diff options
| -rw-r--r-- | phpBB/common.php | 7 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 30 | ||||
| -rw-r--r-- | tests/functions/clean_path_test.php | 44 |
3 files changed, 80 insertions, 1 deletions
diff --git a/phpBB/common.php b/phpBB/common.php index 491addc5e0..31ca746924 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -26,6 +26,8 @@ if (file_exists($phpbb_root_path . 'config.' . $phpEx)) if (!defined('PHPBB_INSTALLED')) { // Redirect the user to the installer + require($phpbb_root_path . 'includes/functions.' . $phpEx); + // We have to generate a full HTTP/1.1 header here since we can't guarantee to have any of the information // available as used by the redirect function $server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME')); @@ -38,10 +40,13 @@ if (!defined('PHPBB_INSTALLED')) $script_name = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : getenv('REQUEST_URI'); } + // $phpbb_root_path accounts for redirects from e.g. /adm + $script_path = trim(dirname($script_name)) . '/' . $phpbb_root_path . 'install/index.' . $phpEx; // Replace any number of consecutive backslashes and/or slashes with a single slash // (could happen on some proxy setups and/or Windows servers) - $script_path = trim(dirname($script_name)) . '/install/index.' . $phpEx; $script_path = preg_replace('#[\\\\/]{2,}#', '/', $script_path); + // Eliminate . and .. from the path + $script_path = phpbb_clean_path($script_path); $url = (($secure) ? 'https://' : 'http://') . $server_name; diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index ca58220619..65d8be32ad 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1176,6 +1176,36 @@ else } } +/** +* Eliminates useless . and .. components from specified path. +* +* @param string $path Path to clean +* @return string Cleaned path +*/ +function phpbb_clean_path($path) +{ + $exploded = explode('/', $path); + $filtered = array(); + foreach ($exploded as $part) + { + if ($part === '.' && !empty($filtered)) + { + continue; + } + + if ($part === '..' && !empty($filtered) && $filtered[sizeof($filtered) - 1] !== '..') + { + array_pop($filtered); + } + else + { + $filtered[] = $part; + } + } + $path = implode('/', $filtered); + return $path; +} + if (!function_exists('htmlspecialchars_decode')) { /** diff --git a/tests/functions/clean_path_test.php b/tests/functions/clean_path_test.php new file mode 100644 index 0000000000..bcbe9838d9 --- /dev/null +++ b/tests/functions/clean_path_test.php @@ -0,0 +1,44 @@ +<?php +/** +* +* @package testing +* @copyright (c) 2012 phpBB Group +* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 +* +*/ + +require_once dirname(__FILE__) . '/../../phpBB/includes/functions.php'; + +class phpbb_clean_path_test extends phpbb_test_case +{ + public function clean_path_test_data() + { + return array( + array('foo', 'foo'), + array('foo/bar', 'foo/bar'), + array('foo/bar/', 'foo/bar/'), + array('foo/./bar', 'foo/bar'), + array('foo/./././bar', 'foo/bar'), + array('foo/bar/.', 'foo/bar'), + array('./foo/bar', './foo/bar'), + array('../foo/bar', '../foo/bar'), + array('one/two/three', 'one/two/three'), + array('one/two/../three', 'one/three'), + array('one/../two/three', 'two/three'), + array('one/two/..', 'one'), + array('one/two/../', 'one/'), + array('one/two/../three/../four', 'one/four'), + array('one/two/three/../../four', 'one/four'), + ); + } + + /** + * @dataProvider clean_path_test_data + */ + public function test_clean_path($input, $expected) + { + $output = phpbb_clean_path($input); + + $this->assertEquals($expected, $output); + } +} |