1<?php
2
3/**
4 * Forwarder/Router to doku.php
5 *
6 * In normal usage, this script simply redirects to doku.php. However it can also be used as a routing
7 * script with PHP's builtin webserver. It takes care of .htaccess compatible rewriting, directory/file
8 * access permission checking and passing on static files.
9 *
10 * Usage example:
11 *
12 *   php -S localhost:8000 index.php
13 *
14 * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
15 * @author     Andreas Gohr <andi@splitbrain.org>
16 */
17
18if (PHP_SAPI != 'cli-server') {
19    if (!defined('DOKU_INC')) define('DOKU_INC', __DIR__ . '/');
20    require_once(DOKU_INC . 'inc/init.php');
21
22    send_redirect(wl($conf['start']));
23}
24
25// ROUTER starts below
26
27// avoid path traversal
28$_SERVER['SCRIPT_NAME'] = str_replace('/../', '/', $_SERVER['SCRIPT_NAME']);
29
30// routing aka. rewriting
31if (preg_match('/^\/_media\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
32    // media dispatcher
33    $_GET['media'] = $m[1];
34    require $_SERVER['DOCUMENT_ROOT'] . '/lib/exe/fetch.php';
35} elseif (preg_match('/^\/_detail\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
36    // image detail view
37    $_GET['media'] = $m[1];
38    require $_SERVER['DOCUMENT_ROOT'] . '/lib/exe/detail.php';
39} elseif (preg_match('/^\/_export\/([^\/]+)\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
40    // exports
41    $_GET['do'] = 'export_' . $m[1];
42    $_GET['id'] = $m[2];
43    require $_SERVER['DOCUMENT_ROOT'] . '/doku.php';
44} elseif (
45    $_SERVER['SCRIPT_NAME'] !== '/index.php' &&
46    file_exists($_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME'])
47) {
48    // existing files
49
50    // access limitiations
51    if (
52        preg_match('/\/([._]ht|README$|VERSION$|COPYING$)/', $_SERVER['SCRIPT_NAME']) ||
53        preg_match('/^\/(data|conf|bin|inc)\//', $_SERVER['SCRIPT_NAME'])
54    ) {
55        header('HTTP/1.1 403 Forbidden');
56        die('Access denied');
57    }
58
59    if (str_ends_with($_SERVER['SCRIPT_NAME'], '.php')) {
60        # php scripts
61        require $_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME'];
62    } else {
63        # static files
64        return false;
65    }
66} else {
67    // treat everything else as a potential wiki page
68    // working around https://bugs.php.net/bug.php?id=61286
69    $request_path = preg_split('/\?/', $_SERVER['REQUEST_URI'], 2)[0];
70    if (isset($_SERVER['PATH_INFO'])) {
71        $_GET['id'] = $_SERVER['PATH_INFO'];
72    } elseif ($request_path != '/' && $request_path != '/index.php') {
73        $_GET['id'] = $_SERVER['SCRIPT_NAME'];
74    }
75
76    require $_SERVER['DOCUMENT_ROOT'] . '/doku.php';
77}
78