master

分支 (62)

标签 (86)

管理

管理

master

woltlab

extensionmanager

stable

old-stable

strftime

emptydirdefault

rectordebug

openapi

phpunit9

searchIndex-collections

editorjs-cleanup

deployment

wintest

logunevent

logevent

searchIndex-restructure

searchIndex

revdiffexternaledits

docker

release-2024-02-06a

release-2024-02-06

release-2022-07-31b

release-2023-04-04a

release-2023-04-04

release-2022-07-31a

release-2020-07-29a

release-2022-07-31

release-2022-06-26rc

release-2020-07-29

release-2020-06-09rc

release-2020-06-03rc

release-2020-06-01rc

release-2017-02-19g

release-2018-04-22c

release-2017-02-19f

release-2018-04-22b

release-2018-08-06

release-2018-04-22a

release-2018-04-22

DokuWiki
/
index.php

<?php

/**
 * Forwarder/Router to doku.php
 *
 * In normal usage, this script simply redirects to doku.php. However it can also be used as a routing
 * script with PHP's builtin webserver. It takes care of .htaccess compatible rewriting, directory/file
 * access permission checking and passing on static files.
 *
 * Usage example:
 *
 *   php -S localhost:8000 index.php
 *
 * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
 * @author     Andreas Gohr <andi@splitbrain.org>
 */

if (PHP_SAPI != 'cli-server') {
    if (!defined('DOKU_INC')) define('DOKU_INC', __DIR__ . '/');
    require_once(DOKU_INC . 'inc/init.php');

    send_redirect(wl($conf['start']));
}

// ROUTER starts below

// avoid path traversal
$_SERVER['SCRIPT_NAME'] = str_replace('/../', '/', $_SERVER['SCRIPT_NAME']);

// routing aka. rewriting
if (preg_match('/^\/_media\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
    // media dispatcher
    $_GET['media'] = $m[1];
    require $_SERVER['DOCUMENT_ROOT'] . '/lib/exe/fetch.php';
} elseif (preg_match('/^\/_detail\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
    // image detail view
    $_GET['media'] = $m[1];
    require $_SERVER['DOCUMENT_ROOT'] . '/lib/exe/detail.php';
} elseif (preg_match('/^\/_export\/([^\/]+)\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
    // exports
    $_GET['do'] = 'export_' . $m[1];
    $_GET['id'] = $m[2];
    require $_SERVER['DOCUMENT_ROOT'] . '/doku.php';
} elseif (
    $_SERVER['SCRIPT_NAME'] !== '/index.php' &&
    file_exists($_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME'])
) {
    // existing files

    // access limitiations
    if (
        preg_match('/\/([._]ht|README$|VERSION$|COPYING$)/', $_SERVER['SCRIPT_NAME']) ||
        preg_match('/^\/(data|conf|bin|inc)\//', $_SERVER['SCRIPT_NAME'])
    ) {
        header('HTTP/1.1 403 Forbidden');
        die('Access denied');
    }

    if (str_ends_with($_SERVER['SCRIPT_NAME'], '.php')) {
        # php scripts
        require $_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME'];
    } else {
        # static files
        return false;
    }
} else {
    // treat everything else as a potential wiki page
    // working around https://bugs.php.net/bug.php?id=61286
    $request_path = preg_split('/\?/', $_SERVER['REQUEST_URI'], 2)[0];
    if (isset($_SERVER['PATH_INFO'])) {
        $_GET['id'] = $_SERVER['PATH_INFO'];
    } elseif ($request_path != '/' && $request_path != '/index.php') {
        $_GET['id'] = $_SERVER['SCRIPT_NAME'];
    }

    require $_SERVER['DOCUMENT_ROOT'] . '/doku.php';
}