df4f3b2a52
Utilize apaches mod_rewrite to append a database parameter to the fever api script based on the requested URL. Basically everything after /fever/ is treated as the desired database. E.g. using https://www.miniflux.net/fever/custom.sqlite/ as server url selects this database as sync source/target. The user supplied database parameter is compared with the output of Model\Database\get_all(), which ensures that only files within the DATA_DIRECTORY can be referenced (prevents File Inclusion/Directory Traversal vulnerabilities). I've tested it against Reeder on iOS. Note that Reeder does not allow the same user name to be used multiple times within the same domain name, even if the used URLs are different.
13 lines
393 B
ApacheConf
13 lines
393 B
ApacheConf
RewriteEngine on
|
|
|
|
RewriteBase /
|
|
|
|
# only if the requested file does not exists
|
|
RewriteCond %{REQUEST_FILENAME} !-f
|
|
|
|
# Store the current location in an environment variable CWD
|
|
RewriteCond $0#%{REQUEST_URI} ([^#]*)#(.*)\1$
|
|
RewriteRule ^.*$ - [E=CWD:%2]
|
|
|
|
# Just by prefixing the environment variable, we can safely rewrite anything now
|
|
RewriteRule ^([^/]*) %{ENV:CWD}index.php?database=$1 [QSA,L] |