1<?php 2 3use phpweb\UserPreferences; 4 5require_once __DIR__ . '/../src/autoload.php'; 6 7// Compress all pages, if ext/zlib is available on the mirror 8// XXX Deactivated by sas, causes errors towards delivery machines 9// ini_set("zlib.output_compression", 1); 10 11// See http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9 12// for cache control header descriptions (used in many places on the site). 13 14// Provide default content-type, charset and language information 15// Manual pages will override this, and maybe others too 16header("Content-language: en"); 17header("Content-type: text/html; charset=utf-8"); 18 19// Opt out of FLoC 20header("Permissions-Policy: interest-cohort=()"); 21 22/* Fix Silly Same Origin Policies */ 23(function (): void { 24 if (!isset($_SERVER["HTTP_ORIGIN"])) { 25 return; 26 } 27 28 $host = parse_url($_SERVER["HTTP_ORIGIN"]); 29 if (strncmp(strrev($host["host"]), strrev("php.net"), strlen("php.net")) != 0) { 30 if ($host["host"] != $_SERVER["SERVER_NAME"]) { 31 exit(10); 32 } 33 } 34 if (isset($host["port"])) { 35 $hostname = $host["host"] . ":" . $host["port"]; 36 } else { 37 $hostname = $host["host"]; 38 } 39 40 header("Access-Control-Allow-Origin: http://$hostname"); 41 if (isset($_SERVER["HTTP_ACCESS_CONTROL_REQUEST_HEADERS"])) { 42 $headers = $_SERVER["HTTP_ACCESS_CONTROL_REQUEST_HEADERS"]; 43 $headers = str_replace(["\r", "\n", "\0"], "", $headers); 44 header("Access-Control-Allow-Headers: $headers"); 45 } 46})(); 47 48/* Clickjacking workaround. Nothing should be in a frame so it could technically be 'deny' 49 * but it doesn't make any difference anyway */ 50header("X-Frame-Options: SAMEORIGIN"); 51 52// Be 100% sure the timezone is set 53if (ini_get("date.timezone") === "" && function_exists("date_default_timezone_set")) { 54 date_default_timezone_set("UTC"); 55} 56 57/* Compatibility with the PHP webserver.. */ 58if (!isset($_SERVER["SERVER_ADDR"])) { 59 $_SERVER["SERVER_ADDR"] = "127.0.0.1"; 60} 61 62// As of PHP 5.3.0 multibyte sequence errors are no longer 63// silent. Prior to that version this bitfield does not exist 64// so define it to prevent notices on older versions 65if (!defined("ENT_IGNORE")) { 66 define("ENT_IGNORE", 0); 67} 68 69// Prevent cross site scripting problems 70unset($RSIDEBAR_DATA); 71unset($SIDEBAR_DATA); 72unset($SEARCH_BASE); 73unset($LANG); 74unset($COUNTRY); 75unset($ONLOAD); 76unset($LAST_UPDATED); 77 78$userPreferences = new UserPreferences(); 79 80// Load the My PHP.net settings before any includes 81$userPreferences->load(); 82 83// Site details (mirror site information) 84include __DIR__ . '/site.inc'; 85 86// Choose language used for translated parts 87include __DIR__ . '/langchooser.inc'; 88 89// Get country of the user and set it in a cookie 90include __DIR__ . '/ip-to-country.inc'; 91 92// Common layout functions 93include __DIR__ . '/layout.inc'; 94 95// This file is generated on rsync.php.net and propagated 96// from there. It just defines $LAST_UPDATED, which is the 97// mirror's last updated time. 98include __DIR__ . '/last_updated.inc'; 99 100// ----------------------------------------------------------------------------- 101 102// Embed Google Custom Search engine 103function google_cse(): void { 104 $cse_snippet = <<<EOF 105 <noscript> 106 php.net's search functionality requires JavaScript to operate. Please enable 107 JavaScript and reload to continue. 108 </noscript> 109 <script> 110 (function() { 111 var cx = '011570197911755000456:fip9wopfz_u'; 112 var gcse = document.createElement('script'); 113 gcse.type = 'text/javascript'; 114 gcse.async = true; 115 gcse.src = 'https://cse.google.com/cse.js?cx=' + cx; 116 var s = document.getElementsByTagName('script')[0]; 117 s.parentNode.insertBefore(gcse, s); 118 })(); 119 </script> 120 <div class="gcse-search" data-linktarget></div> 121 EOF; 122 123 echo $cse_snippet; 124} 125
