115fae107Sandi<?php 2d4f83172SAndreas Gohr 315fae107Sandi/** 47aaab109SAndreas Gohr * Forwarder/Router to doku.php 57aaab109SAndreas Gohr * 67aaab109SAndreas Gohr * In normal usage, this script simply redirects to doku.php. However it can also be used as a routing 77aaab109SAndreas Gohr * script with PHP's builtin webserver. It takes care of .htaccess compatible rewriting, directory/file 87aaab109SAndreas Gohr * access permission checking and passing on static files. 97aaab109SAndreas Gohr * 107aaab109SAndreas Gohr * Usage example: 117aaab109SAndreas Gohr * 127aaab109SAndreas Gohr * php -S localhost:8000 index.php 1315fae107Sandi * 1415fae107Sandi * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) 1515fae107Sandi * @author Andreas Gohr <andi@splitbrain.org> 1615fae107Sandi */ 17d4f83172SAndreas Gohr 18b1f206e1SAndreas Gohrif (PHP_SAPI != 'cli-server') { 19b1f206e1SAndreas Gohr if (!defined('DOKU_INC')) define('DOKU_INC', __DIR__ . '/'); 207f4718ddSPhy require_once(DOKU_INC . 'inc/init.php'); 217f4718ddSPhy 22aceca2ebSSchplurtz le Déboulonné send_redirect(wl($conf['start'])); 237aaab109SAndreas Gohr} 247aaab109SAndreas Gohr 257f153c56SAndreas Gohr// ROUTER starts below 267aaab109SAndreas Gohr 277f153c56SAndreas Gohr// avoid path traversal 287aaab109SAndreas Gohr$_SERVER['SCRIPT_NAME'] = str_replace('/../', '/', $_SERVER['SCRIPT_NAME']); 297aaab109SAndreas Gohr 307f153c56SAndreas Gohr// routing aka. rewriting 317aaab109SAndreas Gohrif (preg_match('/^\/_media\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) { 327f153c56SAndreas Gohr // media dispatcher 337aaab109SAndreas Gohr $_GET['media'] = $m[1]; 347aaab109SAndreas Gohr require $_SERVER['DOCUMENT_ROOT'] . '/lib/exe/fetch.php'; 357aaab109SAndreas Gohr} elseif (preg_match('/^\/_detail\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) { 367f153c56SAndreas Gohr // image detail view 377aaab109SAndreas Gohr $_GET['media'] = $m[1]; 387aaab109SAndreas Gohr require $_SERVER['DOCUMENT_ROOT'] . '/lib/exe/detail.php'; 3962c31ba5SRainbow Spike} elseif (preg_match('/^\/_export\/([^\/]+)\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) { 407f153c56SAndreas Gohr // exports 417aaab109SAndreas Gohr $_GET['do'] = 'export_' . $m[1]; 427aaab109SAndreas Gohr $_GET['id'] = $m[2]; 437aaab109SAndreas Gohr require $_SERVER['DOCUMENT_ROOT'] . '/doku.php'; 447f153c56SAndreas Gohr} elseif ( 457f153c56SAndreas Gohr $_SERVER['SCRIPT_NAME'] !== '/index.php' && 467f153c56SAndreas Gohr file_exists($_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME']) 477f153c56SAndreas Gohr) { 487f153c56SAndreas Gohr // existing files 497aaab109SAndreas Gohr 507f153c56SAndreas Gohr // access limitiations 51b1f206e1SAndreas Gohr if ( 52b1f206e1SAndreas Gohr preg_match('/\/([._]ht|README$|VERSION$|COPYING$)/', $_SERVER['SCRIPT_NAME']) || 5373cc470bSAndreas Gohr preg_match('/^\/(data|conf|bin|inc)\//', $_SERVER['SCRIPT_NAME']) 547aaab109SAndreas Gohr ) { 55a4d15dc0SAndreas Gohr header('HTTP/1.1 403 Forbidden'); 567aaab109SAndreas Gohr die('Access denied'); 577aaab109SAndreas Gohr } 587aaab109SAndreas Gohr 59*1b2deed9Sfiwswe if (str_ends_with($_SERVER['SCRIPT_NAME'], '.php')) { 607aaab109SAndreas Gohr # php scripts 617aaab109SAndreas Gohr require $_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME']; 627aaab109SAndreas Gohr } else { 637aaab109SAndreas Gohr # static files 647aaab109SAndreas Gohr return false; 657aaab109SAndreas Gohr } 667f153c56SAndreas Gohr} else { 677f153c56SAndreas Gohr // treat everything else as a potential wiki page 687f153c56SAndreas Gohr // working around https://bugs.php.net/bug.php?id=61286 69d40ef125SAndreas Gohr $request_path = preg_split('/\?/', $_SERVER['REQUEST_URI'], 2)[0]; 707f153c56SAndreas Gohr if (isset($_SERVER['PATH_INFO'])) { 717f153c56SAndreas Gohr $_GET['id'] = $_SERVER['PATH_INFO']; 7209f71c98SAndreas Gohr } elseif ($request_path != '/' && $request_path != '/index.php') { 737f153c56SAndreas Gohr $_GET['id'] = $_SERVER['SCRIPT_NAME']; 747aaab109SAndreas Gohr } 757f153c56SAndreas Gohr 767f153c56SAndreas Gohr require $_SERVER['DOCUMENT_ROOT'] . '/doku.php'; 777f153c56SAndreas Gohr} 78