[Summary view] [Print] [Text view]

   1  <?php
   2  /**
   3   * Forwarder/Router to doku.php
   4   *
   5   * In normal usage, this script simply redirects to doku.php. However it can also be used as a routing
   6   * script with PHP's builtin webserver. It takes care of .htaccess compatible rewriting, directory/file
   7   * access permission checking and passing on static files.
   8   *
   9   * Usage example:
  10   *
  11   *   php -S localhost:8000 index.php
  12   *
  13   * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
  14   * @author     Andreas Gohr <andi@splitbrain.org>
  15   */
  16  if (php_sapi_name() != 'cli-server') {
  17      if (!defined('DOKU_INC')) define('DOKU_INC', dirname(__FILE__) . '/');
  18      require_once (DOKU_INC . 'inc/init.php');
  19  
  20      send_redirect(wl($conf['start']));
  21  }
  22  
  23  // ROUTER starts below
  24  
  25  // avoid path traversal
  26  $_SERVER['SCRIPT_NAME'] = str_replace('/../', '/', $_SERVER['SCRIPT_NAME']);
  27  
  28  // routing aka. rewriting
  29  if (preg_match('/^\/_media\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
  30      // media dispatcher
  31      $_GET['media'] = $m[1];
  32      require $_SERVER['DOCUMENT_ROOT'] . '/lib/exe/fetch.php';
  33  
  34  } elseif (preg_match('/^\/_detail\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
  35      // image detail view
  36      $_GET['media'] = $m[1];
  37      require $_SERVER['DOCUMENT_ROOT'] . '/lib/exe/detail.php';
  38  
  39  } elseif (preg_match('/^\/_export\/([^\/]+)\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
  40      // exports
  41      $_GET['do'] = 'export_' . $m[1];
  42      $_GET['id'] = $m[2];
  43      require $_SERVER['DOCUMENT_ROOT'] . '/doku.php';
  44  
  45  } elseif (
  46      $_SERVER['SCRIPT_NAME'] !== '/index.php' &&
  47      file_exists($_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME'])
  48  ) {
  49      // existing files
  50  
  51      // access limitiations
  52      if (preg_match('/\/([._]ht|README$|VERSION$|COPYING$)/', $_SERVER['SCRIPT_NAME']) or
  53          preg_match('/^\/(data|conf|bin|inc)\//', $_SERVER['SCRIPT_NAME'])
  54      ) {
  55          header('HTTP/1.1 403 Forbidden');
  56          die('Access denied');
  57      }
  58  
  59      if (substr($_SERVER['SCRIPT_NAME'], -4) == '.php') {
  60          # php scripts
  61          require $_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME'];
  62      } else {
  63          # static files
  64          return false;
  65      }
  66  } else {
  67      // treat everything else as a potential wiki page
  68      // working around https://bugs.php.net/bug.php?id=61286
  69      $request_path = preg_split('/\?/', $_SERVER['REQUEST_URI'], 2)[0];
  70      if (isset($_SERVER['PATH_INFO'])) {
  71          $_GET['id'] = $_SERVER['PATH_INFO'];
  72      } elseif ($request_path != '/' && $request_path != '/index.php') {
  73          $_GET['id'] = $_SERVER['SCRIPT_NAME'];
  74      }
  75  
  76      require $_SERVER['DOCUMENT_ROOT'] . '/doku.php';
  77  }