-
-
Notifications
You must be signed in to change notification settings - Fork 856
/
index.php
77 lines (68 loc) · 2.47 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
<?php
/**
* Forwarder/Router to doku.php
*
* In normal usage, this script simply redirects to doku.php. However it can also be used as a routing
* script with PHP's builtin webserver. It takes care of .htaccess compatible rewriting, directory/file
* access permission checking and passing on static files.
*
* Usage example:
*
* php -S localhost:8000 index.php
*
* @license GPL 2 (http://www.gnu.org/licenses/gpl.html)
* @author Andreas Gohr <[email protected]>
*/
if (PHP_SAPI != 'cli-server') {
if (!defined('DOKU_INC')) define('DOKU_INC', __DIR__ . '/');
require_once(DOKU_INC . 'inc/init.php');
send_redirect(wl($conf['start']));
}
// ROUTER starts below
// avoid path traversal
$_SERVER['SCRIPT_NAME'] = str_replace('/../', '/', $_SERVER['SCRIPT_NAME']);
// routing aka. rewriting
if (preg_match('/^\/_media\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
// media dispatcher
$_GET['media'] = $m[1];
require $_SERVER['DOCUMENT_ROOT'] . '/lib/exe/fetch.php';
} elseif (preg_match('/^\/_detail\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
// image detail view
$_GET['media'] = $m[1];
require $_SERVER['DOCUMENT_ROOT'] . '/lib/exe/detail.php';
} elseif (preg_match('/^\/_export\/([^\/]+)\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
// exports
$_GET['do'] = 'export_' . $m[1];
$_GET['id'] = $m[2];
require $_SERVER['DOCUMENT_ROOT'] . '/doku.php';
} elseif (
$_SERVER['SCRIPT_NAME'] !== '/index.php' &&
file_exists($_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME'])
) {
// existing files
// access limitiations
if (
preg_match('/\/([._]ht|README$|VERSION$|COPYING$)/', $_SERVER['SCRIPT_NAME']) ||
preg_match('/^\/(data|conf|bin|inc)\//', $_SERVER['SCRIPT_NAME'])
) {
header('HTTP/1.1 403 Forbidden');
die('Access denied');
}
if (str_ends_with($_SERVER['SCRIPT_NAME'], '.php')) {
# php scripts
require $_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME'];
} else {
# static files
return false;
}
} else {
// treat everything else as a potential wiki page
// working around https://bugs.php.net/bug.php?id=61286
$request_path = preg_split('/\?/', $_SERVER['REQUEST_URI'], 2)[0];
if (isset($_SERVER['PATH_INFO'])) {
$_GET['id'] = $_SERVER['PATH_INFO'];
} elseif ($request_path != '/' && $request_path != '/index.php') {
$_GET['id'] = $_SERVER['SCRIPT_NAME'];
}
require $_SERVER['DOCUMENT_ROOT'] . '/doku.php';
}