diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2014-06-26 15:07:05 +0200 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2014-06-26 15:07:05 +0200 |
| commit | 9b27d00d5fc8228ec4f9150aa26bcf450dc45524 (patch) | |
| tree | e2c97576903b834d04178c6d15db419bbd3497c2 /phpBB/phpbb | |
| parent | 69b9aa2859441116c02ea0b36f6f3a53b8c1eda1 (diff) | |
| parent | e71f65c2bb8a810f669b275856cf7e3654d34810 (diff) | |
| download | forums-9b27d00d5fc8228ec4f9150aa26bcf450dc45524.tar forums-9b27d00d5fc8228ec4f9150aa26bcf450dc45524.tar.gz forums-9b27d00d5fc8228ec4f9150aa26bcf450dc45524.tar.bz2 forums-9b27d00d5fc8228ec4f9150aa26bcf450dc45524.tar.xz forums-9b27d00d5fc8228ec4f9150aa26bcf450dc45524.zip | |
Merge remote-tracking branch 'nickvergessen/ticket/12099' into develop-ascraeus
* nickvergessen/ticket/12099:
[ticket/12099] Fix correction in path_helper test
[ticket/12099] Prepend ./ to path to fix assets
[ticket/12099] Deduplicate path generation
[ticket/12099] Fix clean_path() ".." stripping when previous directory was "."
[ticket/12099] Break clean_path tests with a simple test
[ticket/12099] Clean paths in tests
[ticket/12099] Correctly fix go back to root before prepending the root path
[ticket/12099] Clean some paths before using them
[ticket/12099] Fix several issues in path_helper test
Diffstat (limited to 'phpBB/phpbb')
| -rw-r--r-- | phpBB/phpbb/filesystem.php | 2 | ||||
| -rw-r--r-- | phpBB/phpbb/path_helper.php | 31 |
2 files changed, 13 insertions, 20 deletions
diff --git a/phpBB/phpbb/filesystem.php b/phpBB/phpbb/filesystem.php index 683a12ab76..77517082e5 100644 --- a/phpBB/phpbb/filesystem.php +++ b/phpBB/phpbb/filesystem.php @@ -35,7 +35,7 @@ class filesystem continue; } - if ($part === '..' && !empty($filtered) && $filtered[sizeof($filtered) - 1] !== '..') + if ($part === '..' && !empty($filtered) && $filtered[sizeof($filtered) - 1] !== '.' && $filtered[sizeof($filtered) - 1] !== '..') { array_pop($filtered); } diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index a5314d2ce1..b592cc4460 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -98,7 +98,7 @@ class path_helper { $path = substr($path, strlen($this->phpbb_root_path)); - return $this->get_web_root_path() . $path; + return $this->filesystem->clean_path($this->get_web_root_path() . $path); } return $path; @@ -158,7 +158,7 @@ class path_helper */ if ($path_info === '/' && preg_match('/app\.' . $this->php_ext . '\/$/', $request_uri)) { - return $this->web_root_path = $this->phpbb_root_path . '../'; + return $this->web_root_path = $this->filesystem->clean_path('./../' . $this->phpbb_root_path); } /* @@ -174,27 +174,20 @@ class path_helper $corrections = substr_count($path_info, '/'); /* - * If the script name (e.g. phpBB/app.php) exists in the - * requestUri (e.g. phpBB/app.php/foo/template), then we - * are have a non-rewritten URL. + * If the script name (e.g. phpBB/app.php) does not exists in the + * requestUri (e.g. phpBB/app.php/foo/template), then we are rewriting + * the URL. So we must reduce the slash count by 1. */ - if (strpos($request_uri, $script_name) === 0) + if (strpos($request_uri, $script_name) !== 0) { - /* - * Append ../ to the end of the phpbb_root_path as many times - * as / exists in path_info - */ - return $this->web_root_path = $this->phpbb_root_path . str_repeat('../', $corrections); + $corrections--; } - /* - * If we're here it means we're at a re-written path, so we must - * correct the relative path for web URLs. We must append ../ - * to the end of the root path as many times as / exists in path_info - * less one time (because the script, e.g. /app.php, doesn't exist in - * the URL) - */ - return $this->web_root_path = $this->phpbb_root_path . str_repeat('../', $corrections - 1); + // Prepend ../ to the phpbb_root_path as many times as / exists in path_info + $this->web_root_path = $this->filesystem->clean_path( + './' . str_repeat('../', $corrections) . $this->phpbb_root_path + ); + return $this->web_root_path; } /** |