| Index: trunk/phase3/includes/GlobalFunctions.php |
| — | — | @@ -1773,6 +1773,37 @@ |
| 1774 | 1774 | } |
| 1775 | 1775 | |
| 1776 | 1776 | /** |
| | 1777 | + * Safety wrapper around ini_get() for boolean settings. |
| | 1778 | + * The values returned from ini_get() are pre-normalized for settings |
| | 1779 | + * set via php.ini or php_flag/php_admin_flag... but *not* |
| | 1780 | + * for those set via php_value/php_admin_value. |
| | 1781 | + * |
| | 1782 | + * It's fairly common for people to use php_value instead of php_flag, |
| | 1783 | + * which can leave you with an 'off' setting giving a false positive |
| | 1784 | + * for code that just takes the ini_get() return value as a boolean. |
| | 1785 | + * |
| | 1786 | + * To make things extra interesting, setting via php_value accepts |
| | 1787 | + * "true" as true, but php.ini and php_flag consider it false. :) |
| | 1788 | + * Unrecognized values go false... again opposite PHP's own coercion |
| | 1789 | + * from string to bool. |
| | 1790 | + * |
| | 1791 | + * Luckily, 'properly' set settings will always come back as '0' or '1', |
| | 1792 | + * so we only have to worry about them and the 'improper' settings. |
| | 1793 | + * |
| | 1794 | + * I frickin' hate PHP... :P |
| | 1795 | + * |
| | 1796 | + * @param string $setting |
| | 1797 | + * @return bool |
| | 1798 | + */ |
| | 1799 | +function wfIniGetBool( $setting ) { |
| | 1800 | + $val = ini_get( $setting ); |
| | 1801 | + // 'on' and 'true' can't have whitespace around them, but '1' can. |
| | 1802 | + return trim( $val ) == '1' |
| | 1803 | + || strtolower( $val ) == 'on' |
| | 1804 | + || strtolower( $val ) == 'true'; |
| | 1805 | +} |
| | 1806 | + |
| | 1807 | +/** |
| 1777 | 1808 | * Execute a shell command, with time and memory limits mirrored from the PHP |
| 1778 | 1809 | * configuration if supported. |
| 1779 | 1810 | * @param $cmd Command line, properly escaped for shell. |
| — | — | @@ -1783,7 +1814,7 @@ |
| 1784 | 1815 | function wfShellExec( $cmd, &$retval=null ) { |
| 1785 | 1816 | global $IP, $wgMaxShellMemory, $wgMaxShellFileSize; |
| 1786 | 1817 | |
| 1787 | | - if( ini_get( 'safe_mode' ) ) { |
| | 1818 | + if( wfIniGetBool( 'safe_mode' ) ) { |
| 1788 | 1819 | wfDebug( "wfShellExec can't run in safe_mode, PHP's exec functions are too broken.\n" ); |
| 1789 | 1820 | $retval = 1; |
| 1790 | 1821 | return "Unable to run external programs in safe mode."; |
| Index: trunk/phase3/includes/Setup.php |
| — | — | @@ -198,7 +198,7 @@ |
| 199 | 199 | |
| 200 | 200 | # If session.auto_start is there, we can't touch session name |
| 201 | 201 | # |
| 202 | | -if( !ini_get( 'session.auto_start' ) ) |
| | 202 | +if( !wfIniGetBool( 'session.auto_start' ) ) |
| 203 | 203 | session_name( $wgSessionName ? $wgSessionName : $wgCookiePrefix . '_session' ); |
| 204 | 204 | |
| 205 | 205 | if( !$wgCommandLineMode && ( $wgRequest->checkSessionCookie() || isset( $_COOKIE[$wgCookiePrefix.'Token'] ) ) ) { |
| Index: trunk/phase3/install-utils.inc |
| — | — | @@ -135,6 +135,6 @@ |
| 136 | 136 | function mw_have_dl() { |
| 137 | 137 | return function_exists( 'dl' ) |
| 138 | 138 | && is_callable( 'dl' ) |
| 139 | | - && ini_get( 'enable_dl' ) |
| 140 | | - && !ini_get( 'safe_mode' ); |
| | 139 | + && wfIniGetBool( 'enable_dl' ) |
| | 140 | + && !wfIniGetBool( 'safe_mode' ); |
| 141 | 141 | } |
| \ No newline at end of file |
| Index: trunk/phase3/config/index.php |
| — | — | @@ -325,7 +325,7 @@ |
| 326 | 326 | } |
| 327 | 327 | print "</li>\n"; |
| 328 | 328 | |
| 329 | | -if( ini_get( "register_globals" ) ) { |
| | 329 | +if( wfIniGetBool( "register_globals" ) ) { |
| 330 | 330 | ?> |
| 331 | 331 | <li> |
| 332 | 332 | <div style="font-size:110%"> |
| — | — | @@ -339,7 +339,7 @@ |
| 340 | 340 | |
| 341 | 341 | $fatal = false; |
| 342 | 342 | |
| 343 | | -if( ini_get( "magic_quotes_runtime" ) ) { |
| | 343 | +if( wfIniGetBool( "magic_quotes_runtime" ) ) { |
| 344 | 344 | $fatal = true; |
| 345 | 345 | ?><li class='error'><strong>Fatal: <a href='http://www.php.net/manual/en/ref.info.php#ini.magic-quotes-runtime'>magic_quotes_runtime</a> is active!</strong> |
| 346 | 346 | This option corrupts data input unpredictably; you cannot install or use |
| — | — | @@ -347,7 +347,7 @@ |
| 348 | 348 | <?php |
| 349 | 349 | } |
| 350 | 350 | |
| 351 | | -if( ini_get( "magic_quotes_sybase" ) ) { |
| | 351 | +if( wfIniGetBool( "magic_quotes_sybase" ) ) { |
| 352 | 352 | $fatal = true; |
| 353 | 353 | ?><li class='error'><strong>Fatal: <a href='http://www.php.net/manual/en/ref.sybase.php#ini.magic-quotes-sybase'>magic_quotes_sybase</a> is active!</strong> |
| 354 | 354 | This option corrupts data input unpredictably; you cannot install or use |
| — | — | @@ -355,7 +355,7 @@ |
| 356 | 356 | <?php |
| 357 | 357 | } |
| 358 | 358 | |
| 359 | | -if( ini_get( "mbstring.func_overload" ) ) { |
| | 359 | +if( wfIniGetBool( "mbstring.func_overload" ) ) { |
| 360 | 360 | $fatal = true; |
| 361 | 361 | ?><li class='error'><strong>Fatal: <a href='http://www.php.net/manual/en/ref.mbstring.php#mbstring.overload'>mbstring.func_overload</a> is active!</strong> |
| 362 | 362 | This option causes errors and may corrupt data unpredictably; |
| — | — | @@ -363,7 +363,7 @@ |
| 364 | 364 | <?php |
| 365 | 365 | } |
| 366 | 366 | |
| 367 | | -if( ini_get( "zend.ze1_compatibility_mode" ) ) { |
| | 367 | +if( wfIniGetBool( "zend.ze1_compatibility_mode" ) ) { |
| 368 | 368 | $fatal = true; |
| 369 | 369 | ?><li class="error"><strong>Fatal: <a href="http://www.php.net/manual/en/ini.core.php">zend.ze1_compatibility_mode</a> is active!</strong> |
| 370 | 370 | This option causes horrible bugs with MediaWiki; you cannot install or use |
| — | — | @@ -376,7 +376,7 @@ |
| 377 | 377 | dieout( "</ul><p>Cannot install MediaWiki.</p>" ); |
| 378 | 378 | } |
| 379 | 379 | |
| 380 | | -if( ini_get( "safe_mode" ) ) { |
| | 380 | +if( wfIniGetBool( "safe_mode" ) ) { |
| 381 | 381 | $conf->safeMode = true; |
| 382 | 382 | ?> |
| 383 | 383 | <li><b class='error'>Warning:</b> <strong>PHP's |
| — | — | @@ -1435,7 +1435,7 @@ |
| 1436 | 1436 | /* -------------------------------------------------------------------------------------- */ |
| 1437 | 1437 | function writeSuccessMessage() { |
| 1438 | 1438 | $script = defined('MW_INSTALL_PHP5_EXT') ? 'index.php5' : 'index.php'; |
| 1439 | | - if ( ini_get( 'safe_mode' ) && !ini_get( 'open_basedir' ) ) { |
| | 1439 | + if ( wfIniGetBool( 'safe_mode' ) && !ini_get( 'open_basedir' ) ) { |
| 1440 | 1440 | echo <<<EOT |
| 1441 | 1441 | <div class="success-box"> |
| 1442 | 1442 | <p>Installation successful!</p> |
| Index: trunk/phase3/RELEASE-NOTES |
| — | — | @@ -57,8 +57,9 @@ |
| 58 | 58 | * (bug 11342) Fix several 'returnto' links in permissions/error pages which |
| 59 | 59 | linked to the main page instead of targetted page |
| 60 | 60 | * Strike the link to the redirect rather than using an asterisk in Special:Listredirects |
| | 61 | +* (bug 11355) Fix false positives in Safe Mode and other config detection |
| | 62 | + when boolean settings are disabled with 'Off' via php_admin_value/php_value |
| 61 | 63 | |
| 62 | | - |
| 63 | 64 | === API changes in 1.12 === |
| 64 | 65 | |
| 65 | 66 | Full API documentation is available at http://www.mediawiki.org/wiki/API |