diff options
author | Meik Sievertsen <acydburn@phpbb.com> | 2008-01-30 19:30:58 +0000 |
---|---|---|
committer | Meik Sievertsen <acydburn@phpbb.com> | 2008-01-30 19:30:58 +0000 |
commit | f24069d32c39d21037503b0c5d645a5929291f69 (patch) | |
tree | 55659021aa4eae7048860b21658670f9e4944f99 | |
parent | 35ae4c420fed689ef16df8e3cad8c5164a6443df (diff) | |
download | forums-f24069d32c39d21037503b0c5d645a5929291f69.tar forums-f24069d32c39d21037503b0c5d645a5929291f69.tar.gz forums-f24069d32c39d21037503b0c5d645a5929291f69.tar.bz2 forums-f24069d32c39d21037503b0c5d645a5929291f69.tar.xz forums-f24069d32c39d21037503b0c5d645a5929291f69.zip |
Fixing realpath issues for provider returning the passed value instead of disabling it. This fixes issues with confirm boxes for those hosted on Network Solutions for example. - #20435
many thanks to the reporter for allowing me to debug this on his server. :)
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8355 89ea8834-ac86-4346-8a33-228a782c2dd0
-rw-r--r-- | phpBB/docs/CHANGELOG.html | 1 | ||||
-rw-r--r-- | phpBB/includes/functions.php | 281 |
2 files changed, 149 insertions, 133 deletions
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 0513ae1215..eea7f88892 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -113,6 +113,7 @@ <li>[Fix] Tiny code fixes (Bug #20165, #20025, #19795, #14804)</li> <li>[Fix] Prepend phpbb_root_path to ranks path for displaying ranks (Bug #19075)</li> <li>[Fix] Allow forum notifications if topic notifications are disabled but forum notifications enabled (Bug #14765)</li> + <li>[Fix] Fixing realpath issues for provider returning the passed value instead of disabling it. This fixes issues with confirm boxes for those hosted on Network Solutions for example. (Bug #20435)</li> </ul> <a name="v30rc8"></a><h3>1.i. Changes since 3.0.RC8</h3> diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index e31b8d5294..385a1ea72e 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -523,177 +523,175 @@ if (!function_exists('stripos')) } } -if (!function_exists('realpath')) +/** +* Checks if a path ($path) is absolute or relative +* +* @param string $path Path to check absoluteness of +* @return boolean +*/ +function is_absolute($path) { - /** - * Checks if a path ($path) is absolute or relative - * - * @param string $path Path to check absoluteness of - * @return boolean - */ - function is_absolute($path) - { - return ($path[0] == '/' || (DIRECTORY_SEPARATOR == '\\' && preg_match('#^[a-z]:/#i', $path))) ? true : false; - } + return ($path[0] == '/' || (DIRECTORY_SEPARATOR == '\\' && preg_match('#^[a-z]:/#i', $path))) ? true : false; +} - /** - * @author Chris Smith <chris@project-minerva.org> - * @copyright 2006 Project Minerva Team - * @param string $path The path which we should attempt to resolve. - * @return mixed - */ - function phpbb_realpath($path) - { - // Now to perform funky shizzle +/** +* @author Chris Smith <chris@project-minerva.org> +* @copyright 2006 Project Minerva Team +* @param string $path The path which we should attempt to resolve. +* @return mixed +*/ +function phpbb_own_realpath($path) +{ + // Now to perform funky shizzle + + // Switch to use UNIX slashes + $path = str_replace(DIRECTORY_SEPARATOR, '/', $path); + $path_prefix = ''; - // Switch to use UNIX slashes - $path = str_replace(DIRECTORY_SEPARATOR, '/', $path); - $path_prefix = ''; + // Determine what sort of path we have + if (is_absolute($path)) + { + $absolute = true; - // Determine what sort of path we have - if (is_absolute($path)) + if ($path[0] == '/') + { + // Absolute path, *NIX style + $path_prefix = ''; + } + else { + // Absolute path, Windows style + // Remove the drive letter and colon + $path_prefix = $path[0] . ':'; + $path = substr($path, 2); + } + } + else + { + // Relative Path + // Prepend the current working directory + if (function_exists('getcwd')) + { + // This is the best method, hopefully it is enabled! + $path = str_replace(DIRECTORY_SEPARATOR, '/', getcwd()) . '/' . $path; $absolute = true; - - if ($path[0] == '/') + if (preg_match('#^[a-z]:#i', $path)) { - // Absolute path, *NIX style - $path_prefix = ''; + $path_prefix = $path[0] . ':'; + $path = substr($path, 2); } else { - // Absolute path, Windows style - // Remove the drive letter and colon - $path_prefix = $path[0] . ':'; - $path = substr($path, 2); + $path_prefix = ''; } } + else if (isset($_SERVER['SCRIPT_FILENAME']) && !empty($_SERVER['SCRIPT_FILENAME'])) + { + // Warning: If chdir() has been used this will lie! + // Warning: This has some problems sometime (CLI can create them easily) + $path = str_replace(DIRECTORY_SEPARATOR, '/', dirname($_SERVER['SCRIPT_FILENAME'])) . '/' . $path; + $absolute = true; + $path_prefix = ''; + } else { - // Relative Path - // Prepend the current working directory - if (function_exists('getcwd')) - { - // This is the best method, hopefully it is enabled! - $path = str_replace(DIRECTORY_SEPARATOR, '/', getcwd()) . '/' . $path; - $absolute = true; - if (preg_match('#^[a-z]:#i', $path)) - { - $path_prefix = $path[0] . ':'; - $path = substr($path, 2); - } - else - { - $path_prefix = ''; - } - } - else if (isset($_SERVER['SCRIPT_FILENAME']) && !empty($_SERVER['SCRIPT_FILENAME'])) - { - // Warning: If chdir() has been used this will lie! - // Warning: This has some problems sometime (CLI can create them easily) - $path = str_replace(DIRECTORY_SEPARATOR, '/', dirname($_SERVER['SCRIPT_FILENAME'])) . '/' . $path; - $absolute = true; - $path_prefix = ''; - } - else - { - // We have no way of getting the absolute path, just run on using relative ones. - $absolute = false; - $path_prefix = '.'; - } + // We have no way of getting the absolute path, just run on using relative ones. + $absolute = false; + $path_prefix = '.'; } + } - // Remove any repeated slashes - $path = preg_replace('#/{2,}#', '/', $path); + // Remove any repeated slashes + $path = preg_replace('#/{2,}#', '/', $path); - // Remove the slashes from the start and end of the path - $path = trim($path, '/'); + // Remove the slashes from the start and end of the path + $path = trim($path, '/'); - // Break the string into little bits for us to nibble on - $bits = explode('/', $path); + // Break the string into little bits for us to nibble on + $bits = explode('/', $path); - // Remove any . in the path, renumber array for the loop below - $bits = array_values(array_diff($bits, array('.'))); + // Remove any . in the path, renumber array for the loop below + $bits = array_values(array_diff($bits, array('.'))); - // Lets get looping, run over and resolve any .. (up directory) - for ($i = 0, $max = sizeof($bits); $i < $max; $i++) + // Lets get looping, run over and resolve any .. (up directory) + for ($i = 0, $max = sizeof($bits); $i < $max; $i++) + { + // @todo Optimise + if ($bits[$i] == '..' ) { - // @todo Optimise - if ($bits[$i] == '..' ) + if (isset($bits[$i - 1])) { - if (isset($bits[$i - 1])) - { - if ($bits[$i - 1] != '..') - { - // We found a .. and we are able to traverse upwards, lets do it! - unset($bits[$i]); - unset($bits[$i - 1]); - $i -= 2; - $max -= 2; - $bits = array_values($bits); - } - } - else if ($absolute) // ie. !isset($bits[$i - 1]) && $absolute + if ($bits[$i - 1] != '..') { - // We have an absolute path trying to descend above the root of the filesystem - // ... Error! - return false; + // We found a .. and we are able to traverse upwards, lets do it! + unset($bits[$i]); + unset($bits[$i - 1]); + $i -= 2; + $max -= 2; + $bits = array_values($bits); } } + else if ($absolute) // ie. !isset($bits[$i - 1]) && $absolute + { + // We have an absolute path trying to descend above the root of the filesystem + // ... Error! + return false; + } } + } - // Prepend the path prefix - array_unshift($bits, $path_prefix); + // Prepend the path prefix + array_unshift($bits, $path_prefix); - $resolved = ''; + $resolved = ''; - $max = sizeof($bits) - 1; + $max = sizeof($bits) - 1; - // Check if we are able to resolve symlinks, Windows cannot. - $symlink_resolve = (function_exists('readlink')) ? true : false; + // Check if we are able to resolve symlinks, Windows cannot. + $symlink_resolve = (function_exists('readlink')) ? true : false; - foreach ($bits as $i => $bit) + foreach ($bits as $i => $bit) + { + if (@is_dir("$resolved/$bit") || ($i == $max && @is_file("$resolved/$bit"))) { - if (@is_dir("$resolved/$bit") || ($i == $max && @is_file("$resolved/$bit"))) - { - // Path Exists - if ($symlink_resolve && is_link("$resolved/$bit") && ($link = readlink("$resolved/$bit"))) - { - // Resolved a symlink. - $resolved = $link . (($i == $max) ? '' : '/'); - continue; - } - } - else + // Path Exists + if ($symlink_resolve && is_link("$resolved/$bit") && ($link = readlink("$resolved/$bit"))) { - // Something doesn't exist here! - // This is correct realpath() behaviour but sadly open_basedir and safe_mode make this problematic - // return false; + // Resolved a symlink. + $resolved = $link . (($i == $max) ? '' : '/'); + continue; } - $resolved .= $bit . (($i == $max) ? '' : '/'); } - - // @todo If the file exists fine and open_basedir only has one path we should be able to prepend it - // because we must be inside that basedir, the question is where... - // @internal The slash in is_dir() gets around an open_basedir restriction - if (!@file_exists($resolved) || (!is_dir($resolved . '/') && !is_file($resolved))) + else { - return false; + // Something doesn't exist here! + // This is correct realpath() behaviour but sadly open_basedir and safe_mode make this problematic + // return false; } + $resolved .= $bit . (($i == $max) ? '' : '/'); + } - // Put the slashes back to the native operating systems slashes - $resolved = str_replace('/', DIRECTORY_SEPARATOR, $resolved); + // @todo If the file exists fine and open_basedir only has one path we should be able to prepend it + // because we must be inside that basedir, the question is where... + // @internal The slash in is_dir() gets around an open_basedir restriction + if (!@file_exists($resolved) || (!is_dir($resolved . '/') && !is_file($resolved))) + { + return false; + } - // Check for DIRECTORY_SEPARATOR at the end (and remove it!) - if (substr($resolved, -1) == DIRECTORY_SEPARATOR) - { - return substr($resolved, 0, -1); - } + // Put the slashes back to the native operating systems slashes + $resolved = str_replace('/', DIRECTORY_SEPARATOR, $resolved); - return $resolved; // We got here, in the end! + // Check for DIRECTORY_SEPARATOR at the end (and remove it!) + if (substr($resolved, -1) == DIRECTORY_SEPARATOR) + { + return substr($resolved, 0, -1); } + + return $resolved; // We got here, in the end! } -else + +if (!function_exists('realpath')) { /** * A wrapper for realpath @@ -701,15 +699,32 @@ else */ function phpbb_realpath($path) { - $path = realpath($path); + return phpbb_own_realpath($path); + } +} +else +{ + /** + * A wrapper for realpath + */ + function phpbb_realpath($path) + { + $realpath = realpath($path); + + // Strangely there are provider not disabling realpath but returning strange values. :o + // We at least try to cope with them. + if ($realpath === $path || $realpath === false) + { + return phpbb_own_realpath($path); + } // Check for DIRECTORY_SEPARATOR at the end (and remove it!) - if (substr($path, -1) == DIRECTORY_SEPARATOR) + if (substr($realpath, -1) == DIRECTORY_SEPARATOR) { - return substr($path, 0, -1); + $realpath = substr($realpath, 0, -1); } - return $path; + return $realpath; } } |