X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=index.php;h=bf4ee378af840ccb0810f7cfa686921a251863ba;hb=71b30e06516b6d35817678ece1e289e02a7b7844;hp=bf926d1fe76f166c7c240036560c86223d8f7814;hpb=2932ebfbc878ca7db958bcc20f841ae344938ee6;p=friendica.git
diff --git a/index.php b/index.php
index bf926d1fe7..bf4ee378af 100644
--- a/index.php
+++ b/index.php
@@ -41,10 +41,11 @@ $install = ((file_exists('.htconfig.php') && filesize('.htconfig.php')) ? false
*/
require_once("include/dba.php");
+require_once("include/dbm.php");
if(!$install) {
$db = new dba($db_host, $db_user, $db_pass, $db_data, $install);
- unset($db_host, $db_user, $db_pass, $db_data);
+ unset($db_host, $db_user, $db_pass, $db_data);
/**
* Load configs from db. Overwrite configs from .htconfig.php
@@ -53,6 +54,21 @@ if(!$install) {
load_config('config');
load_config('system');
+ $processlist = dbm::processlist();
+ if ($processlist["list"] != "") {
+
+ logger("Processcheck: Processes: ".$processlist["amount"]." - Processlist: ".$processlist["list"], LOGGER_DEBUG);
+
+ $max_processes = get_config('system', 'max_processes_frontend');
+ if (intval($max_processes) == 0)
+ $max_processes = 20;
+
+ if ($processlist["amount"] > $max_processes) {
+ logger("Processcheck: Maximum number of processes for frontend tasks (".$max_processes.") reached.", LOGGER_DEBUG);
+ system_unavailable();
+ }
+ }
+
$maxsysload_frontend = intval(get_config('system','maxloadavg_frontend'));
if($maxsysload_frontend < 1)
$maxsysload_frontend = 50;
@@ -72,7 +88,8 @@ if(!$install) {
(intval(get_config('system','ssl_policy')) == SSL_POLICY_FULL) AND
(substr($a->get_baseurl(), 0, 8) == "https://")) {
header("HTTP/1.1 302 Moved Temporarily");
- header("location: ".$a->get_baseurl()."/".$a->query_string);
+ header("Location: ".$a->get_baseurl()."/".$a->query_string);
+ exit();
}
require_once("include/session.php");
@@ -116,9 +133,21 @@ if((x($_SESSION,'language')) && ($_SESSION['language'] !== $lang)) {
}
if((x($_GET,'zrl')) && (!$install && !$maintenance)) {
- $_SESSION['my_url'] = $_GET['zrl'];
- $a->query_string = preg_replace('/[\?&]zrl=(.*?)([\?&]|$)/is','',$a->query_string);
- zrl_init($a);
+ // Only continue when the given profile link seems valid
+ // Valid profile links contain a path with "/profile/" and no query parameters
+ if ((parse_url($_GET['zrl'], PHP_URL_QUERY) == "") AND
+ strstr(parse_url($_GET['zrl'], PHP_URL_PATH), "/profile/")) {
+ $_SESSION['my_url'] = $_GET['zrl'];
+ $a->query_string = preg_replace('/[\?&]zrl=(.*?)([\?&]|$)/is','',$a->query_string);
+ zrl_init($a);
+ } else {
+ // Someone came with an invalid parameter, maybe as a DDoS attempt
+ // We simply stop processing here
+ logger("Invalid ZRL parameter ".$_GET['zrl'], LOGGER_DEBUG);
+ header('HTTP/1.1 403 Forbidden');
+ echo "403 Forbidden
";
+ killme();
+ }
}
/**
@@ -134,7 +163,7 @@ if((x($_GET,'zrl')) && (!$install && !$maintenance)) {
// header('Link: <' . $a->get_baseurl() . '/amcd>; rel="acct-mgmt";');
-if((x($_SESSION,'authenticated')) || (x($_POST,'auth-params')) || ($a->module === 'login'))
+if(x($_COOKIE["Friendica"]) || (x($_SESSION,'authenticated')) || (x($_POST,'auth-params')) || ($a->module === 'login'))
require("include/auth.php");
if(! x($_SESSION,'authenticated'))
@@ -371,7 +400,7 @@ $a->init_page_end();
if(x($_SESSION,'visitor_home'))
$homebase = $_SESSION['visitor_home'];
elseif(local_user())
- $homebase = $a->get_baseurl() . '/profile/' . $a->user['nickname'];
+ $homebase = 'profile/' . $a->user['nickname'];
if(isset($homebase))
$a->page['content'] .= '';
@@ -407,15 +436,6 @@ if(x($_SESSION,'sysmsg_info')) {
call_hooks('page_end', $a->page['content']);
-/**
- *
- * Add a place for the pause/resume Ajax indicator
- *
- */
-
-$a->page['content'] .= '';
-
-
/**
*
* Add the navigation (menu) template
@@ -432,15 +452,15 @@ if($a->module != 'install' && $a->module != 'maintenance') {
if($a->is_mobile || $a->is_tablet) {
if(isset($_SESSION['show-mobile']) && !$_SESSION['show-mobile']) {
- $link = $a->get_baseurl() . '/toggle_mobile?address=' . curPageURL();
+ $link = 'toggle_mobile?address=' . curPageURL();
}
else {
- $link = $a->get_baseurl() . '/toggle_mobile?off=1&address=' . curPageURL();
+ $link = 'toggle_mobile?off=1&address=' . curPageURL();
}
$a->page['footer'] = replace_macros(get_markup_template("toggle_mobile_footer.tpl"), array(
- '$toggle_link' => $link,
- '$toggle_text' => t('toggle mobile')
- ));
+ '$toggle_link' => $link,
+ '$toggle_text' => t('toggle mobile')
+ ));
}
/**
@@ -487,70 +507,6 @@ if (isset($_GET["mode"]) AND ($_GET["mode"] == "raw")) {
session_write_close();
exit;
-} elseif (get_pconfig(local_user(),'system','infinite_scroll')
- AND ($a->module == "network") AND ($_GET["mode"] != "minimal")) {
- if (is_string($_GET["page"]))
- $pageno = $_GET["page"];
- else
- $pageno = 1;
-
- $reload_uri = "";
-
- foreach ($_GET AS $param => $value)
- if (($param != "page") AND ($param != "q"))
- $reload_uri .= "&".$param."=".urlencode($value);
-
- if (($a->page_offset != "") AND !strstr($reload_uri, "&offset="))
- $reload_uri .= "&offset=".urlencode($a->page_offset);
-
-
-$a->page['htmlhead'] .= <<< EOT
-
-
-EOT;
-
}
$page = $a->page;