diff options
| author | Oleg Pudeyev <oleg@bsdpower.com> | 2012-10-17 15:03:06 -0400 |
|---|---|---|
| committer | Oleg Pudeyev <oleg@bsdpower.com> | 2012-10-17 15:08:09 -0400 |
| commit | c630480ca1a426cb0897be35626baac2694fccf5 (patch) | |
| tree | 4c10e50d452bbaeacb2fd057b3986edad112872a /phpBB | |
| parent | f0544c884f6862e41bf35e6bd89db5849aa74e9f (diff) | |
| download | forums-c630480ca1a426cb0897be35626baac2694fccf5.tar forums-c630480ca1a426cb0897be35626baac2694fccf5.tar.gz forums-c630480ca1a426cb0897be35626baac2694fccf5.tar.bz2 forums-c630480ca1a426cb0897be35626baac2694fccf5.tar.xz forums-c630480ca1a426cb0897be35626baac2694fccf5.zip | |
[ticket/10848] Redirect from adm to installer correctly.
PHPBB3-10848
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/common.php | 6 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 30 |
2 files changed, 35 insertions, 1 deletions
diff --git a/phpBB/common.php b/phpBB/common.php index 491addc5e0..bdb33707cc 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -38,10 +38,14 @@ if (!defined('PHPBB_INSTALLED')) $script_name = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : getenv('REQUEST_URI'); } + // $phpbb_root_path accounts for redirects from e.g. /adm + $script_path = trim(dirname($script_name)) . '/' . $phpbb_root_path . 'install/index.' . $phpEx; // Replace any number of consecutive backslashes and/or slashes with a single slash // (could happen on some proxy setups and/or Windows servers) - $script_path = trim(dirname($script_name)) . '/install/index.' . $phpEx; $script_path = preg_replace('#[\\\\/]{2,}#', '/', $script_path); + // Eliminate . and .. from the path + require($phpbb_root_path . 'includes/functions.' . $phpEx); + $script_path = clean_path($script_path); $url = (($secure) ? 'https://' : 'http://') . $server_name; diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index ca58220619..2391b45038 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1176,6 +1176,36 @@ else } } +/** +* Eliminates useless . and .. components from specified path. +* +* @param string $path Path to clean +* @return string Cleaned path +*/ +function clean_path($path) +{ + $exploded = explode('/', $path); + $filtered = array(); + foreach ($exploded as $part) + { + if ($part === '.' && !empty($filtered)) + { + continue; + } + + if ($part === '..' && !empty($filtered) && $filtered[sizeof($filtered) - 1] !== '..') + { + array_pop($filtered); + } + else + { + $filtered[] = $part; + } + } + $path = implode('/', $filtered); + return $path; +} + if (!function_exists('htmlspecialchars_decode')) { /** |