index.php 2.5 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677
  1. <?php
  2. /**
  3. * Forwarder/Router to doku.php
  4. *
  5. * In normal usage, this script simply redirects to doku.php. However it can also be used as a routing
  6. * script with PHP's builtin webserver. It takes care of .htaccess compatible rewriting, directory/file
  7. * access permission checking and passing on static files.
  8. *
  9. * Usage example:
  10. *
  11. * php -S localhost:8000 index.php
  12. *
  13. * @license GPL 2 (http://www.gnu.org/licenses/gpl.html)
  14. * @author Andreas Gohr <andi@splitbrain.org>
  15. */
  16. if (php_sapi_name() != 'cli-server') {
  17. if (!defined('DOKU_INC')) define('DOKU_INC', dirname(__FILE__) . '/');
  18. require_once(DOKU_INC . 'inc/init.php');
  19. send_redirect(wl($conf['start']));
  20. }
  21. // ROUTER starts below
  22. // avoid path traversal
  23. $_SERVER['SCRIPT_NAME'] = str_replace('/../', '/', $_SERVER['SCRIPT_NAME']);
  24. // routing aka. rewriting
  25. if (preg_match('/^\/_media\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
  26. // media dispatcher
  27. $_GET['media'] = $m[1];
  28. require $_SERVER['DOCUMENT_ROOT'] . '/lib/exe/fetch.php';
  29. } elseif (preg_match('/^\/_detail\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
  30. // image detail view
  31. $_GET['media'] = $m[1];
  32. require $_SERVER['DOCUMENT_ROOT'] . '/lib/exe/detail.php';
  33. } elseif (preg_match('/^\/_export\/([^\/]+)\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
  34. // exports
  35. $_GET['do'] = 'export_' . $m[1];
  36. $_GET['id'] = $m[2];
  37. require $_SERVER['DOCUMENT_ROOT'] . '/doku.php';
  38. } elseif (
  39. $_SERVER['SCRIPT_NAME'] !== '/index.php' &&
  40. file_exists($_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME'])
  41. ) {
  42. // existing files
  43. // access limitiations
  44. if (preg_match('/\/([._]ht|README$|VERSION$|COPYING$)/', $_SERVER['SCRIPT_NAME']) or
  45. preg_match('/^\/(data|conf|bin|inc)\//', $_SERVER['SCRIPT_NAME'])
  46. ) {
  47. header('HTTP/1.1 403 Forbidden');
  48. die('Access denied');
  49. }
  50. if (substr($_SERVER['SCRIPT_NAME'], -4) == '.php') {
  51. # php scripts
  52. require $_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME'];
  53. } else {
  54. # static files
  55. return false;
  56. }
  57. } else {
  58. // treat everything else as a potential wiki page
  59. // working around https://bugs.php.net/bug.php?id=61286
  60. $request_path = preg_split('/\?/', $_SERVER['REQUEST_URI'], 2)[0];
  61. if (isset($_SERVER['PATH_INFO'])) {
  62. $_GET['id'] = $_SERVER['PATH_INFO'];
  63. } elseif ($request_path != '/' && $request_path != '/index.php') {
  64. $_GET['id'] = $_SERVER['SCRIPT_NAME'];
  65. }
  66. require $_SERVER['DOCUMENT_ROOT'] . '/doku.php';
  67. }