diff options
| author | Andreas Fischer <bantu@phpbb.com> | 2015-01-29 00:08:23 +0100 |
|---|---|---|
| committer | Andreas Fischer <bantu@phpbb.com> | 2015-01-29 00:08:23 +0100 |
| commit | 6f5524de26ae9df2c15a3f8218770dad0c72e3af (patch) | |
| tree | 36476a25609ee06a378fdc09b541a08d39ac4fd2 | |
| parent | f48cc8bbe9792e0bf9182415c09cb5f50412b5a6 (diff) | |
| parent | 872caf805cae8608ef6500a2c1a90795487c6235 (diff) | |
| download | forums-6f5524de26ae9df2c15a3f8218770dad0c72e3af.tar forums-6f5524de26ae9df2c15a3f8218770dad0c72e3af.tar.gz forums-6f5524de26ae9df2c15a3f8218770dad0c72e3af.tar.bz2 forums-6f5524de26ae9df2c15a3f8218770dad0c72e3af.tar.xz forums-6f5524de26ae9df2c15a3f8218770dad0c72e3af.zip | |
Merge branch 'prep-release-3.0.13' into develop-olympus
* prep-release-3.0.13:
[ticket/13549] Do not exit when ORIG_PATH_INFO just contains SCRIPT_NAME.
| -rw-r--r-- | phpBB/includes/startup.php | 2 | ||||
| -rw-r--r-- | tests/security/trailing_path_test.php | 7 |
2 files changed, 7 insertions, 2 deletions
diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index 92639fc5bd..9bbbf4fd4c 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -105,7 +105,7 @@ function deregister_globals() function phpbb_has_trailing_path($phpEx) { // Check if path_info is being used - if (!empty($_SERVER['PATH_INFO']) || !empty($_SERVER['ORIG_PATH_INFO'])) + if (!empty($_SERVER['PATH_INFO']) || (!empty($_SERVER['ORIG_PATH_INFO']) && $_SERVER['SCRIPT_NAME'] != $_SERVER['ORIG_PATH_INFO'])) { return true; } diff --git a/tests/security/trailing_path_test.php b/tests/security/trailing_path_test.php index 72ec6b8816..9d586e74ef 100644 --- a/tests/security/trailing_path_test.php +++ b/tests/security/trailing_path_test.php @@ -36,19 +36,24 @@ class phpbb_security_trailing_path_test extends phpbb_test_case array(true, '', '', '/phpBB/index.php/?foo/a'), array(true, '', '', '/projects/php.bb/phpBB/index.php/?a=5'), array(false, '', '', '/projects/php.bb/phpBB/index.php?/a=5'), + array(false, '', '/phpBB/index.php', '/phpBB/index.php', '/phpBB/index.php'), + array(true, '', '/phpBB/index.php', '/phpBB/index.php'), + array(true, '', '/phpBB/index.php/', '/phpBB/index.php/', '/phpBB/index.php'), + array(true, '', '/phpBB/index.php/', '/phpBB/index.php/'), ); } /** * @dataProvider data_has_trailing_path */ - public function test_has_trailing_path($expected, $path_info, $orig_path_info, $request_uri) + public function test_has_trailing_path($expected, $path_info, $orig_path_info, $request_uri, $script_name = '') { global $phpEx; $_SERVER['PATH_INFO'] = $path_info; $_SERVER['ORIG_PATH_INFO'] = $orig_path_info; $_SERVER['REQUEST_URI'] = $request_uri; + $_SERVER['SCRIPT_NAME'] = $script_name; $this->assertSame($expected, phpbb_has_trailing_path($phpEx)); } |