router.php 2.2 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455
  1. <?php
  2. /**
  3. * @package Grav\Core
  4. *
  5. * @copyright Copyright (c) 2015 - 2023 Trilby Media, LLC. All rights reserved.
  6. * @license MIT License; see LICENSE file for details.
  7. */
  8. if (PHP_SAPI !== 'cli-server') {
  9. die('This script cannot be run from browser. Run it from a CLI.');
  10. }
  11. $_SERVER['PHP_CLI_ROUTER'] = true;
  12. $root = $_SERVER['DOCUMENT_ROOT'];
  13. $path = $_SERVER['SCRIPT_NAME'];
  14. if ($path !== '/index.php' && is_file($root . $path)) {
  15. if (!(
  16. // Block all direct access to files and folders beginning with a dot
  17. strpos($path, '/.') !== false
  18. // Block all direct access for these folders
  19. || preg_match('`^/(\.git|cache|bin|logs|backup|webserver-configs|tests)/`ui', $path)
  20. // Block access to specific file types for these system folders
  21. || preg_match('`^/(system|vendor)/(.*)\.(txt|xml|md|html|json|yaml|yml|php|pl|py|cgi|twig|sh|bat)$`ui', $path)
  22. // Block access to specific file types for these user folders
  23. || preg_match('`^/(user)/(.*)\.(txt|md|json|yaml|yml|php|pl|py|cgi|twig|sh|bat)$`ui', $path)
  24. // Block all direct access to .md files
  25. || preg_match('`\.md$`ui', $path)
  26. // Block access to specific files in the root folder
  27. || preg_match('`^/(LICENSE\.txt|composer\.lock|composer\.json|\.htaccess)$`ui', $path)
  28. )) {
  29. return false;
  30. }
  31. }
  32. $grav_index = 'index.php';
  33. /* Check the GRAV_BASEDIR environment variable and use if set */
  34. $grav_basedir = getenv('GRAV_BASEDIR') ?: '';
  35. if ($grav_basedir) {
  36. $grav_index = ltrim($grav_basedir, '/') . DIRECTORY_SEPARATOR . $grav_index;
  37. $grav_basedir = DIRECTORY_SEPARATOR . trim($grav_basedir, DIRECTORY_SEPARATOR);
  38. define('GRAV_ROOT', str_replace(DIRECTORY_SEPARATOR, '/', getcwd()) . $grav_basedir);
  39. }
  40. $_SERVER = array_merge($_SERVER, $_ENV);
  41. $_SERVER['SCRIPT_FILENAME'] = $_SERVER['DOCUMENT_ROOT'] . $grav_basedir .DIRECTORY_SEPARATOR . 'index.php';
  42. $_SERVER['SCRIPT_NAME'] = $grav_basedir . DIRECTORY_SEPARATOR . 'index.php';
  43. $_SERVER['PHP_SELF'] = $grav_basedir . DIRECTORY_SEPARATOR . 'index.php';
  44. error_log(sprintf('%s:%d [%d]: %s', $_SERVER['REMOTE_ADDR'], $_SERVER['REMOTE_PORT'], http_response_code(), $_SERVER['REQUEST_URI']), 4);
  45. require $grav_index;