diff options
| author | Tristan Darricau <github@nicofuma.fr> | 2015-01-19 17:52:37 +0100 | 
|---|---|---|
| committer | Tristan Darricau <github@nicofuma.fr> | 2015-01-19 17:52:37 +0100 | 
| commit | a537bf9619b5b34f20e5a862910ef5680facd865 (patch) | |
| tree | 67c92387aa1730de00bc96cbfb5fea40f35a32ad | |
| parent | 52ab23626f8cc037d0b857bd987686b3229517f6 (diff) | |
| parent | add3d3e76001c6f0355da37355b0ff89cc8b8f04 (diff) | |
| download | forums-a537bf9619b5b34f20e5a862910ef5680facd865.tar forums-a537bf9619b5b34f20e5a862910ef5680facd865.tar.gz forums-a537bf9619b5b34f20e5a862910ef5680facd865.tar.bz2 forums-a537bf9619b5b34f20e5a862910ef5680facd865.tar.xz forums-a537bf9619b5b34f20e5a862910ef5680facd865.zip | |
Merge branch 'develop-ascraeus' into develop
* develop-ascraeus:
  [ticket/13192] Add test for app.php in external subfolder
  [ticket/13192] Use ltrim() instead of preg_replace()
  [ticket/13192] Order test cases consistently
  [ticket/13192] Remove app.php on mod rewrite even if app.php is outside root
  [ticket/13192] Pass correct parameters and rename method to get_valid_page
  [ticket/13192] Use get_valid_user_page in confirm_box() and cleanup globals
  [ticket/13192] Use get_valid_user_page method in build_url function
  [ticket/13192] Add method for generating valid user page links
| -rw-r--r-- | phpBB/includes/functions.php | 27 | ||||
| -rw-r--r-- | phpBB/phpbb/path_helper.php | 34 | ||||
| -rw-r--r-- | tests/path_helper/path_helper_test.php | 25 | 
3 files changed, 63 insertions, 23 deletions
| diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 0390f3dacb..6a6ec9c84d 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2398,26 +2398,7 @@ function build_url($strip_vars = false)  {  	global $config, $user, $phpbb_path_helper; -	$php_ext = $phpbb_path_helper->get_php_ext(); -	$page = $user->page['page']; - -	// We need to be cautious here. -	// On some situations, the redirect path is an absolute URL, sometimes a relative path -	// For a relative path, let's prefix it with $phpbb_root_path to point to the correct location, -	// else we use the URL directly. -	$url_parts = parse_url($page); - -	// URL -	if ($url_parts === false || empty($url_parts['scheme']) || empty($url_parts['host'])) -	{ -		// Remove 'app.php/' from the page, when rewrite is enabled -		if ($config['enable_mod_rewrite'] && strpos($page, 'app.' . $php_ext . '/') === 0) -		{ -			$page = substr($page, strlen('app.' . $php_ext . '/')); -		} - -		$page = $phpbb_path_helper->get_phpbb_root_path() . $page; -	} +	$page = $phpbb_path_helper->get_valid_page($user->page['page'], $config['enable_mod_rewrite']);  	// Append SID  	$redirect = append_sid($page, false, false); @@ -2659,7 +2640,7 @@ function check_form_key($form_name, $timespan = false)  function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_body.html', $u_action = '')  {  	global $user, $template, $db, $request; -	global $phpEx, $phpbb_root_path, $request; +	global $config, $phpbb_path_helper;  	if (isset($_POST['cancel']))  	{ @@ -2721,8 +2702,8 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo  	}  	// re-add sid / transform & to & for user->page (user->page is always using &) -	$use_page = ($u_action) ? $phpbb_root_path . $u_action : $phpbb_root_path . str_replace('&', '&', $user->page['page']); -	$u_action = reapply_sid($use_page); +	$use_page = ($u_action) ? $u_action : str_replace('&', '&', $user->page['page']); +	$u_action = reapply_sid($phpbb_path_helper->get_valid_page($use_page, $config['enable_mod_rewrite']));  	$u_action .= ((strpos($u_action, '?') === false) ? '?' : '&') . 'confirm_key=' . $confirm_key;  	$template->assign_vars(array( diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index b49d8d13c2..5400c1c5a6 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -455,4 +455,38 @@ class path_helper  		return $url_parts['base'] . (($params) ? '?' . $this->glue_url_params($params) : '');  	} + +	/** +	 * Get a valid page +	 * +	 * @param string $page The page to verify +	 * @param bool $mod_rewrite Whether mod_rewrite is enabled, default: false +	 * +	 * @return string A valid page based on given page and mod_rewrite +	 */ +	public function get_valid_page($page, $mod_rewrite = false) +	{ +		// We need to be cautious here. +		// On some situations, the redirect path is an absolute URL, sometimes a relative path +		// For a relative path, let's prefix it with $phpbb_root_path to point to the correct location, +		// else we use the URL directly. +		$url_parts = parse_url($page); + +		// URL +		if ($url_parts === false || empty($url_parts['scheme']) || empty($url_parts['host'])) +		{ +			// Remove 'app.php/' from the page, when rewrite is enabled. +			// Treat app.php as a reserved file name and remove on mod rewrite +			// even if it might not be in the phpBB root. +			if ($mod_rewrite && ($app_position = strpos($page, 'app.' . $this->php_ext . '/')) !== false) +			{ +				$page = substr($page, 0, $app_position) . substr($page, $app_position + strlen('app.' . $this->php_ext . '/')); +			} + +			// Remove preceding slashes from page name and prepend root path +			$page = $this->get_phpbb_root_path() . ltrim($page, '/\\'); +		} + +		return $page; +	}  } diff --git a/tests/path_helper/path_helper_test.php b/tests/path_helper/path_helper_test.php index bb68f8b3bc..73f0e6bafc 100644 --- a/tests/path_helper/path_helper_test.php +++ b/tests/path_helper/path_helper_test.php @@ -436,4 +436,29 @@ class phpbb_path_helper_test extends phpbb_test_case  	{  		$this->assertEquals($this->phpbb_root_path . $expected, $this->path_helper->get_web_root_path_from_ajax_referer($referer_url, $board_url));  	} + +	public function data_get_valid_page() +	{ +		return array( +			// array( current page , mod_rewrite setting , expected output ) +			array('index', true, 'index'), +			array('index', false, 'index'), +			array('foo/index', true, 'foo/index'), +			array('foo/index', false, 'foo/index'), +			array('app.php/foo', true, 'foo'), +			array('app.php/foo', false, 'app.php/foo'), +			array('/../app.php/foo', true, '../foo'), +			array('/../app.php/foo', false, '../app.php/foo'), +			array('/../example/app.php/foo/bar', true, '../example/foo/bar'), +			array('/../example/app.php/foo/bar', false, '../example/app.php/foo/bar'), +		); +	} + +	/** +	 * @dataProvider data_get_valid_page +	 */ +	public function test_get_valid_page($page, $mod_rewrite, $expected) +	{ +		$this->assertEquals($this->phpbb_root_path . $expected, $this->path_helper->get_valid_page($page, $mod_rewrite)); +	}  } | 
