summaryrefslogtreecommitdiff
path: root/platform/www/index.php
blob: da3abe6b5db06b0835b0b2ae966fc6fcc62dca29 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
<?php
/**
 * Forwarder/Router to doku.php
 *
 * In normal usage, this script simply redirects to doku.php. However it can also be used as a routing
 * script with PHP's builtin webserver. It takes care of .htaccess compatible rewriting, directory/file
 * access permission checking and passing on static files.
 *
 * Usage example:
 *
 *   php -S localhost:8000 index.php
 *
 * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
 * @author     Andreas Gohr <andi@splitbrain.org>
 */
if (php_sapi_name() != 'cli-server') {
    if (!defined('DOKU_INC')) define('DOKU_INC', dirname(__FILE__) . '/');
    require_once(DOKU_INC . 'inc/init.php');

    send_redirect(DOKU_URL . 'doku.php');
}

// ROUTER starts below

// avoid path traversal
$_SERVER['SCRIPT_NAME'] = str_replace('/../', '/', $_SERVER['SCRIPT_NAME']);

// routing aka. rewriting
if (preg_match('/^\/_media\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
    // media dispatcher
    $_GET['media'] = $m[1];
    require $_SERVER['DOCUMENT_ROOT'] . '/lib/exe/fetch.php';

} elseif (preg_match('/^\/_detail\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
    // image detail view
    $_GET['media'] = $m[1];
    require $_SERVER['DOCUMENT_ROOT'] . '/lib/exe/detail.php';

} elseif (preg_match('/^\/_export\/([^\/]+)\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
    // exports
    $_GET['do'] = 'export_' . $m[1];
    $_GET['id'] = $m[2];
    require $_SERVER['DOCUMENT_ROOT'] . '/doku.php';

} elseif (
    $_SERVER['SCRIPT_NAME'] !== '/index.php' &&
    file_exists($_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME'])
) {
    // existing files

    // access limitiations
    if (preg_match('/\/([._]ht|README$|VERSION$|COPYING$)/', $_SERVER['SCRIPT_NAME']) or
        preg_match('/^\/(data|conf|bin|inc)\//', $_SERVER['SCRIPT_NAME'])
    ) {
        header('HTTP/1.1 403 Forbidden');
        die('Access denied');
    }

    if (substr($_SERVER['SCRIPT_NAME'], -4) == '.php') {
        # php scripts
        require $_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME'];
    } else {
        # static files
        return false;
    }
} else {
    // treat everything else as a potential wiki page
    // working around https://bugs.php.net/bug.php?id=61286
    $request_path = preg_split('/\?/', $_SERVER['REQUEST_URI'], 2)[0];
    if (isset($_SERVER['PATH_INFO'])) {
        $_GET['id'] = $_SERVER['PATH_INFO'];
    } elseif ($request_path != '/' && $request_path != '/index.php') {
        $_GET['id'] = $_SERVER['SCRIPT_NAME'];
    }

    require $_SERVER['DOCUMENT_ROOT'] . '/doku.php';
}