xref: /dokuwiki/index.php (revision f9a94e78392d6a178b0e7f29a005688fc44e5cc3) 
1<?php
2/**
3 * Forwarder/Router to doku.php
4 *
5 * In normal usage, this script simply redirects to doku.php. However it can also be used as a routing
6 * script with PHP's builtin webserver. It takes care of .htaccess compatible rewriting, directory/file
7 * access permission checking and passing on static files.
8 *
9 * Usage example:
10 *
11 *   php -S localhost:8000 index.php
12 *
13 * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
14 * @author     Andreas Gohr <andi@splitbrain.org>
15 */
16if (PHP_SAPI != 'cli-server') {
17    if (!defined('DOKU_INC')) define('DOKU_INC', __DIR__ . '/');
18    require_once(DOKU_INC . 'inc/init.php');
19
20    send_redirect(wl($conf['start']));
21}
22
23// ROUTER starts below
24
25// avoid path traversal
26$_SERVER['SCRIPT_NAME'] = str_replace('/../', '/', $_SERVER['SCRIPT_NAME']);
27
28// routing aka. rewriting
29if (preg_match('/^\/_media\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
30    // media dispatcher
31    $_GET['media'] = $m[1];
32    require $_SERVER['DOCUMENT_ROOT'] . '/lib/exe/fetch.php';
33} elseif (preg_match('/^\/_detail\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
34    // image detail view
35    $_GET['media'] = $m[1];
36    require $_SERVER['DOCUMENT_ROOT'] . '/lib/exe/detail.php';
37} elseif (preg_match('/^\/_export\/([^\/]+)\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
38    // exports
39    $_GET['do'] = 'export_' . $m[1];
40    $_GET['id'] = $m[2];
41    require $_SERVER['DOCUMENT_ROOT'] . '/doku.php';
42} elseif (
43    $_SERVER['SCRIPT_NAME'] !== '/index.php' &&
44    file_exists($_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME'])
45) {
46    // existing files
47
48    // access limitiations
49    if (
50        preg_match('/\/([._]ht|README$|VERSION$|COPYING$)/', $_SERVER['SCRIPT_NAME']) ||
51        preg_match('/^\/(data|conf|bin|inc)\//', $_SERVER['SCRIPT_NAME'])
52    ) {
53        header('HTTP/1.1 403 Forbidden');
54        die('Access denied');
55    }
56
57    if (substr($_SERVER['SCRIPT_NAME'], -4) == '.php') {
58        # php scripts
59        require $_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME'];
60    } else {
61        # static files
62        return false;
63    }
64} else {
65    // treat everything else as a potential wiki page
66    // working around https://bugs.php.net/bug.php?id=61286
67    $request_path = preg_split('/\?/', $_SERVER['REQUEST_URI'], 2)[0];
68    if (isset($_SERVER['PATH_INFO'])) {
69        $_GET['id'] = $_SERVER['PATH_INFO'];
70    } elseif ($request_path != '/' && $request_path != '/index.php') {
71        $_GET['id'] = $_SERVER['SCRIPT_NAME'];
72    }
73
74    require $_SERVER['DOCUMENT_ROOT'] . '/doku.php';
75}
76