diff options
author | Andreas Fischer <bantu@phpbb.com> | 2015-01-29 00:06:00 +0100 |
---|---|---|
committer | Andreas Fischer <bantu@phpbb.com> | 2015-01-29 00:06:00 +0100 |
commit | 872caf805cae8608ef6500a2c1a90795487c6235 (patch) | |
tree | 68c8ae54008792fc6168718bfc7719dc6831589e | |
parent | 8da3a6f117ee4830b9026490c348347e7f8cecff (diff) | |
parent | 74950559074d738733ac1258b07912f9ca14203a (diff) | |
download | forums-872caf805cae8608ef6500a2c1a90795487c6235.tar forums-872caf805cae8608ef6500a2c1a90795487c6235.tar.gz forums-872caf805cae8608ef6500a2c1a90795487c6235.tar.bz2 forums-872caf805cae8608ef6500a2c1a90795487c6235.tar.xz forums-872caf805cae8608ef6500a2c1a90795487c6235.zip |
Merge pull request #3348 from bantu/ticket/13549
[ticket/13549] Do not exit when ORIG_PATH_INFO just contains SCRIPT_NAME...
* bantu/ticket/13549:
[ticket/13549] Do not exit when ORIG_PATH_INFO just contains SCRIPT_NAME.
-rw-r--r-- | phpBB/includes/startup.php | 2 | ||||
-rw-r--r-- | tests/security/trailing_path_test.php | 7 |
2 files changed, 7 insertions, 2 deletions
diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index 92639fc5bd..9bbbf4fd4c 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -105,7 +105,7 @@ function deregister_globals() function phpbb_has_trailing_path($phpEx) { // Check if path_info is being used - if (!empty($_SERVER['PATH_INFO']) || !empty($_SERVER['ORIG_PATH_INFO'])) + if (!empty($_SERVER['PATH_INFO']) || (!empty($_SERVER['ORIG_PATH_INFO']) && $_SERVER['SCRIPT_NAME'] != $_SERVER['ORIG_PATH_INFO'])) { return true; } diff --git a/tests/security/trailing_path_test.php b/tests/security/trailing_path_test.php index 72ec6b8816..9d586e74ef 100644 --- a/tests/security/trailing_path_test.php +++ b/tests/security/trailing_path_test.php @@ -36,19 +36,24 @@ class phpbb_security_trailing_path_test extends phpbb_test_case array(true, '', '', '/phpBB/index.php/?foo/a'), array(true, '', '', '/projects/php.bb/phpBB/index.php/?a=5'), array(false, '', '', '/projects/php.bb/phpBB/index.php?/a=5'), + array(false, '', '/phpBB/index.php', '/phpBB/index.php', '/phpBB/index.php'), + array(true, '', '/phpBB/index.php', '/phpBB/index.php'), + array(true, '', '/phpBB/index.php/', '/phpBB/index.php/', '/phpBB/index.php'), + array(true, '', '/phpBB/index.php/', '/phpBB/index.php/'), ); } /** * @dataProvider data_has_trailing_path */ - public function test_has_trailing_path($expected, $path_info, $orig_path_info, $request_uri) + public function test_has_trailing_path($expected, $path_info, $orig_path_info, $request_uri, $script_name = '') { global $phpEx; $_SERVER['PATH_INFO'] = $path_info; $_SERVER['ORIG_PATH_INFO'] = $orig_path_info; $_SERVER['REQUEST_URI'] = $request_uri; + $_SERVER['SCRIPT_NAME'] = $script_name; $this->assertSame($expected, phpbb_has_trailing_path($phpEx)); } |