studio-variable/dataarchiteces
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update Kirby and add password guard

Browse source
This commit is contained in:
isUnknown 2026-02-09 17:05:41 +01:00
parent aaf1aa7890
commit 55d4e45891
987 changed files with 160116 additions and 66454 deletions
Download patch file Download diff file Expand all files Collapse all files

21
private/kirby/router.php
View file

@ -1,12 +1,21 @@
<?php
$root = dirname(__DIR__);
// prepend a fake host to ensure that PHP can parse the path even if it contains weird stuff;
// afterwards just take the plain path back out from the parsed result
$uri = parse_url('https://getkirby.com/' . ltrim($_SERVER['REQUEST_URI'], '/'), PHP_URL_PATH) ?? '/';
$uri = urldecode($uri);
// https://yourdomain.com/media/super/nice.jpg
if (file_exists($root . '/' . $_SERVER['SCRIPT_NAME'])) {
return false; // serve the requested resource as-is.
// emulate Apache's `mod_rewrite` functionality, but prevent
// disclosure of the existence of files outside the document root
$path = $_SERVER['DOCUMENT_ROOT'] . '/' . ltrim($uri, '/');
if (
$uri !== '/' &&
file_exists($path) === true &&
substr(realpath($path), 0, strlen($_SERVER['DOCUMENT_ROOT'])) === $_SERVER['DOCUMENT_ROOT']
) {
return false;
}
$_SERVER['SCRIPT_NAME'] = str_replace($_SERVER['DOCUMENT_ROOT'], '', $index = $root . '/index.php');
$_SERVER['SCRIPT_NAME'] = '/index.php';
include $index;
require $_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME'];