phorge-phorge/scripts/__init_script__.php

<?php

/*
 * Copyright 2011 Facebook, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

error_reporting(E_ALL | E_STRICT);
ini_set('display_errors', 1);

$include_path = ini_get('include_path');
ini_set('include_path', $include_path.':'.dirname(__FILE__).'/../../');
@include_once 'libphutil/src/__phutil_library_init__.php';
if (!@constant('__LIBPHUTIL__')) {
  echo "ERROR: Unable to load libphutil. Update your PHP 'include_path' to ".
       "include the parent directory of libphutil/.\n";
  exit(1);
}

phutil_load_library(dirname(__FILE__).'/../src/');

// NOTE: This is dangerous in general, but we know we're in a script context and
// are not vulnerable to CSRF.
AphrontWriteGuard::allowDangerousUnguardedWrites(true);

$include_path = ini_get('include_path');
ini_set('include_path', $include_path.':'.dirname(__FILE__).'/../../');

require_once dirname(dirname(__FILE__)).'/conf/__init_conf__.php';

$env = isset($_SERVER['PHABRICATOR_ENV'])
  ? $_SERVER['PHABRICATOR_ENV']
  : getenv('PHABRICATOR_ENV');
if (!$env) {
  echo "Define PHABRICATOR_ENV before running this script.\n";
  exit(1);
}

$conf = phabricator_read_config_file($env);
$conf['phabricator.env'] = $env;

phutil_require_module('phabricator', 'infrastructure/env');
PhabricatorEnv::setEnvConfig($conf);

phutil_load_library('arcanist/src');

foreach (PhabricatorEnv::getEnvConfig('load-libraries') as $library) {
  phutil_load_library($library);
}

PhutilErrorHandler::initialize();
PhabricatorEventEngine::initialize();

$tz = PhabricatorEnv::getEnvConfig('phabricator.timezone');
if ($tz) {
  date_default_timezone_set($tz);
}
Celerity, a Haste-style static resource management system. 2011-01-25 18:59:31 +01:00			`<?php`

			`/*`
			`* Copyright 2011 Facebook, Inc.`
			`*`
			`* Licensed under the Apache License, Version 2.0 (the "License");`
			`* you may not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
			`*`
			`* http://www.apache.org/licenses/LICENSE-2.0`
			`*`
			`* Unless required by applicable law or agreed to in writing, software`
			`* distributed under the License is distributed on an "AS IS" BASIS,`
			`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`* See the License for the specific language governing permissions and`
			`* limitations under the License.`
			`*/`

Ensure syntax errors and other configuration problems are surfaced to the user. Summary: Some PHP has junky defaults for error_reporting / display_errors, and the "@" silences fatals. The @ should never have been there, I just copied it from the libphutil initializer where we use @ because the default error message can be confusing and we display a more useful one. Test Plan: Added fatals to my conf file, got a decent error message instead of silent exit with err=255. Reviewed By: aran Reviewers: tuomaspelkonen, aran, jungejason CC: aran Differential Revision: 355 2011-05-28 01:39:34 +02:00			`error_reporting(E_ALL \| E_STRICT);`
			`ini_set('display_errors', 1);`

Celerity, a Haste-style static resource management system. 2011-01-25 18:59:31 +01:00			`$include_path = ini_get('include_path');`
			`ini_set('include_path', $include_path.':'.dirname(__FILE__).'/../../');`
[phabricator] Allow missing dependency checks to run Test Plan: Run upgrade-schema.php, see error instead of silent failure. Task: T123 Reviewed By: epriestley Reviewers: epriestley, jungejason CC: aran, rm, epriestley Differential Revision: 199 2011-04-30 22:48:21 +02:00			`@include_once 'libphutil/src/__phutil_library_init__.php';`
Celerity, a Haste-style static resource management system. 2011-01-25 18:59:31 +01:00			`if (!@constant('__LIBPHUTIL__')) {`
			`echo "ERROR: Unable to load libphutil. Update your PHP 'include_path' to ".`
			`"include the parent directory of libphutil/.\n";`
			`exit(1);`
			`}`

			`phutil_load_library(dirname(__FILE__).'/../src/');`
Create AphrontWriteGuard, a backup mechanism for CSRF validation Summary: Provide a catchall mechanism to find unprotected writes. - Depends on D758. - Similar to WriteOnHTTPGet stuff from Facebook's stack. - Since we have a small number of storage mechanisms and highly structured read/write pathways, we can explicitly answer the question "is this page performing a write?". - Never allow writes without CSRF checks. - This will probably break some things. That's fine: they're CSRF vulnerabilities or weird edge cases that we can fix. But don't push to Facebook for a few days unless you're prepared to deal with this. - >>> MEGADERP: All Conduit write APIs are currently vulnerable to CSRF! <<< Test Plan: - Ran some scripts that perform writes (scripts/search indexers), no issues. - Performed normal CSRF submits. - Added writes to an un-CSRF'd page, got an exception. - Executed conduit methods. - Did login/logout (this works because the logged-out user validates the logged-out csrf "token"). - Did OAuth login. - Did OAuth registration. Reviewers: pedram, andrewjcg, erling, jungejason, tuomaspelkonen, aran, codeblock Commenters: pedram CC: aran, epriestley, pedram Differential Revision: 777 2011-08-03 20:49:27 +02:00
			`// NOTE: This is dangerous in general, but we know we're in a script context and`
			`// are not vulnerable to CSRF.`
			`AphrontWriteGuard::allowDangerousUnguardedWrites(true);`
Merge __init_env__.php into __init_script__.php Summary: There are currently two files, but all scripts require both of them, which is clearly silly. In the longer term I want to rewrite all of this init stuff to be more structured (e.g., merge webroot/index.php and __init_script__ better) but this reduces the surface area of the ad-hoc "include files" API we have now, at least. Test Plan: - Grepped for __init_env__.php (no hits) - Ran a unit test (to test unit changes) - Ran a daemon (to test daemon changes) Reviewers: jungejason, nh, tuomaspelkonen, aran Reviewed By: jungejason CC: aran, jungejason Differential Revision: 976 2011-10-01 17:59:42 +02:00
			`$include_path = ini_get('include_path');`
			`ini_set('include_path', $include_path.':'.dirname(__FILE__).'/../../');`

			`require_once dirname(dirname(__FILE__)).'/conf/__init_conf__.php';`

			`$env = isset($_SERVER['PHABRICATOR_ENV'])`
			`? $_SERVER['PHABRICATOR_ENV']`
			`: getenv('PHABRICATOR_ENV');`
			`if (!$env) {`
			`echo "Define PHABRICATOR_ENV before running this script.\n";`
			`exit(1);`
			`}`

			`$conf = phabricator_read_config_file($env);`
			`$conf['phabricator.env'] = $env;`

			`phutil_require_module('phabricator', 'infrastructure/env');`
			`PhabricatorEnv::setEnvConfig($conf);`

			`phutil_load_library('arcanist/src');`

			`foreach (PhabricatorEnv::getEnvConfig('load-libraries') as $library) {`
			`phutil_load_library($library);`
			`}`

			`PhutilErrorHandler::initialize();`
			`PhabricatorEventEngine::initialize();`

			`$tz = PhabricatorEnv::getEnvConfig('phabricator.timezone');`
			`if ($tz) {`
			`date_default_timezone_set($tz);`
			`}`