123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350 |
- <?php
- // This file is part of GNU social - https://www.gnu.org/software/social
- //
- // GNU social is free software: you can redistribute it and/or modify
- // it under the terms of the GNU Affero General Public License as published by
- // the Free Software Foundation, either version 3 of the License, or
- // (at your option) any later version.
- //
- // GNU social is distributed in the hope that it will be useful,
- // but WITHOUT ANY WARRANTY; without even the implied warranty of
- // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- // GNU Affero General Public License for more details.
- //
- // You should have received a copy of the GNU Affero General Public License
- // along with GNU social. If not, see <http://www.gnu.org/licenses/>.
- /**
- * Main GNU social entry point
- *
- * @package GNUsocial
- * @author Brenda Wallace <shiny@cpan.org>
- * @author Brion Vibber <brion@pobox.com>
- * @author Brion Vibber <brion@status.net>
- * @author Christopher Vollick <candrews@integralblue.com>
- * @author CiaranG <ciaran@ciarang.com>
- * @author Craig Andrews <candrews@integralblue.com>
- * @author Craig Andrews <evan@status.net>
- * @author Evan Prodromou <evan@controlezvous.ca>
- * @author Evan Prodromou <evan@controlyourself.ca>
- * @author Evan Prodromou <evan@prodromou.name>
- * @author Evan Prodromou <evan@status.net>
- * @author Gina Haeussge <osd@foosel.net>
- * @author James Walker <walkah@walkah.net>
- * @author Jeffery To <candrews@integralblue.com>
- * @author Jeffery To <jeffery.to@gmail.com>
- * @author Mikael Nordfeldth <mmn@hethane.se>
- * @author Mike Cochrane <mikec@mikenz.geek.nz>
- * @author Robin Millette <millette@controlyourself.ca>
- * @author Sarven Capadisli <csarven@controlyourself.ca>
- * @author Sarven Capadisli <csarven@status.net>
- * @author Siebrand Mazeland <s.mazeland@xs4all.nl>
- * @author Tom Adams <candrews@integralblue.com>
- * @author Tom Adams <tom@holizz.com>
- * @author Zach Copley <zach@status.net>
- * @author Diogo Cordeiro <diogo@fc.up.pt>
- * @copyright 2019 Free Software Foundation, Inc http://www.fsf.org
- * @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
- */
- $_startTime = microtime(true);
- $_startCpuTime = hrtime(true);
- $_perfCounters = [];
- // We provide all our dependencies through our own autoload.
- // This will probably be configurable for distributing with
- // system packages (like with Debian apt etc. where included
- // libraries are maintained through repositories)
- set_include_path('.'); // mainly fixes an issue where /usr/share/{pear,php*}/DB/DataObject.php is _old_ on various systems...
- define('INSTALLDIR', dirname(__DIR__));
- define('PUBLICDIR', INSTALLDIR . DIRECTORY_SEPARATOR . 'public');
- define('GNUSOCIAL', true);
- define('STATUSNET', true); // compatibility
- $user = null;
- $action = null;
- function getPath($req)
- {
- $p = null;
- if ((common_config('site', 'fancy') || !array_key_exists('PATH_INFO', $_SERVER))
- && array_key_exists('p', $req)
- ) {
- $p = $req['p'];
- } elseif (array_key_exists('PATH_INFO', $_SERVER)) {
- $path = $_SERVER['PATH_INFO'];
- $script = $_SERVER['SCRIPT_NAME'];
- if (substr($path, 0, mb_strlen($script)) == $script) {
- $p = substr($path, mb_strlen($script) + 1);
- } else {
- $p = $path;
- }
- } else {
- $p = null;
- }
- // Trim all initial '/'
- $p = ltrim($p, '/');
- return $p;
- }
- /**
- * logs and then displays error messages
- *
- * @return void
- */
- function handleError($error)
- {
- try {
- if ($error->getCode() == DB_DATAOBJECT_ERROR_NODATA) {
- return;
- }
- $logmsg = "Exception thrown: " . _ve($error->getMessage());
- if ($error instanceof PEAR_Exception && common_config('log', 'debugtrace')) {
- $logmsg .= " PEAR: ". $error->toText();
- }
- // DB queries often end up with a lot of newlines; merge to a single line
- // for easier grepability...
- $logmsg = str_replace("\n", " ", $logmsg);
- common_log(LOG_ERR, $logmsg);
- // @fixme backtrace output should be consistent with exception handling
- if (common_config('log', 'debugtrace')) {
- $bt = $error->getTrace();
- foreach ($bt as $n => $line) {
- common_log(LOG_ERR, formatBacktraceLine($n, $line));
- }
- }
- if ($error instanceof DB_DataObject_Error
- || $error instanceof MDB2_Error
- || ($error instanceof PEAR_Exception && $error->getCode() == -24)
- ) {
- //If we run into a DB error, assume we can't connect to the DB at all
- //so set the current user to null, so we don't try to access the DB
- //while rendering the error page.
- global $_cur;
- $_cur = null;
- $msg = sprintf(
- // TRANS: Database error message.
- _('The database for %1$s is not responding correctly, '.
- 'so the site will not work properly. '.
- 'The site admins probably know about the problem, '.
- 'but you can contact them at %2$s to make sure. '.
- 'Otherwise, wait a few minutes and try again.'
- ),
- common_config('site', 'name'),
- common_config('site', 'email')
- );
- $erraction = new DBErrorAction($msg, 500);
- } elseif ($error instanceof ClientException) {
- $erraction = new ClientErrorAction($error->getMessage(), $error->getCode());
- } elseif ($error instanceof ServerException) {
- $erraction = new ServerErrorAction($error->getMessage(), $error->getCode(), $error);
- } else {
- // If it wasn't specified more closely which kind of exception it was
- $erraction = new ServerErrorAction($error->getMessage(), 500, $error);
- }
- $erraction->showPage();
- } catch (Exception $e) {
- // TRANS: Error message.
- echo _('An error occurred.');
- error_log('Uncaught Exception: ' . $error);
- exit(-1);
- }
- exit(-1);
- }
- set_exception_handler('handleError');
- // quick check for fancy URL auto-detection support in installer.
- if (preg_replace("/\?.+$/", "", $_SERVER['REQUEST_URI']) === preg_replace("/^\/$/", "", (dirname($_SERVER['REQUEST_URI']))) . '/check-fancy') {
- die("Fancy URL support detection succeeded. We suggest you enable this to get fancy (pretty) URLs.");
- }
- require_once INSTALLDIR . '/lib/util/common.php';
- /**
- * Format a backtrace line for debug output roughly like debug_print_backtrace() does.
- * Exceptions already have this built in, but PEAR error objects just give us the array.
- *
- * @param int $n line number
- * @param array $line per-frame array item from debug_backtrace()
- * @return string
- */
- function formatBacktraceLine($n, $line)
- {
- $out = "#$n ";
- if (array_key_exists('class', $line)) {
- $out .= $line['class'];
- }
- if (array_key_exists('type', $line)) {
- $out .= $line['type'];
- }
- if (array_key_exists('function', $line)) {
- $out .= $line['function'];
- }
- $out .= '(';
- if (array_key_exists('args', $line)) {
- $args = [];
- foreach ($line['args'] as $arg) {
- // debug_print_backtrace seems to use var_export
- // but this gets *very* verbose!
- $args[] = gettype($arg);
- }
- $out .= implode(',', $args);
- }
- $out .= ')';
- $out .= ' called at [';
- if (array_key_exists('file', $line)) {
- $out .= $line['file'];
- }
- if (array_key_exists('line', $line)) {
- $out .= ':' . $line['line'];
- }
- $out .= ']';
- return $out;
- }
- function setupRW()
- {
- global $config;
- static $alwaysRW = array('session', 'remember_me');
- $rwdb = $config['db']['database'];
- if (Event::handle('StartReadWriteTables', array(&$alwaysRW, &$rwdb))) {
- // We ensure that these tables always are used
- // on the master DB
- $config['db']['database_rw'] = $rwdb;
- $config['db']['ini_rw'] = INSTALLDIR.'/classes/statusnet.ini';
- foreach ($alwaysRW as $table) {
- $config['db']['table_'.$table] = 'rw';
- }
- Event::handle('EndReadWriteTables', array($alwaysRW, $rwdb));
- }
- return;
- }
- function isLoginAction($action)
- {
- static $loginActions = array('login', 'recoverpassword', 'api', 'doc', 'register', 'publicxrds', 'otp', 'opensearch', 'rsd');
- $login = null;
- if (Event::handle('LoginAction', array($action, &$login))) {
- $login = in_array($action, $loginActions);
- }
- return $login;
- }
- function main()
- {
- global $user, $action;
- if (!_have_config()) {
- $msg = sprintf(
- // TRANS: Error message displayed when there is no StatusNet configuration file.
- _("No configuration file found. Try running ".
- "the installation program first."
- )
- );
- $sac = new ServerErrorAction($msg);
- $sac->showPage();
- return;
- }
- // Make sure RW database is setup
- setupRW();
- // XXX: we need a little more structure in this script
- // get and cache current user (may hit RW!)
- $user = common_current_user();
- // initialize language env
- common_init_language();
- $path = getPath($_REQUEST);
- $r = Router::get();
- $args = $r->map($path);
- // If the request is HTTP and it should be HTTPS...
- if (GNUsocial::useHTTPS() && !GNUsocial::isHTTPS()) {
- common_redirect(common_local_url($args['action'], $args));
- }
- $args = array_merge($args, $_REQUEST ?: []);
- Event::handle('ArgsInitialize', array(&$args));
- $action = basename($args['action']);
- if (!$action || !preg_match('/^[a-zA-Z0-9_-]*$/', $action)) {
- common_redirect(common_local_url('public'));
- }
- // If the site is private, and they're not on one of the "public"
- // parts of the site, redirect to login
- if (
- is_null($user)
- && common_config('site', 'private')
- && !isLoginAction($action)
- && !preg_match('/rss$/', $action)
- && $action !== 'robotstxt'
- && !preg_match('/^Api/', $action)
- ) {
- // set returnto
- $rargs = common_copy_args($args);
- unset($rargs['action']);
- if (common_config('site', 'fancy')) {
- unset($rargs['p']);
- }
- if (array_key_exists('submit', $rargs)) {
- unset($rargs['submit']);
- }
- foreach (array_keys($_COOKIE) as $cookie) {
- unset($rargs[$cookie]);
- }
- common_set_returnto(common_local_url($action, $rargs));
- common_redirect(common_local_url('login'));
- }
- $action_class = ucfirst($action).'Action';
- if (!class_exists($action_class)) {
- // TRANS: Error message displayed when trying to perform an undefined action.
- throw new ClientException(_('Unknown action'), 404);
- }
- call_user_func("$action_class::run", $args);
- }
- main();
- // XXX: cleanup exit() calls or add an exit handler so
- // this always gets called
- Event::handle('CleanupModule');
- Event::handle('CleanupPlugin');
|