diff options
| -rw-r--r-- | phpBB/includes/functions.php | 6 | ||||
| -rw-r--r-- | phpBB/phpbb/path_helper.php | 13 | ||||
| -rw-r--r-- | phpBB/phpbb/session.php | 15 | ||||
| -rw-r--r-- | tests/session/extract_page_test.php | 16 |
4 files changed, 44 insertions, 6 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 6c15c14300..6a36210dca 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1839,7 +1839,7 @@ function redirect($url, $return = false, $disable_cd_check = false) /** * Re-Apply session id after page reloads */ -function reapply_sid($url) +function reapply_sid($url, $is_route = false) { global $phpEx, $phpbb_root_path; @@ -1861,7 +1861,7 @@ function reapply_sid($url) $url = preg_replace("/$phpEx(&|&)+?/", "$phpEx?", $url); } - return append_sid($url); + return append_sid($url, false, true, false, $is_route); } /** @@ -2184,7 +2184,7 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo // re-add sid / transform & to & for user->page (user->page is always using &) $use_page = ($u_action) ? $u_action : str_replace('&', '&', $user->page['page']); - $u_action = reapply_sid($phpbb_path_helper->get_valid_page($use_page, $config['enable_mod_rewrite'])); + $u_action = reapply_sid($phpbb_path_helper->get_valid_page($use_page, $config['enable_mod_rewrite']), $phpbb_path_helper->is_router_used()); $u_action .= ((strpos($u_action, '?') === false) ? '?' : '&') . 'confirm_key=' . $confirm_key; $template->assign_vars(array( diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index 154361ef64..5b6db35f23 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -496,4 +496,17 @@ class path_helper return $page; } + + /** + * Tells if the router is currently in use (if the current page is a route or not) + * + * @return bool + */ + public function is_router_used() + { + // Script name URI (e.g. phpBB/app.php) + $script_name = $this->symfony_request->getScriptName(); + + return basename($script_name) === 'app.' . $this->php_ext; + } } diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index c5b50c2b07..6b5b8f2625 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -91,9 +91,18 @@ class session $page_name .= str_replace('%2F', '/', urlencode($symfony_request_path)); } - // current directory within the phpBB root (for example: adm) - $root_dirs = explode('/', str_replace('\\', '/', $phpbb_filesystem->realpath($root_path))); - $page_dirs = explode('/', str_replace('\\', '/', $phpbb_filesystem->realpath('./'))); + if (substr($root_path, 0, 2) === './' && strpos($root_path, '..') === false) + { + $root_dirs = explode('/', str_replace('\\', '/', rtrim($root_path, '/'))); + $page_dirs = explode('/', str_replace('\\', '/', '.')); + } + else + { + // current directory within the phpBB root (for example: adm) + $root_dirs = explode('/', str_replace('\\', '/', $phpbb_filesystem->realpath($root_path))); + $page_dirs = explode('/', str_replace('\\', '/', $phpbb_filesystem->realpath('./'))); + } + $intersection = array_intersect_assoc($root_dirs, $page_dirs); $root_dirs = array_diff_assoc($root_dirs, $intersection); diff --git a/tests/session/extract_page_test.php b/tests/session/extract_page_test.php index 88eb7b2c1a..f8aa3d27a5 100644 --- a/tests/session/extract_page_test.php +++ b/tests/session/extract_page_test.php @@ -136,6 +136,22 @@ class phpbb_session_extract_page_test extends phpbb_session_test_case 'forum' => 0, ), ), + array( + './community', + '/app.php', + '', + '/', + '/kb', + array( + 'page_name' => 'app.php/kb', + 'page_dir' => '..', + 'query_string' => '', + 'script_path' => '/', + 'root_script_path' => '/community/', + 'page' => '../app.php/kb', + 'forum' => 0, + ), + ), ); } |