fix: corrected Apache redirect loop

Author: thorsten

phpmyfaq/.htaccess

@@ -144,19 +144,23 @@ Header set Access-Control-Allow-Headers "Content-Type, Authorization"
     RewriteRule ^services/webauthn(.*) index.php [L,QSA]
     # User pages
     RewriteRule ^user/(ucp|bookmarks|request-removal|logout|register) index.php?action=$1 [L,QSA]
-    # Setup and update pages
-    RewriteCond %{REQUEST_URI} ^(.*/)setup/
-    RewriteRule ^(.*/)?setup/(.*) $1setup/index.php [L,QSA]
-    RewriteRule ^update/(.*) update/index.php [L,QSA]
     # Administration API
     RewriteRule ^admin/api/(.*) admin/api/index.php [L,QSA]
     # Administration pages
     RewriteRule ^admin/(.*) admin/index.php [L,QSA]
     # Private APIs
+    RewriteCond %{REQUEST_URI} !index\.php$
     RewriteRule ^api/(autocomplete|bookmark/delete|bookmark/create|user/data/update|user/password/update|user/request-removal|user/remove-twofactor|contact|voting|register|captcha|share|comment/create|faq/create|question/create|webauthn/prepare|webauthn/register|webauthn/prepare-login|webauthn/login|translations) api/index.php [L,QSA]
     # Setup APIs
+    RewriteCond %{REQUEST_URI} !index\.php$
     RewriteRule ^api/setup/(check|backup|update-database) api/index.php [L,QSA]
     # REST API v3.0 and v3.1
     # * http://[...]/api/v3.x/<ACTION>
+    RewriteCond %{REQUEST_URI} !index\.php$
     RewriteRule ^api/v3\.[01]/(.*) api/index.php [L,QSA]
+    # Setup and update pages
+    RewriteCond %{REQUEST_URI} ^(.*/)setup/
+    RewriteCond %{REQUEST_URI} !index\.php$
+    RewriteRule ^(.*/)?setup/(.*) $1setup/index.php [L,QSA]
+    RewriteRule ^update/(.*) update/index.php [L,QSA]
 </IfModule>

phpmyfaq/src/Bootstrap.php

@@ -91,10 +91,17 @@
 
 //
 // Check if config/database.php exist -> if not, redirect to the installer
+// Skip redirect if we're already in setup or API setup context
 //
+$requestUri = $_SERVER['REQUEST_URI'] ?? '';
+$isSetupContext = str_contains($requestUri, '/setup/') || str_contains($requestUri, '/api/setup/');
+
 if (!file_exists(PMF_CONFIG_DIR . '/database.php') && !file_exists(PMF_LEGACY_CONFIG_DIR . '/database.php')) {
-    $response = new RedirectResponse('./setup/');
-    $response->send();
+    if (!$isSetupContext) {
+        $response = new RedirectResponse('/setup/');
+        $response->send();
+        exit;
+    }
 } else {
     if (file_exists(PMF_CONFIG_DIR . '/database.php')) {
         $databaseFile = PMF_CONFIG_DIR . '/database.php';

phpmyfaq/src/phpMyFAQ/Application.php

@@ -165,6 +165,42 @@ private function handleRequest(
                 )
                 : 'Bad Request';
             $response = new Response(content: $message, status: Response::HTTP_BAD_REQUEST);
+        } catch (Throwable $exception) {
+            // Log the error for debugging
+            error_log(sprintf(
+                'Unhandled exception in Application: %s at %s:%d',
+                $exception->getMessage(),
+                $exception->getFile(),
+                $exception->getLine(),
+            ));
+
+            $message = Environment::isDebugMode()
+                ? $this->formatExceptionMessage(
+                    template: 'Internal Server Error: :message at line :line at :file',
+                    exception: $exception,
+                )
+                : 'Internal Server Error';
+
+            // Return JSON response for API requests
+            if (str_contains(haystack: $urlMatcher->getContext()->getBaseUrl(), needle: '/api')) {
+                $content = Environment::isDebugMode()
+                    ? json_encode(value: [
+                        'error' => 'Internal Server Error',
+                        'message' => $exception->getMessage(),
+                        'file' => $exception->getFile(),
+                        'line' => $exception->getLine(),
+                    ])
+                    : json_encode(value: ['error' => 'Internal Server Error']);
+
+                $response = new Response(content: $content, status: Response::HTTP_INTERNAL_SERVER_ERROR, headers: [
+                    'Content-Type' => 'application/json',
+                ]);
+
+                $response->send();
+                return;
+            }
+
+            $response = new Response(content: $message, status: Response::HTTP_INTERNAL_SERVER_ERROR);
         }
 
         $response->send();