1 files changed, 86 insertions, 0 deletions
diff --git a/init.php b/init.php
new file mode 100644
index 00000000..d8462712
--- /dev/null
+++ b/init.php
@@ -0,0 +1,86 @@
+<?php
+require_once __DIR__ . '/vendor/autoload.php';
+use Shaarli\Helper\ApplicationUtils;
+use Shaarli\Security\SessionManager;
+// Set 'UTC' as the default timezone if it is not defined in php.ini
+// See http://php.net/manual/en/datetime.configuration.php#ini.date.timezone
+if (date_default_timezone_get() == '') {
+    date_default_timezone_set('UTC');
+}
+// High execution time in case of problematic imports/exports.
+ini_set('max_input_time', '60');
+// Try to set max upload file size and read
+ini_set('memory_limit', '128M');
+ini_set('post_max_size', '16M');
+ini_set('upload_max_filesize', '16M');
+// See all error except warnings
+error_reporting(E_ALL^E_WARNING);
+// 3rd-party libraries
+if (! file_exists(__DIR__ . '/vendor/autoload.php')) {
+    header('Content-Type: text/plain; charset=utf-8');
+    echo "Error: missing Composer configuration\n\n"
+        ."If you installed Shaarli through Git or using the development branch,\n"
+        ."please refer to the installation documentation to install PHP"
+        ." dependencies using Composer:\n"
+        ."- https://shaarli.readthedocs.io/en/master/Server-configuration/\n"
+        ."- https://shaarli.readthedocs.io/en/master/Download-and-Installation/";
+    exit;
+}
+// Ensure the PHP version is supported
+try {
+    ApplicationUtils::checkPHPVersion('7.1', PHP_VERSION);
+} catch (Exception $exc) {
+    header('Content-Type: text/plain; charset=utf-8');
+    echo $exc->getMessage();
+    exit;
+}
+// Force cookie path (but do not change lifetime)
+$cookie = session_get_cookie_params();
+$cookiedir = '';
+if (dirname($_SERVER['SCRIPT_NAME']) != '/') {
+    $cookiedir = dirname($_SERVER["SCRIPT_NAME"]).'/';
+}
+// Set default cookie expiration and path.
+session_set_cookie_params($cookie['lifetime'], $cookiedir, $_SERVER['SERVER_NAME']);
+// Set session parameters on server side.
+// Use cookies to store session.
+ini_set('session.use_cookies', 1);
+// Force cookies for session (phpsessionID forbidden in URL).
+ini_set('session.use_only_cookies', 1);
+// Prevent PHP form using sessionID in URL if cookies are disabled.
+ini_set('session.use_trans_sid', false);
+define('SHAARLI_VERSION', ApplicationUtils::getVersion(__DIR__ .'/'. ApplicationUtils::$VERSION_FILE));
+define('SHAARLI_MUTEX_FILE', __FILE__);
+session_name('shaarli');
+// Start session if needed (Some server auto-start sessions).
+if (session_status() == PHP_SESSION_NONE) {
+    session_start();
+}
+// Regenerate session ID if invalid or not defined in cookie.
+if (isset($_COOKIE['shaarli']) && !SessionManager::checkId($_COOKIE['shaarli'])) {
+    session_regenerate_id(true);
+    $_COOKIE['shaarli'] = session_id();
+}
+// LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead.
+if (! defined('LC_MESSAGES')) {
+    define('LC_MESSAGES', LC_COLLATE);
+}
+// Prevent caching on client side or proxy: (yes, it's ugly)
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");

diff --git a/init.php b/init.php new file mode 100644 index 00000000..d8462712 --- /dev/null +++ b/init.php
@@ -0,0 +1,86 @@
	1	<?php
	2
	3	require_once __DIR__ . '/vendor/autoload.php';
	4
	5	use Shaarli\Helper\ApplicationUtils;
	6	use Shaarli\Security\SessionManager;
	7
	8	// Set 'UTC' as the default timezone if it is not defined in php.ini
	9	// See http://php.net/manual/en/datetime.configuration.php#ini.date.timezone
	10	if (date_default_timezone_get() == '') {
	11	date_default_timezone_set('UTC');
	12	}
	13
	14	// High execution time in case of problematic imports/exports.
	15	ini_set('max_input_time', '60');
	16
	17	// Try to set max upload file size and read
	18	ini_set('memory_limit', '128M');
	19	ini_set('post_max_size', '16M');
	20	ini_set('upload_max_filesize', '16M');
	21
	22	// See all error except warnings
	23	error_reporting(E_ALL^E_WARNING);
	24
	25	// 3rd-party libraries
	26	if (! file_exists(__DIR__ . '/vendor/autoload.php')) {
	27	header('Content-Type: text/plain; charset=utf-8');
	28	echo "Error: missing Composer configuration\n\n"
	29	."If you installed Shaarli through Git or using the development branch,\n"
	30	."please refer to the installation documentation to install PHP"
	31	." dependencies using Composer:\n"
	32	."- https://shaarli.readthedocs.io/en/master/Server-configuration/\n"
	33	."- https://shaarli.readthedocs.io/en/master/Download-and-Installation/";
	34	exit;
	35	}
	36
	37	// Ensure the PHP version is supported
	38	try {
	39	ApplicationUtils::checkPHPVersion('7.1', PHP_VERSION);
	40	} catch (Exception $exc) {
	41	header('Content-Type: text/plain; charset=utf-8');
	42	echo $exc->getMessage();
	43	exit;
	44	}
	45
	46	// Force cookie path (but do not change lifetime)
	47	$cookie = session_get_cookie_params();
	48	$cookiedir = '';
	49	if (dirname($_SERVER['SCRIPT_NAME']) != '/') {
	50	$cookiedir = dirname($_SERVER["SCRIPT_NAME"]).'/';
	51	}
	52	// Set default cookie expiration and path.
	53	session_set_cookie_params($cookie['lifetime'], $cookiedir, $_SERVER['SERVER_NAME']);
	54	// Set session parameters on server side.
	55	// Use cookies to store session.
	56	ini_set('session.use_cookies', 1);
	57	// Force cookies for session (phpsessionID forbidden in URL).
	58	ini_set('session.use_only_cookies', 1);
	59	// Prevent PHP form using sessionID in URL if cookies are disabled.
	60	ini_set('session.use_trans_sid', false);
	61
	62	define('SHAARLI_VERSION', ApplicationUtils::getVersion(__DIR__ .'/'. ApplicationUtils::$VERSION_FILE));
	63	define('SHAARLI_MUTEX_FILE', __FILE__);
	64
	65	session_name('shaarli');
	66	// Start session if needed (Some server auto-start sessions).
	67	if (session_status() == PHP_SESSION_NONE) {
	68	session_start();
	69	}
	70
	71	// Regenerate session ID if invalid or not defined in cookie.
	72	if (isset($_COOKIE['shaarli']) && !SessionManager::checkId($_COOKIE['shaarli'])) {
	73	session_regenerate_id(true);
	74	$_COOKIE['shaarli'] = session_id();
	75	}
	76
	77	// LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead.
	78	if (! defined('LC_MESSAGES')) {
	79	define('LC_MESSAGES', LC_COLLATE);
	80	}
	81
	82	// Prevent caching on client side or proxy: (yes, it's ugly)
	83	header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
	84	header("Cache-Control: no-store, no-cache, must-revalidate");
	85	header("Cache-Control: post-check=0, pre-check=0", false);
	86	header("Pragma: no-cache");