forked from dokuwiki/dokuwiki
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.php
68 lines (59 loc) · 2.05 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
<?php
/**
* Forwarder/Router to doku.php
*
* In normal usage, this script simply redirects to doku.php. However it can also be used as a routing
* script with PHP's builtin webserver. It takes care of .htaccess compatible rewriting, directory/file
* access permission checking and passing on static files.
*
* Usage example:
*
* php -S localhost:8000 index.php
*
* @license GPL 2 (http://www.gnu.org/licenses/gpl.html)
* @author Andreas Gohr <[email protected]>
*/
if(php_sapi_name() != 'cli-server') {
header("Location: doku.php");
exit;
}
# ROUTER starts below
# avoid path traversal
$_SERVER['SCRIPT_NAME'] = str_replace('/../', '/', $_SERVER['SCRIPT_NAME']);
# routing aka. rewriting
if(preg_match('/^\/_media\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
# media dispatcher
$_GET['media'] = $m[1];
require $_SERVER['DOCUMENT_ROOT'] . '/lib/exe/fetch.php';
} else if(preg_match('/^\/_detail\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
# image detail view
$_GET['media'] = $m[1];
require $_SERVER['DOCUMENT_ROOT'] . '/lib/exe/detail.php';
} else if(preg_match('/^\/_media\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
# exports
$_GET['do'] = 'export_' . $m[1];
$_GET['id'] = $m[2];
require $_SERVER['DOCUMENT_ROOT'] . '/doku.php';
} elseif($_SERVER['SCRIPT_NAME'] == '/index.php') {
# 404s are automatically mapped to index.php
if(isset($_SERVER['PATH_INFO'])) {
$_GET['id'] = $_SERVER['PATH_INFO'];
}
require $_SERVER['DOCUMENT_ROOT'] . '/doku.php';
} else if(file_exists($_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME'])) {
# existing files
# access limitiations
if(preg_match('/\/([\._]ht|README$|VERSION$|COPYING$)/', $_SERVER['SCRIPT_NAME']) or
preg_match('/^\/(data|conf|bin|inc)\//', $_SERVER['SCRIPT_NAME'])
) {
die('Access denied');
}
if(substr($_SERVER['SCRIPT_NAME'], -4) == '.php') {
# php scripts
require $_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME'];
} else {
# static files
return false;
}
}
# 404