diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2013-12-21 16:31:20 +0100 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2013-12-21 16:31:20 +0100 |
| commit | 235d2069e0e7cecfd51d4eed5c875cc865f35486 (patch) | |
| tree | 20f6ad44215d47cfe61ea65075b007de96585d72 /phpBB/includes/functions.php | |
| parent | 15913fdf79b8e41049e3263e5e27e6690effc65e (diff) | |
| download | forums-235d2069e0e7cecfd51d4eed5c875cc865f35486.tar forums-235d2069e0e7cecfd51d4eed5c875cc865f35486.tar.gz forums-235d2069e0e7cecfd51d4eed5c875cc865f35486.tar.bz2 forums-235d2069e0e7cecfd51d4eed5c875cc865f35486.tar.xz forums-235d2069e0e7cecfd51d4eed5c875cc865f35486.zip | |
[ticket/11997] Allow redirects to parent folders like previously
Redirects to parent folders were possible with the previous redirect function.
This change will allow these redirects again.
PHPBB3-11997
Diffstat (limited to 'phpBB/includes/functions.php')
| -rw-r--r-- | phpBB/includes/functions.php | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index d874b7b19e..4c9c3323f7 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2653,7 +2653,7 @@ function generate_board_url($without_script_path = false) */ function redirect($url, $return = false, $disable_cd_check = false) { - global $db, $cache, $config, $user, $phpbb_root_path, $phpbb_filesystem, $phpbb_path_helper; + global $db, $cache, $config, $user, $phpbb_root_path, $phpbb_filesystem, $phpbb_path_helper, $phpEx; $failover_flag = false; @@ -2696,14 +2696,15 @@ function redirect($url, $return = false, $disable_cd_check = false) // Relative uri $pathinfo = pathinfo($url); - // Also treat URLs that have a non-existing basename - if (!$disable_cd_check && (!file_exists($pathinfo['dirname'] . '/') || !file_exists($pathinfo['basename']))) + // Also treat URLs that have a non-existing basename and fit + // controller style URLs + if (!$disable_cd_check && (!file_exists($pathinfo['dirname'] . '/') || (!file_exists($url) && preg_match('/^[\.]?+[\/]?+(?:app\.php)?+[a-zA-Z0-9\/]/', $url)))) { $url = str_replace('../', '', $url); $pathinfo = pathinfo($url); // Also treat URLs that have a non-existing basename - if (!file_exists($pathinfo['dirname'] . '/') || !file_exists($pathinfo['basename'])) + if (!file_exists($pathinfo['dirname'] . '/') || (!file_exists($url) && preg_match('/^[\.]?+[\/]?+(?:app\.php)?+[a-zA-Z0-9\/]/', $url))) { // fallback to "last known user page" // at least this way we know the user does not leave the phpBB root |