aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB
diff options
context:
space:
mode:
authorNathan Guse <nathaniel.guse@gmail.com>2013-09-02 15:55:22 -0700
committerNathan Guse <nathaniel.guse@gmail.com>2013-09-02 15:55:22 -0700
commit4fd99a7b2e8cfad9a7836649fc7eafcdd2a7a4b5 (patch)
tree8b8821a578ba111095acaeffda47767985c96385 /phpBB
parent67f89cc319998ee0feb5dba013a3bac452f1d4b7 (diff)
parent918ffc10e173bed411a27ba627aa01f1b1c4fa51 (diff)
downloadforums-4fd99a7b2e8cfad9a7836649fc7eafcdd2a7a4b5.tar
forums-4fd99a7b2e8cfad9a7836649fc7eafcdd2a7a4b5.tar.gz
forums-4fd99a7b2e8cfad9a7836649fc7eafcdd2a7a4b5.tar.bz2
forums-4fd99a7b2e8cfad9a7836649fc7eafcdd2a7a4b5.tar.xz
forums-4fd99a7b2e8cfad9a7836649fc7eafcdd2a7a4b5.zip
Merge pull request #1102 from imkingdavid/ticket/11215
[ticket/11215] Correct paths when path info is used for controller access
Diffstat (limited to 'phpBB')
-rw-r--r--phpBB/.htaccess24
-rw-r--r--phpBB/app.php1
-rw-r--r--phpBB/common.php3
-rw-r--r--phpBB/config/services.yml1
-rw-r--r--phpBB/includes/functions.php67
-rw-r--r--phpBB/phpbb/controller/helper.php33
6 files changed, 95 insertions, 34 deletions
diff --git a/phpBB/.htaccess b/phpBB/.htaccess
index 474f9774c2..6f33916775 100644
--- a/phpBB/.htaccess
+++ b/phpBB/.htaccess
@@ -1,12 +1,30 @@
+<IfModule mod_rewrite.c>
+RewriteEngine on
+
#
# Uncomment the statement below if you want to make use of
# HTTP authentication and it does not already work.
# This could be required if you are for example using PHP via Apache CGI.
#
-#<IfModule mod_rewrite.c>
-#RewriteEngine on
#RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
-#</IfModule>
+
+#
+# The following 3 lines will rewrite URLs passed through the front controller
+# to not require app.php in the actual URL. In other words, a controller is
+# by default accessed at /app.php/my/controller, but can also be accessed at
+# /my/controller
+#
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteCond %{REQUEST_FILENAME} !-d
+RewriteRule ^(.*)$ app.php [QSA,L]
+
+#
+# If symbolic links are not already being followed,
+# uncomment the line below.
+# http://anothersysadmin.wordpress.com/2008/06/10/mod_rewrite-forbidden-403-with-apache-228/
+#
+#Options +FollowSymLinks
+</IfModule>
<Files "config.php">
Order Allow,Deny
diff --git a/phpBB/app.php b/phpBB/app.php
index d93208d585..f1023ff1b5 100644
--- a/phpBB/app.php
+++ b/phpBB/app.php
@@ -24,7 +24,6 @@ $user->session_begin();
$auth->acl($user->data);
$user->setup('app');
-$symfony_request = phpbb_create_symfony_request($request);
$http_kernel = $phpbb_container->get('http_kernel');
$response = $http_kernel->handle($symfony_request);
$response->send();
diff --git a/phpBB/common.php b/phpBB/common.php
index 6a1f307d64..a7b7db28ac 100644
--- a/phpBB/common.php
+++ b/phpBB/common.php
@@ -109,6 +109,9 @@ $db = $phpbb_container->get('dbal.conn');
// make sure request_var uses this request instance
request_var('', 0, false, false, $request); // "dependency injection" for a function
+// Create a Symfony Request object from our phpbb_request object
+$symfony_request = phpbb_create_symfony_request($request);
+
// Grab global variables, re-cache if necessary
$config = $phpbb_container->get('config');
set_config(null, null, null, $config);
diff --git a/phpBB/config/services.yml b/phpBB/config/services.yml
index d0753322da..2808e81337 100644
--- a/phpBB/config/services.yml
+++ b/phpBB/config/services.yml
@@ -90,6 +90,7 @@ services:
arguments:
- @template
- @user
+ - @request
- %core.root_path%
- %core.php_ext%
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 3db843ffd1..4d2d704a43 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -2413,6 +2413,7 @@ function append_sid($url, $params = false, $is_amp = true, $session_id = false)
{
global $_SID, $_EXTRA_URL, $phpbb_hook;
global $phpbb_dispatcher;
+ global $symfony_request, $phpbb_root_path;
if ($params === '' || (is_array($params) && empty($params)))
{
@@ -2420,6 +2421,12 @@ function append_sid($url, $params = false, $is_amp = true, $session_id = false)
$params = false;
}
+ $corrected_path = $symfony_request !== null ? phpbb_get_web_root_path($symfony_request, $phpbb_root_path) : '';
+ if ($corrected_path)
+ {
+ $url = substr($corrected_path . $url, strlen($phpbb_root_path));
+ }
+
$append_sid_overwrite = false;
/**
@@ -5051,7 +5058,7 @@ function phpbb_build_hidden_fields_for_query_params($request, $exclude = null)
function page_header($page_title = '', $display_online_list = true, $item_id = 0, $item = 'forum')
{
global $db, $config, $template, $SID, $_SID, $_EXTRA_URL, $user, $auth, $phpEx, $phpbb_root_path;
- global $phpbb_dispatcher, $request, $phpbb_container;
+ global $phpbb_dispatcher, $request, $phpbb_container, $symfony_request;
if (defined('HEADER_INC'))
{
@@ -5208,7 +5215,11 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
// Determine board url - we may need it later
$board_url = generate_board_url() . '/';
- $web_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? $board_url : $phpbb_root_path;
+ // This path is sent with the base template paths in the assign_vars()
+ // call below. We need to correct it in case we are accessing from a
+ // controller because the web paths will be incorrect otherwise.
+ $corrected_path = $symfony_request !== null ? phpbb_get_web_root_path($symfony_request, $phpbb_root_path) : '';
+ $web_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? $board_url : $corrected_path;
// Send a proper content-language to the output
$user_lang = $user->lang['USER_LANG'];
@@ -5682,6 +5693,16 @@ function phpbb_convert_30_dbms_to_31($dbms)
*/
function phpbb_create_symfony_request(phpbb_request $request)
{
+ // If we have already gotten it, don't go back through all the trouble of
+ // creating it again; instead, just return it. This allows multiple calls
+ // of this method so we don't have to globalize $symfony_request in other
+ // functions.
+ static $symfony_request;
+ if (null !== $symfony_request)
+ {
+ return $symfony_request;
+ }
+
// This function is meant to sanitize the global input arrays
$sanitizer = function(&$value, $key) {
$type_cast_helper = new phpbb_request_type_cast_helper();
@@ -5701,21 +5722,39 @@ function phpbb_create_symfony_request(phpbb_request $request)
array_walk_recursive($get_parameters, $sanitizer);
array_walk_recursive($post_parameters, $sanitizer);
- // Until we fix the issue with relative paths, we have to fake path info
- // to allow urls like app.php?controller=foo/bar
- $controller = $request->variable('controller', '');
- $path_info = '/' . $controller;
- $request_uri = $server_parameters['REQUEST_URI'];
+ $symfony_request = new Request($get_parameters, $post_parameters, array(), $cookie_parameters, $files_parameters, $server_parameters);
+ return $symfony_request;
+}
- // Remove the query string from REQUEST_URI
- if ($pos = strpos($request_uri, '?'))
+/**
+* Get a relative root path from the current URL
+*
+* @param Request $symfony_request Symfony Request object
+*/
+function phpbb_get_web_root_path(Request $symfony_request, $phpbb_root_path = '')
+{
+ static $path;
+ if (null !== $path)
+ {
+ return $path;
+ }
+
+ $path_info = $symfony_request->getPathInfo();
+ if ($path_info === '/')
{
- $request_uri = substr($request_uri, 0, $pos);
+ $path = $phpbb_root_path;
+ return $path;
}
- // Add the path info (i.e. controller route) to the REQUEST_URI
- $server_parameters['REQUEST_URI'] = $request_uri . $path_info;
- $server_parameters['SCRIPT_NAME'] = '';
+ $corrections = substr_count($path_info, '/');
+
+ // When URL Rewriting is enabled, app.php is optional. We have to
+ // correct for it not being there
+ if (strpos($symfony_request->getRequestUri(), $symfony_request->getScriptName()) === false)
+ {
+ $corrections -= 1;
+ }
- return new Request($get_parameters, $post_parameters, array(), $cookie_parameters, $files_parameters, $server_parameters);
+ $path = $phpbb_root_path . str_repeat('../', $corrections);
+ return $path;
}
diff --git a/phpBB/phpbb/controller/helper.php b/phpBB/phpbb/controller/helper.php
index 74410ddfd1..4d240f9380 100644
--- a/phpBB/phpbb/controller/helper.php
+++ b/phpBB/phpbb/controller/helper.php
@@ -36,6 +36,12 @@ class phpbb_controller_helper
protected $user;
/**
+ * Request object
+ * @var phpbb_request
+ */
+ protected $request;
+
+ /**
* phpBB root path
* @var string
*/
@@ -55,10 +61,11 @@ class phpbb_controller_helper
* @param string $phpbb_root_path phpBB root path
* @param string $php_ext PHP extension
*/
- public function __construct(phpbb_template $template, phpbb_user $user, $phpbb_root_path, $php_ext)
+ public function __construct(phpbb_template $template, phpbb_user $user, phpbb_request_interface $request, $phpbb_root_path, $php_ext)
{
$this->template = $template;
$this->user = $user;
+ $this->request = $request;
$this->phpbb_root_path = $phpbb_root_path;
$this->php_ext = $php_ext;
}
@@ -102,22 +109,16 @@ class phpbb_controller_helper
$route = substr($route, 0, $route_delim);
}
- if (is_array($params) && !empty($params))
- {
- $params = array_merge(array(
- 'controller' => $route,
- ), $params);
- }
- else if (is_string($params) && $params)
- {
- $params = 'controller=' . $route . (($is_amp) ? '&amp;' : '&') . $params;
- }
- else
- {
- $params = array('controller' => $route);
- }
+ $request_uri = $this->request->variable('REQUEST_URI', '', false, phpbb_request::SERVER);
+ $script_name = $this->request->variable('SCRIPT_NAME', '', false, phpbb_request::SERVER);
+
+ // If the app.php file is being used (no rewrite) keep it in the URL.
+ // Otherwise, don't include it.
+ $route_prefix = $this->phpbb_root_path;
+ $parts = explode('/', $script_name);
+ $route_prefix .= strpos($request_uri, $script_name) === 0 ? array_pop($parts) . '/' : '';
- return append_sid($this->phpbb_root_path . 'app.' . $this->php_ext . $route_params, $params, $is_amp, $session_id);
+ return append_sid($route_prefix . "$route" . $route_params, $params, $is_amp, $session_id);
}
/**