Add defuse/php-encryption 2.0 to Composer dependencies

[friendica.git] / index.php

diff --git a/index.php b/index.php
index e67ace1326cc6b261bf4c87a9433714cae1ca0bf..5915498904d477720ee2313cee02674470b30dea 100644 (file)
--- a/index.php
+++ b/index.php
@@ -14,12 +14,17 @@
  */
 
 use Friendica\App;
+use Friendica\Core\System;
 use Friendica\Core\Config;
+use Friendica\Core\Worker;
+use Friendica\Database\DBM;
 
 require_once 'boot.php';
 require_once 'object/BaseObject.php';
 
-$a = new App(__DIR__);
+if (empty($a)) {
+       $a = new App(__DIR__);
+}
 BaseObject::set_app($a);
 
 // We assume that the index.php is called by a frontend process
@@ -50,7 +55,7 @@ if (!$install) {
 require_once "include/dba.php";
 
 if (!$install) {
-       $db = new dba($db_host, $db_user, $db_pass, $db_data, $install);
+       dba::connect($db_host, $db_user, $db_pass, $db_data, $install);
        unset($db_host, $db_user, $db_pass, $db_data);
 
        /**
@@ -62,15 +67,15 @@ if (!$install) {
        if ($a->max_processes_reached() || $a->maxload_reached()) {
                header($_SERVER["SERVER_PROTOCOL"] . ' 503 Service Temporarily Unavailable');
                header('Retry-After: 120');
-               header('Refresh: 120; url=' . App::get_baseurl() . "/" . $a->query_string);
+               header('Refresh: 120; url=' . System::baseUrl() . "/" . $a->query_string);
                die("System is currently unavailable. Please try again later");
        }
 
-       if (get_config('system', 'force_ssl') && ($a->get_scheme() == "http") &&
-               (intval(get_config('system', 'ssl_policy')) == SSL_POLICY_FULL) &&
-               (substr(App::get_baseurl(), 0, 8) == "https://")) {
+       if (Config::get('system', 'force_ssl') && ($a->get_scheme() == "http") &&
+               (intval(Config::get('system', 'ssl_policy')) == SSL_POLICY_FULL) &&
+               (substr(System::baseUrl(), 0, 8) == "https://")) {
                header("HTTP/1.1 302 Moved Temporarily");
-               header("Location: " . App::get_baseurl() . "/" . $a->query_string);
+               header("Location: " . System::baseUrl() . "/" . $a->query_string);
                exit();
        }
 
@@ -78,7 +83,7 @@ if (!$install) {
        load_hooks();
        call_hooks('init_1');
 
-       $maintenance = get_config('system', 'maintenance');
+       $maintenance = Config::get('system', 'maintenance');
 }
 
 $lang = get_browser_language();
@@ -102,9 +107,7 @@ if (!$a->is_backend()) {
        session_start();
        $a->save_timestamp($stamp1, "parser");
 } else {
-       require_once "include/poller.php";
-
-       call_worker_if_idle();
+       Worker::executeIfIdle();
 }
 
 /**
@@ -115,7 +118,7 @@ if (x($_SESSION,'authenticated') && !x($_SESSION,'language')) {
        // we didn't loaded user data yet, but we need user language
        $r = dba::select('user', array('language'), array('uid' => $_SESSION['uid']), array('limit' => 1));
        $_SESSION['language'] = $lang;
-       if (dbm::is_result($r)) {
+       if (DBM::is_result($r)) {
                $_SESSION['language'] = $r['language'];
        }
 }
@@ -154,7 +157,7 @@ if ((x($_GET,'zrl')) && (!$install && !$maintenance)) {
  *
  */
 
-// header('Link: <' . App::get_baseurl() . '/amcd>; rel="acct-mgmt";');
+// header('Link: <' . System::baseUrl() . '/amcd>; rel="acct-mgmt";');
 
 if (x($_COOKIE["Friendica"]) || (x($_SESSION,'authenticated')) || (x($_POST,'auth-params')) || ($a->module === 'login')) {
        require("include/auth.php");
@@ -195,14 +198,14 @@ if ($install && $a->module!="view") {
        $a->module = 'maintenance';
 } else {
        check_url($a);
-       check_db();
+       check_db(false);
        check_plugins($a);
 }
 
 nav_set_selected('nothing');
 
 //Don't populate apps_menu if apps are private
-$privateapps = get_config('config','private_addons');
+$privateapps = Config::get('config','private_addons');
 if ((local_user()) || (! $privateapps === "1")) {
        $arr = array('app_menu' => $a->apps);
 
@@ -249,7 +252,7 @@ if (strlen($a->module)) {
                $a->module = "login";
        }
 
-       $privateapps = get_config('config','private_addons');
+       $privateapps = Config::get('config','private_addons');
 
        if (is_array($a->plugins) && in_array($a->module,$a->plugins) && file_exists("addon/{$a->module}/{$a->module}.php")) {
                //Check if module is an app and if public access to apps is allowed or not
@@ -294,7 +297,7 @@ if (strlen($a->module)) {
 
                if ((x($_SERVER,'QUERY_STRING')) && ($_SERVER['QUERY_STRING'] === 'q=internal_error.html') && isset($dreamhost_error_hack)) {
                        logger('index.php: dreamhost_error_hack invoked. Original URI =' . $_SERVER['REQUEST_URI']);
-                       goaway(App::get_baseurl() . $_SERVER['REQUEST_URI']);
+                       goaway(System::baseUrl() . $_SERVER['REQUEST_URI']);
                }
 
                logger('index.php: page not found: ' . $_SERVER['REQUEST_URI'] . ' ADDRESS: ' . $_SERVER['REMOTE_ADDR'] . ' QUERY: ' . $_SERVER['QUERY_STRING'], LOGGER_DEBUG);
@@ -488,6 +491,19 @@ $profile = $a->profile;
 header("X-Friendica-Version: " . FRIENDICA_VERSION);
 header("Content-type: text/html; charset=utf-8");
 
+if (Config::get('system', 'hsts') && (Config::get('system', 'ssl_policy') == SSL_POLICY_FULL)) {
+       header("Strict-Transport-Security: max-age=31536000");
+}
+
+// Some security stuff
+header('X-Content-Type-Options: nosniff');
+header('X-XSS-Protection: 1; mode=block');
+header('X-Permitted-Cross-Domain-Policies: none');
+header('X-Frame-Options: sameorigin');
+
+// Things like embedded OSM maps don't work, when this is enabled
+// header("Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' https: data:; media-src 'self' https:; child-src 'self' https:; object-src 'none'");
+
 /*
  * We use $_GET["mode"] for special page templates. So we will check if we have
  * to load another page template than the default one.