[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  /**
   4   * Forwarder/Router to doku.php
   5   *
   6   * In normal usage, this script simply redirects to doku.php. However it can also be used as a routing
   7   * script with PHP's builtin webserver. It takes care of .htaccess compatible rewriting, directory/file
   8   * access permission checking and passing on static files.
   9   *
  10   * Usage example:
  11   *
  12   *   php -S localhost:8000 index.php
  13   *
  14   * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
  15   * @author     Andreas Gohr <andi@splitbrain.org>
  16   */
  17  
  18  if (PHP_SAPI != 'cli-server') {
  19      if (!defined('DOKU_INC')) define('DOKU_INC', __DIR__ . '/');
  20      require_once (DOKU_INC . 'inc/init.php');
  21  
  22      send_redirect(wl($conf['start']));
  23  }
  24  
  25  // ROUTER starts below
  26  
  27  // avoid path traversal
  28  $_SERVER['SCRIPT_NAME'] = str_replace('/../', '/', $_SERVER['SCRIPT_NAME']);
  29  
  30  // routing aka. rewriting
  31  if (preg_match('/^\/_media\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
  32      // media dispatcher
  33      $_GET['media'] = $m[1];
  34      require $_SERVER['DOCUMENT_ROOT'] . '/lib/exe/fetch.php';
  35  } elseif (preg_match('/^\/_detail\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
  36      // image detail view
  37      $_GET['media'] = $m[1];
  38      require $_SERVER['DOCUMENT_ROOT'] . '/lib/exe/detail.php';
  39  } elseif (preg_match('/^\/_export\/([^\/]+)\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
  40      // exports
  41      $_GET['do'] = 'export_' . $m[1];
  42      $_GET['id'] = $m[2];
  43      require $_SERVER['DOCUMENT_ROOT'] . '/doku.php';
  44  } elseif (
  45      $_SERVER['SCRIPT_NAME'] !== '/index.php' &&
  46      file_exists($_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME'])
  47  ) {
  48      // existing files
  49  
  50      // access limitiations
  51      if (
  52          preg_match('/\/([._]ht|README$|VERSION$|COPYING$)/', $_SERVER['SCRIPT_NAME']) ||
  53          preg_match('/^\/(data|conf|bin|inc)\//', $_SERVER['SCRIPT_NAME'])
  54      ) {
  55          header('HTTP/1.1 403 Forbidden');
  56          die('Access denied');
  57      }
  58  
  59      if (str_ends_with($_SERVER['SCRIPT_NAME'], '.php')) {
  60          # php scripts
  61          require $_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME'];
  62      } else {
  63          # static files
  64          return false;
  65      }
  66  } else {
  67      // treat everything else as a potential wiki page
  68      // working around https://bugs.php.net/bug.php?id=61286
  69      $request_path = preg_split('/\?/', $_SERVER['REQUEST_URI'], 2)[0];
  70      if (isset($_SERVER['PATH_INFO'])) {
  71          $_GET['id'] = $_SERVER['PATH_INFO'];
  72      } elseif ($request_path != '/' && $request_path != '/index.php') {
  73          $_GET['id'] = $_SERVER['SCRIPT_NAME'];
  74      }
  75  
  76      require $_SERVER['DOCUMENT_ROOT'] . '/doku.php';
  77  }