diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2013-12-07 13:25:04 +0100 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2013-12-07 13:25:04 +0100 |
| commit | a7f2788c72dd45b65de494ca72d13aaee3b140d6 (patch) | |
| tree | 5165902490f264c76f84586158e7a40de3e0f8ea /phpBB | |
| parent | 8bbede425193caa57be81638b8377c2c9a21e022 (diff) | |
| download | forums-a7f2788c72dd45b65de494ca72d13aaee3b140d6.tar forums-a7f2788c72dd45b65de494ca72d13aaee3b140d6.tar.gz forums-a7f2788c72dd45b65de494ca72d13aaee3b140d6.tar.bz2 forums-a7f2788c72dd45b65de494ca72d13aaee3b140d6.tar.xz forums-a7f2788c72dd45b65de494ca72d13aaee3b140d6.zip | |
[ticket/11997] Use get_controller_redirect_url() in redirect() function
This method of path_helper will now be used instead of the previous hack
of the phpbb_own_realpath() function.
PHPBB3-11997
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/includes/functions.php | 116 |
1 files changed, 70 insertions, 46 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 588a060630..9569a6de82 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2655,6 +2655,8 @@ function redirect($url, $return = false, $disable_cd_check = false) { global $db, $cache, $config, $user, $phpbb_root_path, $phpbb_filesystem, $phpbb_path_helper; + $failover_flag = false; + if (empty($user->lang)) { $user->add_lang('common'); @@ -2668,16 +2670,6 @@ function redirect($url, $return = false, $disable_cd_check = false) // Make sure no &'s are in, this will break the redirect $url = str_replace('&', '&', $url); - // The url currently uses the web root path. - // However as we prepend the full board url later, - // we need to remove the relative web root path and - // prepend the normal root path again. Otherwise redirects - // from inside routes will not work as intended. - if ($phpbb_path_helper instanceof \phpbb\path_helper) - { - $url = $phpbb_path_helper->remove_web_root_path($url); - } - // Determine which type of redirect we need to handle... $url_parts = @parse_url($url); @@ -2704,53 +2696,87 @@ function redirect($url, $return = false, $disable_cd_check = false) // Relative uri $pathinfo = pathinfo($url); - // Is the uri pointing to the current directory? - if ($pathinfo['dirname'] == '.') + // Also treat URLs that have a non-existing basename + if (!$disable_cd_check && (!file_exists($pathinfo['dirname'] . '/') || !file_exists($pathinfo['basename']))) { - $url = str_replace('./', '', $url); + $url = str_replace('../', '', $url); + $pathinfo = pathinfo($url); - // Strip / from the beginning - if ($url && substr($url, 0, 1) == '/') + // Also treat URLs that have a non-existing basename + if (!file_exists($pathinfo['dirname'] . '/') || !file_exists($pathinfo['basename'])) { - $url = substr($url, 1); + // fallback to "last known user page" + // at least this way we know the user does not leave the phpBB root + if ($phpbb_path_helper instanceof \phpbb\path_helper) + { + $url = $phpbb_path_helper->get_controller_redirect_url($url); + } + else + { + $url = generate_board_url() . '/' . $user->page['page']; + } + $failover_flag = true; } - - $url = generate_board_url() . '/' . $url; } - else - { - // Used ./ before, but $phpbb_root_path is working better with urls within another root path - $root_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($phpbb_root_path))); - $page_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($pathinfo['dirname']))); - $intersection = array_intersect_assoc($root_dirs, $page_dirs); - $root_dirs = array_diff_assoc($root_dirs, $intersection); - $page_dirs = array_diff_assoc($page_dirs, $intersection); + if (!$failover_flag) + { + // Is the uri pointing to the current directory? + if ($pathinfo['dirname'] == '.') + { + $url = str_replace('./', '', $url); - $dir = str_repeat('../', sizeof($root_dirs)) . implode('/', $page_dirs); + // Strip / from the beginning + if ($url && substr($url, 0, 1) == '/') + { + $url = substr($url, 1); + } - // Strip / from the end - if ($dir && substr($dir, -1, 1) == '/') - { - $dir = substr($dir, 0, -1); + if ($user->page['page_dir']) + { + $url = generate_board_url() . '/' . $user->page['page_dir'] . '/' . $url; + } + else + { + $url = generate_board_url() . '/' . $url; + } } - - // Strip / from the beginning - if ($dir && substr($dir, 0, 1) == '/') + else { - $dir = substr($dir, 1); - } + // Used ./ before, but $phpbb_root_path is working better with urls within another root path + $root_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($phpbb_root_path))); + $page_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($pathinfo['dirname']))); + $intersection = array_intersect_assoc($root_dirs, $page_dirs); - $url = str_replace($pathinfo['dirname'] . '/', '', $url); + $root_dirs = array_diff_assoc($root_dirs, $intersection); + $page_dirs = array_diff_assoc($page_dirs, $intersection); - // Strip / from the beginning - if (substr($url, 0, 1) == '/') - { - $url = substr($url, 1); - } + $dir = str_repeat('../', sizeof($root_dirs)) . implode('/', $page_dirs); + + // Strip / from the end + if ($dir && substr($dir, -1, 1) == '/') + { + $dir = substr($dir, 0, -1); + } + + // Strip / from the beginning + if ($dir && substr($dir, 0, 1) == '/') + { + $dir = substr($dir, 1); + } + + $url = str_replace($pathinfo['dirname'] . '/', '', $url); - $url = (!empty($dir) ? $dir . '/' : '') . $url; - $url = generate_board_url() . '/' . $url; + // Strip / from the beginning + if (substr($url, 0, 1) == '/') + { + $url = substr($url, 1); + } + + $url = (!empty($dir) ? $dir . '/' : '') . $url; + $url = generate_board_url() . '/' . $url; + } + $url = $phpbb_filesystem->clean_path($url); } } @@ -2769,8 +2795,6 @@ function redirect($url, $return = false, $disable_cd_check = false) trigger_error('INSECURE_REDIRECT', E_USER_ERROR); } - $url = $phpbb_filesystem->clean_path($url); - if ($return) { return $url; |