diff options
| author | Nathan Guse <nathaniel.guse@gmail.com> | 2013-09-02 15:55:22 -0700 |
|---|---|---|
| committer | Nathan Guse <nathaniel.guse@gmail.com> | 2013-09-02 15:55:22 -0700 |
| commit | 4fd99a7b2e8cfad9a7836649fc7eafcdd2a7a4b5 (patch) | |
| tree | 8b8821a578ba111095acaeffda47767985c96385 /phpBB | |
| parent | 67f89cc319998ee0feb5dba013a3bac452f1d4b7 (diff) | |
| parent | 918ffc10e173bed411a27ba627aa01f1b1c4fa51 (diff) | |
| download | forums-4fd99a7b2e8cfad9a7836649fc7eafcdd2a7a4b5.tar forums-4fd99a7b2e8cfad9a7836649fc7eafcdd2a7a4b5.tar.gz forums-4fd99a7b2e8cfad9a7836649fc7eafcdd2a7a4b5.tar.bz2 forums-4fd99a7b2e8cfad9a7836649fc7eafcdd2a7a4b5.tar.xz forums-4fd99a7b2e8cfad9a7836649fc7eafcdd2a7a4b5.zip | |
Merge pull request #1102 from imkingdavid/ticket/11215
[ticket/11215] Correct paths when path info is used for controller access
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/.htaccess | 24 | ||||
| -rw-r--r-- | phpBB/app.php | 1 | ||||
| -rw-r--r-- | phpBB/common.php | 3 | ||||
| -rw-r--r-- | phpBB/config/services.yml | 1 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 67 | ||||
| -rw-r--r-- | phpBB/phpbb/controller/helper.php | 33 |
6 files changed, 95 insertions, 34 deletions
diff --git a/phpBB/.htaccess b/phpBB/.htaccess index 474f9774c2..6f33916775 100644 --- a/phpBB/.htaccess +++ b/phpBB/.htaccess @@ -1,12 +1,30 @@ +<IfModule mod_rewrite.c> +RewriteEngine on + # # Uncomment the statement below if you want to make use of # HTTP authentication and it does not already work. # This could be required if you are for example using PHP via Apache CGI. # -#<IfModule mod_rewrite.c> -#RewriteEngine on #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] -#</IfModule> + +# +# The following 3 lines will rewrite URLs passed through the front controller +# to not require app.php in the actual URL. In other words, a controller is +# by default accessed at /app.php/my/controller, but can also be accessed at +# /my/controller +# +RewriteCond %{REQUEST_FILENAME} !-f +RewriteCond %{REQUEST_FILENAME} !-d +RewriteRule ^(.*)$ app.php [QSA,L] + +# +# If symbolic links are not already being followed, +# uncomment the line below. +# http://anothersysadmin.wordpress.com/2008/06/10/mod_rewrite-forbidden-403-with-apache-228/ +# +#Options +FollowSymLinks +</IfModule> <Files "config.php"> Order Allow,Deny diff --git a/phpBB/app.php b/phpBB/app.php index d93208d585..f1023ff1b5 100644 --- a/phpBB/app.php +++ b/phpBB/app.php @@ -24,7 +24,6 @@ $user->session_begin(); $auth->acl($user->data); $user->setup('app'); -$symfony_request = phpbb_create_symfony_request($request); $http_kernel = $phpbb_container->get('http_kernel'); $response = $http_kernel->handle($symfony_request); $response->send(); diff --git a/phpBB/common.php b/phpBB/common.php index 6a1f307d64..a7b7db28ac 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -109,6 +109,9 @@ $db = $phpbb_container->get('dbal.conn'); // make sure request_var uses this request instance request_var('', 0, false, false, $request); // "dependency injection" for a function +// Create a Symfony Request object from our phpbb_request object +$symfony_request = phpbb_create_symfony_request($request); + // Grab global variables, re-cache if necessary $config = $phpbb_container->get('config'); set_config(null, null, null, $config); diff --git a/phpBB/config/services.yml b/phpBB/config/services.yml index d0753322da..2808e81337 100644 --- a/phpBB/config/services.yml +++ b/phpBB/config/services.yml @@ -90,6 +90,7 @@ services: arguments: - @template - @user + - @request - %core.root_path% - %core.php_ext% diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 3db843ffd1..4d2d704a43 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2413,6 +2413,7 @@ function append_sid($url, $params = false, $is_amp = true, $session_id = false) { global $_SID, $_EXTRA_URL, $phpbb_hook; global $phpbb_dispatcher; + global $symfony_request, $phpbb_root_path; if ($params === '' || (is_array($params) && empty($params))) { @@ -2420,6 +2421,12 @@ function append_sid($url, $params = false, $is_amp = true, $session_id = false) $params = false; } + $corrected_path = $symfony_request !== null ? phpbb_get_web_root_path($symfony_request, $phpbb_root_path) : ''; + if ($corrected_path) + { + $url = substr($corrected_path . $url, strlen($phpbb_root_path)); + } + $append_sid_overwrite = false; /** @@ -5051,7 +5058,7 @@ function phpbb_build_hidden_fields_for_query_params($request, $exclude = null) function page_header($page_title = '', $display_online_list = true, $item_id = 0, $item = 'forum') { global $db, $config, $template, $SID, $_SID, $_EXTRA_URL, $user, $auth, $phpEx, $phpbb_root_path; - global $phpbb_dispatcher, $request, $phpbb_container; + global $phpbb_dispatcher, $request, $phpbb_container, $symfony_request; if (defined('HEADER_INC')) { @@ -5208,7 +5215,11 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 // Determine board url - we may need it later $board_url = generate_board_url() . '/'; - $web_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? $board_url : $phpbb_root_path; + // This path is sent with the base template paths in the assign_vars() + // call below. We need to correct it in case we are accessing from a + // controller because the web paths will be incorrect otherwise. + $corrected_path = $symfony_request !== null ? phpbb_get_web_root_path($symfony_request, $phpbb_root_path) : ''; + $web_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? $board_url : $corrected_path; // Send a proper content-language to the output $user_lang = $user->lang['USER_LANG']; @@ -5682,6 +5693,16 @@ function phpbb_convert_30_dbms_to_31($dbms) */ function phpbb_create_symfony_request(phpbb_request $request) { + // If we have already gotten it, don't go back through all the trouble of + // creating it again; instead, just return it. This allows multiple calls + // of this method so we don't have to globalize $symfony_request in other + // functions. + static $symfony_request; + if (null !== $symfony_request) + { + return $symfony_request; + } + // This function is meant to sanitize the global input arrays $sanitizer = function(&$value, $key) { $type_cast_helper = new phpbb_request_type_cast_helper(); @@ -5701,21 +5722,39 @@ function phpbb_create_symfony_request(phpbb_request $request) array_walk_recursive($get_parameters, $sanitizer); array_walk_recursive($post_parameters, $sanitizer); - // Until we fix the issue with relative paths, we have to fake path info - // to allow urls like app.php?controller=foo/bar - $controller = $request->variable('controller', ''); - $path_info = '/' . $controller; - $request_uri = $server_parameters['REQUEST_URI']; + $symfony_request = new Request($get_parameters, $post_parameters, array(), $cookie_parameters, $files_parameters, $server_parameters); + return $symfony_request; +} - // Remove the query string from REQUEST_URI - if ($pos = strpos($request_uri, '?')) +/** +* Get a relative root path from the current URL +* +* @param Request $symfony_request Symfony Request object +*/ +function phpbb_get_web_root_path(Request $symfony_request, $phpbb_root_path = '') +{ + static $path; + if (null !== $path) + { + return $path; + } + + $path_info = $symfony_request->getPathInfo(); + if ($path_info === '/') { - $request_uri = substr($request_uri, 0, $pos); + $path = $phpbb_root_path; + return $path; } - // Add the path info (i.e. controller route) to the REQUEST_URI - $server_parameters['REQUEST_URI'] = $request_uri . $path_info; - $server_parameters['SCRIPT_NAME'] = ''; + $corrections = substr_count($path_info, '/'); + + // When URL Rewriting is enabled, app.php is optional. We have to + // correct for it not being there + if (strpos($symfony_request->getRequestUri(), $symfony_request->getScriptName()) === false) + { + $corrections -= 1; + } - return new Request($get_parameters, $post_parameters, array(), $cookie_parameters, $files_parameters, $server_parameters); + $path = $phpbb_root_path . str_repeat('../', $corrections); + return $path; } diff --git a/phpBB/phpbb/controller/helper.php b/phpBB/phpbb/controller/helper.php index 74410ddfd1..4d240f9380 100644 --- a/phpBB/phpbb/controller/helper.php +++ b/phpBB/phpbb/controller/helper.php @@ -36,6 +36,12 @@ class phpbb_controller_helper protected $user; /** + * Request object + * @var phpbb_request + */ + protected $request; + + /** * phpBB root path * @var string */ @@ -55,10 +61,11 @@ class phpbb_controller_helper * @param string $phpbb_root_path phpBB root path * @param string $php_ext PHP extension */ - public function __construct(phpbb_template $template, phpbb_user $user, $phpbb_root_path, $php_ext) + public function __construct(phpbb_template $template, phpbb_user $user, phpbb_request_interface $request, $phpbb_root_path, $php_ext) { $this->template = $template; $this->user = $user; + $this->request = $request; $this->phpbb_root_path = $phpbb_root_path; $this->php_ext = $php_ext; } @@ -102,22 +109,16 @@ class phpbb_controller_helper $route = substr($route, 0, $route_delim); } - if (is_array($params) && !empty($params)) - { - $params = array_merge(array( - 'controller' => $route, - ), $params); - } - else if (is_string($params) && $params) - { - $params = 'controller=' . $route . (($is_amp) ? '&' : '&') . $params; - } - else - { - $params = array('controller' => $route); - } + $request_uri = $this->request->variable('REQUEST_URI', '', false, phpbb_request::SERVER); + $script_name = $this->request->variable('SCRIPT_NAME', '', false, phpbb_request::SERVER); + + // If the app.php file is being used (no rewrite) keep it in the URL. + // Otherwise, don't include it. + $route_prefix = $this->phpbb_root_path; + $parts = explode('/', $script_name); + $route_prefix .= strpos($request_uri, $script_name) === 0 ? array_pop($parts) . '/' : ''; - return append_sid($this->phpbb_root_path . 'app.' . $this->php_ext . $route_params, $params, $is_amp, $session_id); + return append_sid($route_prefix . "$route" . $route_params, $params, $is_amp, $session_id); } /** |