diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2014-06-26 15:07:05 +0200 | 
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2014-06-26 15:07:05 +0200 | 
| commit | 9b27d00d5fc8228ec4f9150aa26bcf450dc45524 (patch) | |
| tree | e2c97576903b834d04178c6d15db419bbd3497c2 /phpBB/phpbb | |
| parent | 69b9aa2859441116c02ea0b36f6f3a53b8c1eda1 (diff) | |
| parent | e71f65c2bb8a810f669b275856cf7e3654d34810 (diff) | |
| download | forums-9b27d00d5fc8228ec4f9150aa26bcf450dc45524.tar forums-9b27d00d5fc8228ec4f9150aa26bcf450dc45524.tar.gz forums-9b27d00d5fc8228ec4f9150aa26bcf450dc45524.tar.bz2 forums-9b27d00d5fc8228ec4f9150aa26bcf450dc45524.tar.xz forums-9b27d00d5fc8228ec4f9150aa26bcf450dc45524.zip | |
Merge remote-tracking branch 'nickvergessen/ticket/12099' into develop-ascraeus
* nickvergessen/ticket/12099:
  [ticket/12099] Fix correction in path_helper test
  [ticket/12099] Prepend ./ to path to fix assets
  [ticket/12099] Deduplicate path generation
  [ticket/12099] Fix clean_path() ".." stripping when previous directory was "."
  [ticket/12099] Break clean_path tests with a simple test
  [ticket/12099] Clean paths in tests
  [ticket/12099] Correctly fix go back to root before prepending the root path
  [ticket/12099] Clean some paths before using them
  [ticket/12099] Fix several issues in path_helper test
Diffstat (limited to 'phpBB/phpbb')
| -rw-r--r-- | phpBB/phpbb/filesystem.php | 2 | ||||
| -rw-r--r-- | phpBB/phpbb/path_helper.php | 31 | 
2 files changed, 13 insertions, 20 deletions
| diff --git a/phpBB/phpbb/filesystem.php b/phpBB/phpbb/filesystem.php index 683a12ab76..77517082e5 100644 --- a/phpBB/phpbb/filesystem.php +++ b/phpBB/phpbb/filesystem.php @@ -35,7 +35,7 @@ class filesystem  				continue;  			} -			if ($part === '..' && !empty($filtered) && $filtered[sizeof($filtered) - 1] !== '..') +			if ($part === '..' && !empty($filtered) && $filtered[sizeof($filtered) - 1] !== '.' && $filtered[sizeof($filtered) - 1] !== '..')  			{  				array_pop($filtered);  			} diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index a5314d2ce1..b592cc4460 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -98,7 +98,7 @@ class path_helper  		{  			$path = substr($path, strlen($this->phpbb_root_path)); -			return $this->get_web_root_path() . $path; +			return $this->filesystem->clean_path($this->get_web_root_path() . $path);  		}  		return $path; @@ -158,7 +158,7 @@ class path_helper  		*/  		if ($path_info === '/' && preg_match('/app\.' . $this->php_ext . '\/$/', $request_uri))  		{ -			return $this->web_root_path = $this->phpbb_root_path . '../'; +			return $this->web_root_path = $this->filesystem->clean_path('./../' . $this->phpbb_root_path);  		}  		/* @@ -174,27 +174,20 @@ class path_helper  		$corrections = substr_count($path_info, '/');  		/* -		* If the script name (e.g. phpBB/app.php) exists in the -		*	requestUri (e.g. phpBB/app.php/foo/template), then we -		*	are have a non-rewritten URL. +		* If the script name (e.g. phpBB/app.php) does not exists in the +		* requestUri (e.g. phpBB/app.php/foo/template), then we are rewriting +		* the URL. So we must reduce the slash count by 1.  		*/ -		if (strpos($request_uri, $script_name) === 0) +		if (strpos($request_uri, $script_name) !== 0)  		{ -			/* -			* Append ../ to the end of the phpbb_root_path as many times -			*	as / exists in path_info -			*/ -			return $this->web_root_path = $this->phpbb_root_path . str_repeat('../', $corrections); +			$corrections--;  		} -		/* -		* If we're here it means we're at a re-written path, so we must -		*	correct the relative path for web URLs. We must append ../ -		*	to the end of the root path as many times as / exists in path_info -		*	less one time (because the script, e.g. /app.php, doesn't exist in -		*	the URL) -		*/ -		return $this->web_root_path = $this->phpbb_root_path . str_repeat('../', $corrections - 1); +		// Prepend ../ to the phpbb_root_path as many times as / exists in path_info +		$this->web_root_path = $this->filesystem->clean_path( +			'./' . str_repeat('../', $corrections) . $this->phpbb_root_path +		); +		return $this->web_root_path;  	}  	/** | 
