diff options
| -rw-r--r-- | phpBB/docs/CHANGELOG.html | 1 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 94 | ||||
| -rw-r--r-- | phpBB/includes/session.php | 6 | ||||
| -rw-r--r-- | tests/template/template.php | 2 |
4 files changed, 58 insertions, 45 deletions
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 3f457efb69..08f8be32fd 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -104,6 +104,7 @@ <li>[Fix] Prevent wrong tar archive type detection. (Bug #12531)</li> <li>[Fix] Correct redirection after login to forum not in web root (Bug #58755)</li> <li>[Fix] Allow setting parent forums regardless of permission settings. (Bug #57415)</li> + <li>[Fix] Redirect search engines that access pages with SIDs in the URL. (Bug #58025)</li> <li>[Feature] Support for Microsoft's Native SQL Server Driver for PHP (Bug #57055 - Patch by Chris Pucci at Microsoft)</li> <li>[Feature] The memcache acm plugin now supports multiple memcache servers.</li> </ul> diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 917433a970..5878c1977d 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2139,8 +2139,8 @@ function append_sid($url, $params = false, $is_amp = true, $session_id = false) { global $_SID, $_EXTRA_URL, $phpbb_hook; - // Developers using the hook function need to globalise the $_SID and $_EXTRA_URL on their own and also handle it appropiatly. - // They could mimick most of what is within this function + // Developers using the hook function need to globalise the $_SID and $_EXTRA_URL on their own and also handle it appropriately. + // They could mimic most of what is within this function if (!empty($phpbb_hook) && $phpbb_hook->call_hook(__FUNCTION__, $url, $params, $is_amp, $session_id)) { if ($phpbb_hook->hook_return(__FUNCTION__)) @@ -2297,6 +2297,8 @@ function redirect($url, $return = false, $disable_cd_check = false) { global $db, $cache, $config, $user, $phpbb_root_path; + $failover_flag = false; + if (empty($user->lang)) { $user->add_lang('common'); @@ -2344,65 +2346,69 @@ function redirect($url, $return = false, $disable_cd_check = false) if (!file_exists($pathinfo['dirname'])) { // fallback to "last known user page" + // at least this way we know the user does not leave the phpBB root $url = generate_board_url() . '/' . $user->page['page']; - break; + $failover_flag = true; } } - // Is the uri pointing to the current directory? - if ($pathinfo['dirname'] == '.') + if (!$failover_flag) { - $url = str_replace('./', '', $url); - - // Strip / from the beginning - if ($url && substr($url, 0, 1) == '/') + // Is the uri pointing to the current directory? + if ($pathinfo['dirname'] == '.') { - $url = substr($url, 1); - } + $url = str_replace('./', '', $url); - if ($user->page['page_dir']) - { - $url = generate_board_url() . '/' . $user->page['page_dir'] . '/' . $url; + // Strip / from the beginning + if ($url && substr($url, 0, 1) == '/') + { + $url = substr($url, 1); + } + + if ($user->page['page_dir']) + { + $url = generate_board_url() . '/' . $user->page['page_dir'] . '/' . $url; + } + else + { + $url = generate_board_url() . '/' . $url; + } } else { - $url = generate_board_url() . '/' . $url; - } - } - else - { - // Used ./ before, but $phpbb_root_path is working better with urls within another root path - $root_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($phpbb_root_path))); - $page_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($pathinfo['dirname']))); - $intersection = array_intersect_assoc($root_dirs, $page_dirs); + // Used ./ before, but $phpbb_root_path is working better with urls within another root path + $root_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($phpbb_root_path))); + $page_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($pathinfo['dirname']))); + $intersection = array_intersect_assoc($root_dirs, $page_dirs); - $root_dirs = array_diff_assoc($root_dirs, $intersection); - $page_dirs = array_diff_assoc($page_dirs, $intersection); + $root_dirs = array_diff_assoc($root_dirs, $intersection); + $page_dirs = array_diff_assoc($page_dirs, $intersection); - $dir = str_repeat('../', sizeof($root_dirs)) . implode('/', $page_dirs); + $dir = str_repeat('../', sizeof($root_dirs)) . implode('/', $page_dirs); - // Strip / from the end - if ($dir && substr($dir, -1, 1) == '/') - { - $dir = substr($dir, 0, -1); - } + // Strip / from the end + if ($dir && substr($dir, -1, 1) == '/') + { + $dir = substr($dir, 0, -1); + } - // Strip / from the beginning - if ($dir && substr($dir, 0, 1) == '/') - { - $dir = substr($dir, 1); - } + // Strip / from the beginning + if ($dir && substr($dir, 0, 1) == '/') + { + $dir = substr($dir, 1); + } - $url = str_replace($pathinfo['dirname'] . '/', '', $url); + $url = str_replace($pathinfo['dirname'] . '/', '', $url); - // Strip / from the beginning - if (substr($url, 0, 1) == '/') - { - $url = substr($url, 1); - } + // Strip / from the beginning + if (substr($url, 0, 1) == '/') + { + $url = substr($url, 1); + } - $url = (!empty($dir) ? $dir . '/' : '') . $url; - $url = generate_board_url() . '/' . $url; + $url = (!empty($dir) ? $dir . '/' : '') . $url; + $url = generate_board_url() . '/' . $url; + } } } diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 2e4e7ccd34..dc38388be8 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -608,6 +608,12 @@ class session } else { + // Bot user, if they have a SID in the Request URI we need to get rid of it + // otherwise they'll index this page with the SID, duplicate content oh my! + if (isset($_GET['sid'])) + { + redirect(build_url(array('sid'))); + } $this->data['session_last_visit'] = $this->time_now; } diff --git a/tests/template/template.php b/tests/template/template.php index 81caaf33b2..9436ab2d98 100644 --- a/tests/template/template.php +++ b/tests/template/template.php @@ -256,7 +256,7 @@ class phpbb_template_template_test extends phpbb_test_case $this->template->set_filenames(array('test' => $filename)); $this->assertFileNotExists($this->template_path . '/' . $filename, 'Testing missing file, file cannot exist'); - $expecting = sprintf('template->_tpl_load_file(): File %s does not exist or is empty', realpath($this->template_path) . '/' . $filename); + $expecting = sprintf('template->_tpl_load_file(): File %s does not exist or is empty', realpath($this->template_path . '/../') . '/templates/' . $filename); $this->setExpectedTriggerError(E_USER_ERROR, $expecting); $this->display('test'); |