aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/phpbb/path_helper.php
diff options
context:
space:
mode:
authorMarc Alexander <admin@m-a-styles.de>2014-11-09 22:29:25 +0100
committerMarc Alexander <admin@m-a-styles.de>2014-11-09 23:00:39 +0100
commit9bb302b92ca58d9204290363b190ef4b57009ec6 (patch)
tree478fd74bcfe25b6975043179849824c16920034c /phpBB/phpbb/path_helper.php
parent0e772afb9db640e54e84cfccaddcf74f3edbb3fb (diff)
downloadforums-9bb302b92ca58d9204290363b190ef4b57009ec6.tar
forums-9bb302b92ca58d9204290363b190ef4b57009ec6.tar.gz
forums-9bb302b92ca58d9204290363b190ef4b57009ec6.tar.bz2
forums-9bb302b92ca58d9204290363b190ef4b57009ec6.tar.xz
forums-9bb302b92ca58d9204290363b190ef4b57009ec6.zip
[ticket/security-169] Stop loop through referer dir in top directory
SECURITY-169
Diffstat (limited to 'phpBB/phpbb/path_helper.php')
-rw-r--r--phpBB/phpbb/path_helper.php8
1 files changed, 7 insertions, 1 deletions
diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php
index 936564d8b6..3c4f17d1b7 100644
--- a/phpBB/phpbb/path_helper.php
+++ b/phpBB/phpbb/path_helper.php
@@ -278,10 +278,16 @@ class path_helper
$referer_dir = dirname($referer_dir);
}
- while (strpos($absolute_board_url, $referer_dir) !== 0)
+ while (($dir_position = strpos($absolute_board_url, $referer_dir)) !== 0)
{
$fixed_root_path .= '../';
$referer_dir = dirname($referer_dir);
+
+ // Just return phpbb_root_path if we reach the top directory
+ if ($referer_dir === '.')
+ {
+ return $this->phpbb_root_path;
+ }
}
$fixed_root_path .= substr($absolute_board_url, strlen($referer_dir) + 1);
generated by cgit v1.2.1 (git 2.21.0) at 2025-04-06 22:00:17 +0000