function drupal_environment_initialize

Initializes the PHP environment.

1 call to drupal_environment_initialize()
_drupal_bootstrap_configuration in includes/bootstrap.inc
Sets up the script environment and loads settings.php.

File

includes/bootstrap.inc, line 659

Code

function drupal_environment_initialize() {
    if (!isset($_SERVER['HTTP_REFERER'])) {
        $_SERVER['HTTP_REFERER'] = '';
    }
    if (!isset($_SERVER['SERVER_PROTOCOL']) || $_SERVER['SERVER_PROTOCOL'] != 'HTTP/1.0' && $_SERVER['SERVER_PROTOCOL'] != 'HTTP/1.1') {
        $_SERVER['SERVER_PROTOCOL'] = 'HTTP/1.0';
    }
    if (isset($_SERVER['HTTP_HOST'])) {
        // As HTTP_HOST is user input, ensure it only contains characters allowed
        // in hostnames. See RFC 952 (and RFC 2181).
        // $_SERVER['HTTP_HOST'] is lowercased here per specifications.
        $_SERVER['HTTP_HOST'] = strtolower($_SERVER['HTTP_HOST']);
        if (!drupal_valid_http_host($_SERVER['HTTP_HOST'])) {
            // HTTP_HOST is invalid, e.g. if containing slashes it may be an attack.
            header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request');
            exit;
        }
    }
    else {
        // Some pre-HTTP/1.1 clients will not send a Host header. Ensure the key is
        // defined for E_ALL compliance.
        $_SERVER['HTTP_HOST'] = '';
    }
    // When clean URLs are enabled, emulate ?q=foo/bar using REQUEST_URI. It is
    // not possible to append the query string using mod_rewrite without the B
    // flag (this was added in Apache 2.2.8), because mod_rewrite unescapes the
    // path before passing it on to PHP. This is a problem when the path contains
    // e.g. "&" or "%" that have special meanings in URLs and must be encoded.
    $_GET['q'] = request_path();
    // Enforce E_ALL, but allow users to set levels not part of E_ALL.
    error_reporting(E_ALL | error_reporting());
    // Override PHP settings required for Drupal to work properly.
    // sites/default/default.settings.php contains more runtime settings.
    // The .htaccess file contains settings that cannot be changed at runtime.
    // Don't escape quotes when reading files from the database, disk, etc.
    ini_set('magic_quotes_runtime', '0');
    // Use session cookies, not transparent sessions that puts the session id in
    // the query string.
    ini_set('session.use_cookies', '1');
    ini_set('session.use_only_cookies', '1');
    ini_set('session.use_trans_sid', '0');
    // Don't send HTTP headers using PHP's session handler.
    // An empty string is used here to disable the cache limiter.
    ini_set('session.cache_limiter', '');
    // Use httponly session cookies.
    ini_set('session.cookie_httponly', '1');
    // Set sane locale settings, to ensure consistent string, dates, times and
    // numbers handling.
    setlocale(LC_ALL, 'C');
    // PHP's built-in phar:// stream wrapper is not sufficiently secure. Override
    // it with a more secure one, which requires PHP 5.3.3. For lower versions,
    // unregister the built-in one without replacing it. Sites needing phar
    // support for lower PHP versions must implement hook_stream_wrappers() to
    // register their desired implementation.
    if (in_array('phar', stream_get_wrappers(), TRUE)) {
        stream_wrapper_unregister('phar');
        if (version_compare(PHP_VERSION, '5.3.3', '>=')) {
            include_once DRUPAL_ROOT . '/includes/file.phar.inc';
            file_register_phar_wrapper();
        }
    }
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.