushToken(new URLConfirmationToken('dev/build'));
|
|
|
|
|
|
|
|
foreach (array('isTest', 'isDev', 'flush') as $parameter) {
|
|
|
|
$confirmationTokenChain->pushToken(new ParameterConfirmationToken($parameter));
|
|
|
|
}
|
|
|
|
|
2013-07-18 17:09:21 +12:00
|
|
|
$chain = new ErrorControlChain();
|
|
|
|
$chain
|
2018-09-26 17:33:32 +01:00
|
|
|
->then(function($chain) use ($confirmationTokenChain) {
|
|
|
|
if ($confirmationTokenChain->suppressionRequired()) {
|
|
|
|
$confirmationTokenChain->suppressTokens();
|
|
|
|
} else {
|
|
|
|
// If no redirection is necessary then we can disable error supression
|
|
|
|
$chain->setSuppression(false);
|
|
|
|
}
|
2007-10-02 04:59:06 +00:00
|
|
|
|
2013-07-22 13:52:00 +12:00
|
|
|
// Load in core
|
|
|
|
require_once('core/Core.php');
|
2007-07-19 10:40:28 +00:00
|
|
|
|
2013-07-22 13:52:00 +12:00
|
|
|
// Connect to database
|
2013-07-18 17:09:21 +12:00
|
|
|
require_once('model/DB.php');
|
|
|
|
global $databaseConfig;
|
|
|
|
if ($databaseConfig) DB::connect($databaseConfig);
|
2014-08-15 18:53:05 +12:00
|
|
|
|
2014-07-01 19:07:13 +12:00
|
|
|
// Check if a token is requesting a redirect
|
2018-09-26 17:33:32 +01:00
|
|
|
if (!$confirmationTokenChain->reloadRequired()) return;
|
2014-08-15 18:53:05 +12:00
|
|
|
|
2014-07-01 19:07:13 +12:00
|
|
|
// Otherwise, we start up the session if needed
|
|
|
|
if(!isset($_SESSION) && Session::request_contains_session_id()) {
|
|
|
|
Session::start();
|
|
|
|
}
|
2014-08-15 18:53:05 +12:00
|
|
|
|
2014-07-01 19:07:13 +12:00
|
|
|
// Next, check if we're in dev mode, or the database doesn't have any security data, or we are admin
|
|
|
|
if (Director::isDev() || !Security::database_is_ready() || Permission::check('ADMIN')) {
|
2018-09-26 17:33:32 +01:00
|
|
|
return $confirmationTokenChain->reloadWithToken();
|
2013-07-18 17:09:21 +12:00
|
|
|
}
|
2014-07-01 19:07:13 +12:00
|
|
|
|
|
|
|
// Fail and redirect the user to the login page
|
2018-09-26 17:33:32 +01:00
|
|
|
$params = array_merge($_GET, $confirmationTokenChain->params(false));
|
|
|
|
if (isset($params['url'])) {
|
|
|
|
unset($params['url']);
|
|
|
|
}
|
|
|
|
$backURL = $confirmationTokenChain->getRedirectUrlBase() . '?' . http_build_query($params);
|
|
|
|
$loginPage = Director::absoluteURL(Security::config()->get('login_url'));
|
|
|
|
$loginPage .= "?BackURL=" . urlencode($backURL);
|
2014-07-01 19:07:13 +12:00
|
|
|
header('location: '.$loginPage, true, 302);
|
|
|
|
die;
|
2013-07-18 17:09:21 +12:00
|
|
|
})
|
2014-07-01 19:07:13 +12:00
|
|
|
// Finally if a token was requested but there was an error while figuring out if it's allowed, do it anyway
|
2018-09-26 17:33:32 +01:00
|
|
|
->thenIfErrored(function() use ($confirmationTokenChain){
|
|
|
|
if ($confirmationTokenChain->reloadRequired()) {
|
|
|
|
$confirmationTokenChain->reloadWithToken();
|
2013-07-18 17:09:21 +12:00
|
|
|
}
|
|
|
|
})
|
|
|
|
->execute();
|
2007-07-19 10:40:28 +00:00
|
|
|
|
2012-09-21 19:56:56 +12:00
|
|
|
global $databaseConfig;
|
|
|
|
|
2008-11-18 01:48:37 +00:00
|
|
|
// Redirect to the installer if no database is selected
|
|
|
|
if(!isset($databaseConfig) || !isset($databaseConfig['database']) || !$databaseConfig['database']) {
|
2011-10-29 10:31:58 +13:00
|
|
|
if(!file_exists(BASE_PATH . '/install.php')) {
|
2014-08-18 09:12:26 +01:00
|
|
|
header($_SERVER['SERVER_PROTOCOL'] . " 500 Server Error");
|
2011-10-29 10:31:58 +13:00
|
|
|
die('SilverStripe Framework requires a $databaseConfig defined.');
|
|
|
|
}
|
2009-01-05 06:19:48 +00:00
|
|
|
$s = (isset($_SERVER['SSL']) || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off')) ? 's' : '';
|
2010-04-14 03:47:37 +00:00
|
|
|
$installURL = "http$s://" . $_SERVER['HTTP_HOST'] . BASE_URL . '/install.php';
|
2013-07-18 17:09:21 +12:00
|
|
|
|
2010-04-14 03:46:40 +00:00
|
|
|
// The above dirname() will equate to "\" on Windows when installing directly from http://localhost (not using
|
|
|
|
// a sub-directory), this really messes things up in some browsers. Let's get rid of the backslashes
|
|
|
|
$installURL = str_replace('\\', '', $installURL);
|
2013-07-18 17:09:21 +12:00
|
|
|
|
2008-11-18 01:48:37 +00:00
|
|
|
header("Location: $installURL");
|
|
|
|
die();
|
|
|
|
}
|
|
|
|
|
2007-07-19 10:40:28 +00:00
|
|
|
// Direct away - this is the "main" function, that hands control to the appropriate controller
|
2011-05-01 17:33:02 +12:00
|
|
|
DataModel::set_inst(new DataModel());
|
2012-09-11 11:49:42 +12:00
|
|
|
Director::direct($url, DataModel::inst());
|