52 lines
1.2 KiB
PHP
52 lines
1.2 KiB
PHP
<?php
|
|
/**
|
|
* Wikimedia Entdecke Wikipedia
|
|
*
|
|
* Copyright (c) 2017 Atelier Disko - All rights reserved.
|
|
*
|
|
* Use of this source code is governed by the AGPL v3
|
|
* license that can be found in the LICENSE file.
|
|
*/
|
|
|
|
define('APP_PATH', __DIR__);
|
|
define('DOMAIN', 'entdecke.wikipedia.de');
|
|
|
|
$path = $_SERVER['REQUEST_URI'];
|
|
|
|
// Link Controller
|
|
$url = function($goal) {
|
|
return '/' . trim($goal, '/');
|
|
};
|
|
|
|
// View Controller
|
|
$viewFileFromURI = function($path) {
|
|
$viewBase = APP_PATH . '/views/pages/';
|
|
$viewName = str_replace('/', '_', trim($path, '/'));
|
|
|
|
$viewFile = $viewBase . '/' . $viewName . '.php';
|
|
$viewFile = realpath($viewFile);
|
|
|
|
if ($viewName === '') {
|
|
return $viewBase . '/home.php';
|
|
}
|
|
// Security: prevents directory traversal attack.
|
|
// see http://stackoverflow.com/a/4205278
|
|
if ($viewFile === false || strpos($viewFile, $viewBase) !== 0) {
|
|
return false;
|
|
}
|
|
return $viewFile;
|
|
};
|
|
|
|
// View Renderer
|
|
$viewFile = $viewFileFromURI($path);
|
|
|
|
if ($viewFile === false || trim($path, '/') === 'home') {
|
|
header('HTTP/1.1 400 Bad Request');
|
|
exit();
|
|
}
|
|
|
|
require APP_PATH . '/views/elements/header.php';
|
|
require $viewFile;
|
|
require APP_PATH . '/views/elements/footer.php';
|
|
|
|
?>
|