diff options
author | Marc Alexander <admin@m-a-styles.de> | 2014-11-09 22:29:25 +0100 |
---|---|---|
committer | Marc Alexander <admin@m-a-styles.de> | 2014-11-09 23:00:39 +0100 |
commit | 9bb302b92ca58d9204290363b190ef4b57009ec6 (patch) | |
tree | 478fd74bcfe25b6975043179849824c16920034c | |
parent | 0e772afb9db640e54e84cfccaddcf74f3edbb3fb (diff) | |
download | forums-9bb302b92ca58d9204290363b190ef4b57009ec6.tar forums-9bb302b92ca58d9204290363b190ef4b57009ec6.tar.gz forums-9bb302b92ca58d9204290363b190ef4b57009ec6.tar.bz2 forums-9bb302b92ca58d9204290363b190ef4b57009ec6.tar.xz forums-9bb302b92ca58d9204290363b190ef4b57009ec6.zip |
[ticket/security-169] Stop loop through referer dir in top directory
SECURITY-169
-rw-r--r-- | phpBB/phpbb/path_helper.php | 8 | ||||
-rw-r--r-- | tests/path_helper/path_helper_test.php | 15 |
2 files changed, 22 insertions, 1 deletions
diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index 936564d8b6..3c4f17d1b7 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -278,10 +278,16 @@ class path_helper $referer_dir = dirname($referer_dir); } - while (strpos($absolute_board_url, $referer_dir) !== 0) + while (($dir_position = strpos($absolute_board_url, $referer_dir)) !== 0) { $fixed_root_path .= '../'; $referer_dir = dirname($referer_dir); + + // Just return phpbb_root_path if we reach the top directory + if ($referer_dir === '.') + { + return $this->phpbb_root_path; + } } $fixed_root_path .= substr($absolute_board_url, strlen($referer_dir) + 1); diff --git a/tests/path_helper/path_helper_test.php b/tests/path_helper/path_helper_test.php index 3832307897..bb68f8b3bc 100644 --- a/tests/path_helper/path_helper_test.php +++ b/tests/path_helper/path_helper_test.php @@ -411,6 +411,21 @@ class phpbb_path_helper_test extends phpbb_test_case 'http://www.phpbb.com/community', '../community/', ), + array( + 'http://www.phpbb.com/foobar', + 'http://www.phpbb.com', + '', + ), + array( + 'http://www.foobar.com', + 'http://www.phpbb.com', + '/www.phpbb.com/', + ), + array( + 'foobar', + 'http://www.phpbb.com/community', + '', + ) ); } |