prevent access of wiki files

This prevents the crawler to descent into the wiki directory or data
directory, even when for some reason a higher up directory was made
accessible. This should prevent the circumvention of ACLs and prevent
access to sensitive data like user password hashes etc.

file.php

@@ -19,6 +19,10 @@ $path = $INPUT->str('root') . $INPUT->str('file');
 
 try {
     $pathInfo = $pathUtil->getPathInfo($path, false);
+    if ($pathUtil::isWikiControlled($pathInfo['path'])) {
+        throw new Exception('Access to wiki files is not allowed');
+    }
+
     if (!is_readable($pathInfo['path'])) {
         header('Content-Type: text/plain');
         http_status(404);