1<?php
2/**
3 * Forwarder/Router to doku.php
4 *
5 * In normal usage, this script simply redirects to doku.php. However it can also be used as a routing
6 * script with PHP's builtin webserver. It takes care of .htaccess compatible rewriting, directory/file
7 * access permission checking and passing on static files.
8 *
9 * Usage example:
10 *
11 *   php -S localhost:8000 index.php
12 *
13 * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
14 * @author     Andreas Gohr <andi@splitbrain.org>
15 */
16if (php_sapi_name() != 'cli-server') {
17    if (!defined('DOKU_INC')) define('DOKU_INC', dirname(__FILE__) . '/');
18    require_once(DOKU_INC . 'inc/init.php');
19
20    send_redirect(wl($conf['start']));
21}
22
23// ROUTER starts below
24
25// avoid path traversal
26$_SERVER['SCRIPT_NAME'] = str_replace('/../', '/', $_SERVER['SCRIPT_NAME']);
27
28// routing aka. rewriting
29if (preg_match('/^\/_media\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
30    // media dispatcher
31    $_GET['media'] = $m[1];
32    require $_SERVER['DOCUMENT_ROOT'] . '/lib/exe/fetch.php';
33
34} elseif (preg_match('/^\/_detail\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
35    // image detail view
36    $_GET['media'] = $m[1];
37    require $_SERVER['DOCUMENT_ROOT'] . '/lib/exe/detail.php';
38
39} elseif (preg_match('/^\/_export\/([^\/]+)\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
40    // exports
41    $_GET['do'] = 'export_' . $m[1];
42    $_GET['id'] = $m[2];
43    require $_SERVER['DOCUMENT_ROOT'] . '/doku.php';
44
45} elseif (
46    $_SERVER['SCRIPT_NAME'] !== '/index.php' &&
47    file_exists($_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME'])
48) {
49    // existing files
50
51    // access limitiations
52    if (preg_match('/\/([._]ht|README$|VERSION$|COPYING$)/', $_SERVER['SCRIPT_NAME']) or
53        preg_match('/^\/(data|conf|bin|inc)\//', $_SERVER['SCRIPT_NAME'])
54    ) {
55        header('HTTP/1.1 403 Forbidden');
56        die('Access denied');
57    }
58
59    if (substr($_SERVER['SCRIPT_NAME'], -4) == '.php') {
60        # php scripts
61        require $_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME'];
62    } else {
63        # static files
64        return false;
65    }
66} else {
67    // treat everything else as a potential wiki page
68    // working around https://bugs.php.net/bug.php?id=61286
69    $request_path = preg_split('/\?/', $_SERVER['REQUEST_URI'], 2)[0];
70    if (isset($_SERVER['PATH_INFO'])) {
71        $_GET['id'] = $_SERVER['PATH_INFO'];
72    } elseif ($request_path != '/' && $request_path != '/index.php') {
73        $_GET['id'] = $_SERVER['SCRIPT_NAME'];
74    }
75
76    require $_SERVER['DOCUMENT_ROOT'] . '/doku.php';
77}
78