diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2020-06-11 23:01:10 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2020-06-11 23:04:39 +0200 |
| commit | 7f153c56d1815159b9bb4a79f1c8a9b66afb1461 (patch) | |
| tree | 2d0ecfd993cc09ee9958e9e1ccdfa5608b1a7754 /index.php | |
| parent | d2f82eeb5fb7e06c130a5ac85830e5356ee64dba (diff) | |
| download | dokuwiki-7f153c56d1815159b9bb4a79f1c8a9b66afb1461.tar.gz dokuwiki-7f153c56d1815159b9bb4a79f1c8a9b66afb1461.zip | |
Make router work with dotted page names. fixes #3165
This should work around PHP bug #61286
Seems to work well but could use some additional manual testing.
Diffstat (limited to 'index.php')
| -rw-r--r-- | index.php | 57 |
1 files changed, 31 insertions, 26 deletions
@@ -13,58 +13,63 @@ * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) * @author Andreas Gohr <andi@splitbrain.org> */ -if(php_sapi_name() != 'cli-server') { - if(!defined('DOKU_INC')) define('DOKU_INC', dirname(__FILE__).'/'); - require_once(DOKU_INC.'inc/init.php'); +if (php_sapi_name() != 'cli-server') { + if (!defined('DOKU_INC')) define('DOKU_INC', dirname(__FILE__) . '/'); + require_once(DOKU_INC . 'inc/init.php'); - send_redirect(DOKU_URL.'doku.php'); + send_redirect(DOKU_URL . 'doku.php'); } -# ROUTER starts below +// ROUTER starts below -# avoid path traversal +// avoid path traversal $_SERVER['SCRIPT_NAME'] = str_replace('/../', '/', $_SERVER['SCRIPT_NAME']); -# routing aka. rewriting -if(preg_match('/^\/_media\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) { - # media dispatcher +// routing aka. rewriting +if (preg_match('/^\/_media\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) { + // media dispatcher $_GET['media'] = $m[1]; require $_SERVER['DOCUMENT_ROOT'] . '/lib/exe/fetch.php'; -} else if(preg_match('/^\/_detail\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) { - # image detail view +} elseif (preg_match('/^\/_detail\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) { + // image detail view $_GET['media'] = $m[1]; require $_SERVER['DOCUMENT_ROOT'] . '/lib/exe/detail.php'; -} else if(preg_match('/^\/_export\/([^\/]+)\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) { - # exports +} elseif (preg_match('/^\/_export\/([^\/]+)\/(.*)/', $_SERVER['SCRIPT_NAME'], $m)) { + // exports $_GET['do'] = 'export_' . $m[1]; $_GET['id'] = $m[2]; require $_SERVER['DOCUMENT_ROOT'] . '/doku.php'; -} elseif($_SERVER['SCRIPT_NAME'] == '/index.php') { - # 404s are automatically mapped to index.php - if(isset($_SERVER['PATH_INFO'])) { - $_GET['id'] = $_SERVER['PATH_INFO']; - } - require $_SERVER['DOCUMENT_ROOT'] . '/doku.php'; +} elseif ( + $_SERVER['SCRIPT_NAME'] !== '/index.php' && + file_exists($_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME']) +) { + // existing files -} else if(file_exists($_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME'])) { - # existing files - - # access limitiations - if(preg_match('/\/([\._]ht|README$|VERSION$|COPYING$)/', $_SERVER['SCRIPT_NAME']) or + // access limitiations + if (preg_match('/\/([._]ht|README$|VERSION$|COPYING$)/', $_SERVER['SCRIPT_NAME']) or preg_match('/^\/(data|conf|bin|inc)\//', $_SERVER['SCRIPT_NAME']) ) { die('Access denied'); } - if(substr($_SERVER['SCRIPT_NAME'], -4) == '.php') { + if (substr($_SERVER['SCRIPT_NAME'], -4) == '.php') { # php scripts require $_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME']; } else { # static files return false; } +} else { + // treat everything else as a potential wiki page + // working around https://bugs.php.net/bug.php?id=61286 + if (isset($_SERVER['PATH_INFO'])) { + $_GET['id'] = $_SERVER['PATH_INFO']; + } else { + $_GET['id'] = $_SERVER['SCRIPT_NAME']; + } + + require $_SERVER['DOCUMENT_ROOT'] . '/doku.php'; } -# 404 |