diff options
| -rw-r--r-- | phpBB/phpbb/filesystem.php | 2 | ||||
| -rw-r--r-- | phpBB/phpbb/path_helper.php | 31 | ||||
| -rw-r--r-- | tests/filesystem/clean_path_test.php | 2 | ||||
| -rw-r--r-- | tests/path_helper/path_helper_test.php | 39 |
4 files changed, 38 insertions, 36 deletions
diff --git a/phpBB/phpbb/filesystem.php b/phpBB/phpbb/filesystem.php index 683a12ab76..77517082e5 100644 --- a/phpBB/phpbb/filesystem.php +++ b/phpBB/phpbb/filesystem.php @@ -35,7 +35,7 @@ class filesystem continue; } - if ($part === '..' && !empty($filtered) && $filtered[sizeof($filtered) - 1] !== '..') + if ($part === '..' && !empty($filtered) && $filtered[sizeof($filtered) - 1] !== '.' && $filtered[sizeof($filtered) - 1] !== '..') { array_pop($filtered); } diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index a5314d2ce1..b592cc4460 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -98,7 +98,7 @@ class path_helper { $path = substr($path, strlen($this->phpbb_root_path)); - return $this->get_web_root_path() . $path; + return $this->filesystem->clean_path($this->get_web_root_path() . $path); } return $path; @@ -158,7 +158,7 @@ class path_helper */ if ($path_info === '/' && preg_match('/app\.' . $this->php_ext . '\/$/', $request_uri)) { - return $this->web_root_path = $this->phpbb_root_path . '../'; + return $this->web_root_path = $this->filesystem->clean_path('./../' . $this->phpbb_root_path); } /* @@ -174,27 +174,20 @@ class path_helper $corrections = substr_count($path_info, '/'); /* - * If the script name (e.g. phpBB/app.php) exists in the - * requestUri (e.g. phpBB/app.php/foo/template), then we - * are have a non-rewritten URL. + * If the script name (e.g. phpBB/app.php) does not exists in the + * requestUri (e.g. phpBB/app.php/foo/template), then we are rewriting + * the URL. So we must reduce the slash count by 1. */ - if (strpos($request_uri, $script_name) === 0) + if (strpos($request_uri, $script_name) !== 0) { - /* - * Append ../ to the end of the phpbb_root_path as many times - * as / exists in path_info - */ - return $this->web_root_path = $this->phpbb_root_path . str_repeat('../', $corrections); + $corrections--; } - /* - * If we're here it means we're at a re-written path, so we must - * correct the relative path for web URLs. We must append ../ - * to the end of the root path as many times as / exists in path_info - * less one time (because the script, e.g. /app.php, doesn't exist in - * the URL) - */ - return $this->web_root_path = $this->phpbb_root_path . str_repeat('../', $corrections - 1); + // Prepend ../ to the phpbb_root_path as many times as / exists in path_info + $this->web_root_path = $this->filesystem->clean_path( + './' . str_repeat('../', $corrections) . $this->phpbb_root_path + ); + return $this->web_root_path; } /** diff --git a/tests/filesystem/clean_path_test.php b/tests/filesystem/clean_path_test.php index 1aef0d8a0c..c585b17155 100644 --- a/tests/filesystem/clean_path_test.php +++ b/tests/filesystem/clean_path_test.php @@ -32,6 +32,8 @@ class phpbb_filesystem_clean_path_test extends phpbb_test_case array('foo/bar/.', 'foo/bar'), array('./foo/bar', './foo/bar'), array('../foo/bar', '../foo/bar'), + array('./../foo/bar', './../foo/bar'), + array('././../foo/bar', './../foo/bar'), array('one/two/three', 'one/two/three'), array('one/two/../three', 'one/three'), array('one/../two/three', 'two/three'), diff --git a/tests/path_helper/path_helper_test.php b/tests/path_helper/path_helper_test.php index a3ad901379..9866cb6efe 100644 --- a/tests/path_helper/path_helper_test.php +++ b/tests/path_helper/path_helper_test.php @@ -13,6 +13,7 @@ class phpbb_path_helper_test extends phpbb_test_case { + /** @var \phpbb\path_helper */ protected $path_helper; protected $phpbb_root_path = ''; @@ -20,7 +21,8 @@ class phpbb_path_helper_test extends phpbb_test_case { parent::setUp(); - $this->set_phpbb_root_path(); + $filesystem = new \phpbb\filesystem(); + $this->set_phpbb_root_path($filesystem); $this->path_helper = new \phpbb\path_helper( new \phpbb\symfony_request( @@ -40,9 +42,9 @@ class phpbb_path_helper_test extends phpbb_test_case * any time we wish to use it in one of these functions (and * also in general for everything else) */ - public function set_phpbb_root_path() + public function set_phpbb_root_path($filesystem) { - $this->phpbb_root_path = dirname(__FILE__) . './../../phpBB/'; + $this->phpbb_root_path = $filesystem->clean_path(dirname(__FILE__) . '/../../phpBB/'); } public function test_get_web_root_path() @@ -53,7 +55,8 @@ class phpbb_path_helper_test extends phpbb_test_case public function basic_update_web_root_path_data() { - $this->set_phpbb_root_path(); + $filesystem = new \phpbb\filesystem(); + $this->set_phpbb_root_path($filesystem); return array( array( @@ -71,7 +74,7 @@ class phpbb_path_helper_test extends phpbb_test_case ), array( $this->phpbb_root_path . $this->phpbb_root_path . 'test.php', - $this->phpbb_root_path . $this->phpbb_root_path . 'test.php', + $filesystem->clean_path($this->phpbb_root_path . $this->phpbb_root_path . 'test.php'), ), ); } @@ -81,51 +84,55 @@ class phpbb_path_helper_test extends phpbb_test_case */ public function test_basic_update_web_root_path($input, $expected) { - $this->assertEquals($expected, $this->path_helper->update_web_root_path($input, $symfony_request)); + $this->assertEquals($expected, $this->path_helper->update_web_root_path($input)); } public function update_web_root_path_data() { - $this->set_phpbb_root_path(); + $this->set_phpbb_root_path(new \phpbb\filesystem()); return array( array( $this->phpbb_root_path . 'test.php', - $this->phpbb_root_path . 'test.php', '/', + null, + null, + '', ), array( $this->phpbb_root_path . 'test.php', - $this->phpbb_root_path . '../test.php', '//', + null, + null, + './../', ), array( $this->phpbb_root_path . 'test.php', - $this->phpbb_root_path . '../test.php', '//', 'foo/bar.php', 'bar.php', + './../', ), array( $this->phpbb_root_path . 'test.php', - $this->phpbb_root_path . '../../test.php', '/foo/template', '/phpbb3-fork/phpBB/app.php/foo/template', '/phpbb3-fork/phpBB/app.php', + './../../', ), array( $this->phpbb_root_path . 'test.php', - $this->phpbb_root_path . '../test.php', '/foo/template', '/phpbb3-fork/phpBB/foo/template', '/phpbb3-fork/phpBB/app.php', + './../', ), array( $this->phpbb_root_path . 'test.php', - $this->phpbb_root_path . '../test.php', '/', '/phpbb3-fork/phpBB/app.php/', '/phpbb3-fork/phpBB/app.php', + './../', ), ); } @@ -133,9 +140,9 @@ class phpbb_path_helper_test extends phpbb_test_case /** * @dataProvider update_web_root_path_data */ - public function test_update_web_root_path($input, $expected, $getPathInfo, $getRequestUri = null, $getScriptName = null) + public function test_update_web_root_path($input, $getPathInfo, $getRequestUri, $getScriptName, $correction) { - $symfony_request = $this->getMock("\phpbb\symfony_request", array(), array( + $symfony_request = $this->getMock('\phpbb\symfony_request', array(), array( new phpbb_mock_request(), )); $symfony_request->expects($this->any()) @@ -155,7 +162,7 @@ class phpbb_path_helper_test extends phpbb_test_case 'php' ); - $this->assertEquals($expected, $path_helper->update_web_root_path($input, $symfony_request)); + $this->assertEquals($correction . $input, $path_helper->update_web_root_path($input, $symfony_request)); } public function clean_url_data() |