diff options
| -rw-r--r-- | phpBB/phpbb/path_helper.php | 11 | ||||
| -rw-r--r-- | tests/path_helper/path_helper_test.php | 2 |
2 files changed, 9 insertions, 4 deletions
diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index 0a41efc128..b2ec9d98e0 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -465,13 +465,16 @@ class path_helper // URL if ($url_parts === false || empty($url_parts['scheme']) || empty($url_parts['host'])) { - // Remove 'app.php/' from the page, when rewrite is enabled - if ($mod_rewrite && strpos($page, 'app.' . $this->php_ext . '/') === 0) + // Remove 'app.php/' from the page, when rewrite is enabled. + // Treat app.php as a reserved file name and remove on mod rewrite + // even if it might not be in the phpBB root. + if ($mod_rewrite && ($app_position = strpos($page, 'app.' . $this->php_ext . '/')) !== false) { - $page = substr($page, strlen('app.' . $this->php_ext . '/')); + $page = substr($page, 0, $app_position) . substr($page, $app_position + strlen('app.' . $this->php_ext . '/')); } - $page = $this->get_phpbb_root_path() . $page; + // Remove preceding slashes from page name and prepend root path + $page = $this->get_phpbb_root_path() . preg_replace('@^(?:([\\/\\\])?)@', '', $page); } return $page; diff --git a/tests/path_helper/path_helper_test.php b/tests/path_helper/path_helper_test.php index 26cb940b54..62c2a24b22 100644 --- a/tests/path_helper/path_helper_test.php +++ b/tests/path_helper/path_helper_test.php @@ -432,6 +432,8 @@ class phpbb_path_helper_test extends phpbb_test_case array('foo/index', false, 'foo/index'), array('app.php/foo', false, 'app.php/foo'), array('app.php/foo', true, 'foo'), + array('/../app.php/foo', false, '../app.php/foo'), + array('/../app.php/foo', true, '../foo'), ); } |