dokuwiki/index.php

<?php

/**
 * Forwarder/Router to doku.php
 *
 * In normal usage, this script simply redirects to doku.php. However it can also be used as a routing
 * script with PHP's builtin webserver. It takes care of .htaccess compatible rewriting, directory/file
 * access permission checking and passing on static files.
 *
 * Usage example:
 *
 *   php -S localhost:8000 index.php
 *
 * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
 * @author     Andreas Gohr <andi@splitbrain.org>
 */

if (PHP_SAPI != 'cli-server') {
    if (!defined('DOKU_INC')) define('DOKU_INC', __DIR__ . '/');
    require_once(DOKU_INC . 'inc/init.php');

    send_redirect(wl($conf['start']));
}

// ROUTER starts below

// avoid path traversal
$_SERVER['SCRIPT_NAME'] = str_replace('/../', '/', $_SERVER['SCRIPT_NAME']);

// routing aka. rewriting
if (preg_match('/^\/_media\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
    // media dispatcher
    $_GET['media'] = $m[1];
    require $_SERVER['DOCUMENT_ROOT'] . '/lib/exe/fetch.php';
} elseif (preg_match('/^\/_detail\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
    // image detail view
    $_GET['media'] = $m[1];
    require $_SERVER['DOCUMENT_ROOT'] . '/lib/exe/detail.php';
} elseif (preg_match('/^\/_export\/([^\/]+)\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {
    // exports
    $_GET['do'] = 'export_' . $m[1];
    $_GET['id'] = $m[2];
    require $_SERVER['DOCUMENT_ROOT'] . '/doku.php';
} elseif (
    $_SERVER['SCRIPT_NAME'] !== '/index.php' &&
    file_exists($_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME'])
) {
    // existing files

    // access limitiations
    if (
        preg_match('/\/([._]ht|README$|VERSION$|COPYING$)/', $_SERVER['SCRIPT_NAME']) ||
        preg_match('/^\/(data|conf|bin|inc)\//', $_SERVER['SCRIPT_NAME'])
    ) {
        header('HTTP/1.1 403 Forbidden');
        die('Access denied');
    }

    if (str_ends_with($_SERVER['SCRIPT_NAME'], '.php')) {
        # php scripts
        require $_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME'];
    } else {
        # static files
        return false;
    }
} else {
    // treat everything else as a potential wiki page
    // working around https://bugs.php.net/bug.php?id=61286
    $request_path = preg_split('/\?/', $_SERVER['REQUEST_URI'], 2)[0];
    if (isset($_SERVER['PATH_INFO'])) {
        $_GET['id'] = $_SERVER['PATH_INFO'];
    } elseif ($request_path != '/' && $request_path != '/index.php') {
        $_GET['id'] = $_SERVER['SCRIPT_NAME'];
    }

    require $_SERVER['DOCUMENT_ROOT'] . '/doku.php';
}
phpdoc comments darcs-hash:20050114164057-9977f-e4936fde9037c65c3f32c30b31b2b7df35732f3a.gz 2005-01-14 17:40:57 +01:00			`<?php`
code style: line breaks 2023-08-31 22:44:40 +02:00
phpdoc comments darcs-hash:20050114164057-9977f-e4936fde9037c65c3f32c30b31b2b7df35732f3a.gz 2005-01-14 17:40:57 +01:00			`/**`
implements a router for the PHP builtin webserver PHP comes with a builtin webserver for development purposes. This adds the needed routing and also enables rewriting compatible to out userewrite=1 setting. It also implements basic access security (denying access to the data directory and similar directories) A PHP based webserver running DokuWiki can now be started with php -S localhost:8000 index.php 2015-10-27 21:30:58 +01:00			`* Forwarder/Router to doku.php`
			`*`
			`* In normal usage, this script simply redirects to doku.php. However it can also be used as a routing`
			`* script with PHP's builtin webserver. It takes care of .htaccess compatible rewriting, directory/file`
			`* access permission checking and passing on static files.`
			`*`
			`* Usage example:`
			`*`
			`* php -S localhost:8000 index.php`
phpdoc comments darcs-hash:20050114164057-9977f-e4936fde9037c65c3f32c30b31b2b7df35732f3a.gz 2005-01-14 17:40:57 +01:00			`*`
			`* @license GPL 2 (http://www.gnu.org/licenses/gpl.html)`
			`* @author Andreas Gohr <andi@splitbrain.org>`
			`*/`
code style: line breaks 2023-08-31 22:44:40 +02:00
Apply rector fixes to bin and toplevel 2023-08-30 14:48:22 +02:00			`if (PHP_SAPI != 'cli-server') {`
			`if (!defined('DOKU_INC')) define('DOKU_INC', __DIR__ . '/');`
Make router work with dotted page names. fixes #3165 This should work around PHP bug #61286 Seems to work well but could use some additional manual testing. 2020-06-11 23:01:10 +02:00			`require_once(DOKU_INC . 'inc/init.php');`
use absolute URL in index.php when redirecting to doku.php, fixes #2706 Note that in order to get an absolute URL, the whole DokuWiki environment is loaded now in index.php. 2019-03-12 03:34:23 +01:00
honor userewrite setting in redirection from index.php 2020-06-01 08:00:43 +02:00			`send_redirect(wl($conf['start']));`
implements a router for the PHP builtin webserver PHP comes with a builtin webserver for development purposes. This adds the needed routing and also enables rewriting compatible to out userewrite=1 setting. It also implements basic access security (denying access to the data directory and similar directories) A PHP based webserver running DokuWiki can now be started with php -S localhost:8000 index.php 2015-10-27 21:30:58 +01:00			`}`

Make router work with dotted page names. fixes #3165 This should work around PHP bug #61286 Seems to work well but could use some additional manual testing. 2020-06-11 23:01:10 +02:00			`// ROUTER starts below`
implements a router for the PHP builtin webserver PHP comes with a builtin webserver for development purposes. This adds the needed routing and also enables rewriting compatible to out userewrite=1 setting. It also implements basic access security (denying access to the data directory and similar directories) A PHP based webserver running DokuWiki can now be started with php -S localhost:8000 index.php 2015-10-27 21:30:58 +01:00
Make router work with dotted page names. fixes #3165 This should work around PHP bug #61286 Seems to work well but could use some additional manual testing. 2020-06-11 23:01:10 +02:00			`// avoid path traversal`
implements a router for the PHP builtin webserver PHP comes with a builtin webserver for development purposes. This adds the needed routing and also enables rewriting compatible to out userewrite=1 setting. It also implements basic access security (denying access to the data directory and similar directories) A PHP based webserver running DokuWiki can now be started with php -S localhost:8000 index.php 2015-10-27 21:30:58 +01:00			`$_SERVER['SCRIPT_NAME'] = str_replace('/../', '/', $_SERVER['SCRIPT_NAME']);`

Make router work with dotted page names. fixes #3165 This should work around PHP bug #61286 Seems to work well but could use some additional manual testing. 2020-06-11 23:01:10 +02:00			`// routing aka. rewriting`
			`if (preg_match('/^\/_media\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {`
			`// media dispatcher`
implements a router for the PHP builtin webserver PHP comes with a builtin webserver for development purposes. This adds the needed routing and also enables rewriting compatible to out userewrite=1 setting. It also implements basic access security (denying access to the data directory and similar directories) A PHP based webserver running DokuWiki can now be started with php -S localhost:8000 index.php 2015-10-27 21:30:58 +01:00			`$_GET['media'] = $m[1];`
			`require $_SERVER['DOCUMENT_ROOT'] . '/lib/exe/fetch.php';`
Make router work with dotted page names. fixes #3165 This should work around PHP bug #61286 Seems to work well but could use some additional manual testing. 2020-06-11 23:01:10 +02:00			`} elseif (preg_match('/^\/_detail\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {`
			`// image detail view`
implements a router for the PHP builtin webserver PHP comes with a builtin webserver for development purposes. This adds the needed routing and also enables rewriting compatible to out userewrite=1 setting. It also implements basic access security (denying access to the data directory and similar directories) A PHP based webserver running DokuWiki can now be started with php -S localhost:8000 index.php 2015-10-27 21:30:58 +01:00			`$_GET['media'] = $m[1];`
			`require $_SERVER['DOCUMENT_ROOT'] . '/lib/exe/detail.php';`
Make router work with dotted page names. fixes #3165 This should work around PHP bug #61286 Seems to work well but could use some additional manual testing. 2020-06-11 23:01:10 +02:00			`} elseif (preg_match('/^\/_export\/([^\/]+)\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) {`
			`// exports`
implements a router for the PHP builtin webserver PHP comes with a builtin webserver for development purposes. This adds the needed routing and also enables rewriting compatible to out userewrite=1 setting. It also implements basic access security (denying access to the data directory and similar directories) A PHP based webserver running DokuWiki can now be started with php -S localhost:8000 index.php 2015-10-27 21:30:58 +01:00			`$_GET['do'] = 'export_' . $m[1];`
			`$_GET['id'] = $m[2];`
			`require $_SERVER['DOCUMENT_ROOT'] . '/doku.php';`
Make router work with dotted page names. fixes #3165 This should work around PHP bug #61286 Seems to work well but could use some additional manual testing. 2020-06-11 23:01:10 +02:00			`} elseif (`
			`$_SERVER['SCRIPT_NAME'] !== '/index.php' &&`
			`file_exists($_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME'])`
			`) {`
			`// existing files`
implements a router for the PHP builtin webserver PHP comes with a builtin webserver for development purposes. This adds the needed routing and also enables rewriting compatible to out userewrite=1 setting. It also implements basic access security (denying access to the data directory and similar directories) A PHP based webserver running DokuWiki can now be started with php -S localhost:8000 index.php 2015-10-27 21:30:58 +01:00
Make router work with dotted page names. fixes #3165 This should work around PHP bug #61286 Seems to work well but could use some additional manual testing. 2020-06-11 23:01:10 +02:00			`// access limitiations`
Apply rector fixes to bin and toplevel 2023-08-30 14:48:22 +02:00			`if (`
			`preg_match('/\/([._]ht\|README$\|VERSION$\|COPYING$)/', $_SERVER['SCRIPT_NAME']) \|\|`
don't exclude install.php from httpd router 2016-01-19 19:55:20 +01:00			`preg_match('/^\/(data\|conf\|bin\|inc)\//', $_SERVER['SCRIPT_NAME'])`
implements a router for the PHP builtin webserver PHP comes with a builtin webserver for development purposes. This adds the needed routing and also enables rewriting compatible to out userewrite=1 setting. It also implements basic access security (denying access to the data directory and similar directories) A PHP based webserver running DokuWiki can now be started with php -S localhost:8000 index.php 2015-10-27 21:30:58 +01:00			`) {`
router: send proper HTTP header when access denied Co-authored-by: Henry Pan <git@phy25.com> 2020-06-30 09:15:19 +02:00			`header('HTTP/1.1 403 Forbidden');`
implements a router for the PHP builtin webserver PHP comes with a builtin webserver for development purposes. This adds the needed routing and also enables rewriting compatible to out userewrite=1 setting. It also implements basic access security (denying access to the data directory and similar directories) A PHP based webserver running DokuWiki can now be started with php -S localhost:8000 index.php 2015-10-27 21:30:58 +01:00			`die('Access denied');`
			`}`

Use str_starts_with/str_ends_with 2023-09-15 16:25:49 +02:00			`if (str_ends_with($_SERVER['SCRIPT_NAME'], '.php')) {`
implements a router for the PHP builtin webserver PHP comes with a builtin webserver for development purposes. This adds the needed routing and also enables rewriting compatible to out userewrite=1 setting. It also implements basic access security (denying access to the data directory and similar directories) A PHP based webserver running DokuWiki can now be started with php -S localhost:8000 index.php 2015-10-27 21:30:58 +01:00			`# php scripts`
			`require $_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME'];`
			`} else {`
			`# static files`
			`return false;`
			`}`
Make router work with dotted page names. fixes #3165 This should work around PHP bug #61286 Seems to work well but could use some additional manual testing. 2020-06-11 23:01:10 +02:00			`} else {`
			`// treat everything else as a potential wiki page`
			`// working around https://bugs.php.net/bug.php?id=61286`
router: fix access to root Co-authored-by: Henry Pan <git@phy25.com> 2020-06-30 09:19:08 +02:00			`$request_path = preg_split('/\?/', $_SERVER['REQUEST_URI'], 2)[0];`
Make router work with dotted page names. fixes #3165 This should work around PHP bug #61286 Seems to work well but could use some additional manual testing. 2020-06-11 23:01:10 +02:00			`if (isset($_SERVER['PATH_INFO'])) {`
			`$_GET['id'] = $_SERVER['PATH_INFO'];`
simplified boolean expression 2020-06-30 09:20:35 +02:00			`} elseif ($request_path != '/' && $request_path != '/index.php') {`
Make router work with dotted page names. fixes #3165 This should work around PHP bug #61286 Seems to work well but could use some additional manual testing. 2020-06-11 23:01:10 +02:00			`$_GET['id'] = $_SERVER['SCRIPT_NAME'];`
			`}`

			`require $_SERVER['DOCUMENT_ROOT'] . '/doku.php';`
implements a router for the PHP builtin webserver PHP comes with a builtin webserver for development purposes. This adds the needed routing and also enables rewriting compatible to out userewrite=1 setting. It also implements basic access security (denying access to the data directory and similar directories) A PHP based webserver running DokuWiki can now be started with php -S localhost:8000 index.php 2015-10-27 21:30:58 +01:00			`}`