function _drupal_bootstrap_variables
_drupal_bootstrap_variables()
Loads system variables and all enabled bootstrap modules.
File
- includes/bootstrap.inc, line 2736
- Functions that need to be loaded on every Drupal request.
Code
function _drupal_bootstrap_variables() { global $conf; // Initialize the lock system. require_once DRUPAL_ROOT . '/' . variable_get('lock_inc', 'includes/lock.inc'); lock_initialize(); // Load variables from the database, but do not overwrite variables set in settings.php. $conf = variable_initialize(isset($conf) ? $conf : array()); // Load bootstrap modules. require_once DRUPAL_ROOT . '/includes/module.inc'; module_load_all(TRUE); // Sanitize the destination parameter (which is often used for redirects) to // prevent open redirect attacks leading to other domains. Sanitize both // $_GET['destination'] and $_REQUEST['destination'] to protect code that // relies on either, but do not sanitize $_POST to avoid interfering with // unrelated form submissions. The sanitization happens here because // url_is_external() requires the variable system to be available. if (isset($_GET['destination']) || isset($_REQUEST['destination'])) { require_once DRUPAL_ROOT . '/includes/common.inc'; // If the destination is an external URL, remove it. if (isset($_GET['destination']) && url_is_external($_GET['destination'])) { unset($_GET['destination']); unset($_REQUEST['destination']); } // If there's still something in $_REQUEST['destination'] that didn't come // from $_GET, check it too. if (isset($_REQUEST['destination']) && (!isset($_GET['destination']) || $_REQUEST['destination'] != $_GET['destination']) && url_is_external($_REQUEST['destination'])) { unset($_REQUEST['destination']); } } }
© 2001–2016 by the original authors
Licensed under the GNU General Public License, version 2 and later.
Drupal is a registered trademark of Dries Buytaert.
https://api.drupal.org/api/drupal/includes!bootstrap.inc/function/_drupal_bootstrap_variables/7.x