1<?php 2 3use phpweb\UserPreferences; 4 5require_once __DIR__ . '/../src/autoload.php'; 6 7// Compress all pages, if ext/zlib is available on the mirror 8// XXX Deactivated by sas, causes errors towards delivery machines 9// ini_set("zlib.output_compression", 1); 10 11// See http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9 12// for cache control header descriptions (used in many places on the site). 13 14// Provide default content-type, charset and language information 15// Manual pages will override this, and maybe others too 16header("Content-language: en"); 17header("Content-type: text/html; charset=utf-8"); 18 19// Opt out of FLoC 20header("Permissions-Policy: interest-cohort=()"); 21 22/* Fix Silly Same Origin Policies */ 23(function (): void { 24 if (!isset($_SERVER["HTTP_ORIGIN"])) { 25 return; 26 } 27 28 $host = parse_url($_SERVER["HTTP_ORIGIN"]); 29 if (strncmp(strrev($host["host"]), strrev("php.net"), strlen("php.net")) != 0) { 30 if ($host["host"] != $_SERVER["SERVER_NAME"]) { 31 exit(10); 32 } 33 } 34 if (isset($host["port"])) { 35 $hostname = $host["host"] . ":" . $host["port"]; 36 } else { 37 $hostname = $host["host"]; 38 } 39 40 header("Access-Control-Allow-Origin: http://$hostname"); 41 if (isset($_SERVER["HTTP_ACCESS_CONTROL_REQUEST_HEADERS"])) { 42 $headers = $_SERVER["HTTP_ACCESS_CONTROL_REQUEST_HEADERS"]; 43 $headers = str_replace(["\r", "\n", "\0"], "", $headers); 44 header("Access-Control-Allow-Headers: $headers"); 45 } 46})(); 47 48/* Clickjacking workaround. Nothing should be in a frame so it could technically be 'deny' 49 * but it doesn't make any difference anyway */ 50header("X-Frame-Options: SAMEORIGIN"); 51 52// Be 100% sure the timezone is set 53if (ini_get("date.timezone") === "" && function_exists("date_default_timezone_set")) { 54 date_default_timezone_set("UTC"); 55} 56 57/* Compatibility with the PHP webserver.. */ 58if (!isset($_SERVER["SERVER_ADDR"])) { 59 $_SERVER["SERVER_ADDR"] = "127.0.0.1"; 60} 61 62// As of PHP 5.3.0 multibyte sequence errors are no longer 63// silent. Prior to that version this bitfield does not exist 64// so define it to prevent notices on older versions 65if (!defined("ENT_IGNORE")) { 66 define("ENT_IGNORE", 0); 67} 68 69// Prevent cross site scripting problems 70unset($RSIDEBAR_DATA); 71unset($SIDEBAR_DATA); 72unset($SEARCH_BASE); 73unset($LANG); 74unset($ONLOAD); 75unset($LAST_UPDATED); 76 77$userPreferences = new UserPreferences(); 78 79// Load the My PHP.net settings before any includes 80$userPreferences->load(); 81 82// Site details (mirror site information) 83include __DIR__ . '/site.inc'; 84 85// Choose language used for translated parts 86include __DIR__ . '/langchooser.inc'; 87 88// Import function to get the real IP address 89include __DIR__ . '/ip-to-country.inc'; 90 91// Common layout functions 92include __DIR__ . '/layout.inc'; 93 94// This file is generated on rsync.php.net and propagated 95// from there. It just defines $LAST_UPDATED, which is the 96// mirror's last updated time. 97include __DIR__ . '/last_updated.inc'; 98 99// ----------------------------------------------------------------------------- 100 101// Embed Google Custom Search engine 102function google_cse(): void { 103 $cse_snippet = <<<EOF 104 <noscript> 105 php.net's search functionality requires JavaScript to operate. Please enable 106 JavaScript and reload to continue. 107 </noscript> 108 <script> 109 (function() { 110 var cx = '011570197911755000456:fip9wopfz_u'; 111 var gcse = document.createElement('script'); 112 gcse.type = 'text/javascript'; 113 gcse.async = true; 114 gcse.src = 'https://cse.google.com/cse.js?cx=' + cx; 115 var s = document.getElementsByTagName('script')[0]; 116 s.parentNode.insertBefore(gcse, s); 117 })(); 118 </script> 119 <div class="gcse-search" data-linktarget></div> 120 EOF; 121 122 echo $cse_snippet; 123} 124
