+ // We do not need to escape $path_info, $request_uri and $script_name because we can not find their content in the result.

+ // We need to escape $absolute_board_url because it can be partially concatenated to the result.

+ $absolute_board_url = $this->request->escape($this->symfony_request->getSchemeAndHttpHost() . $this->symfony_request->getBasePath(), true);

+

+ $absolute_board_url

+ while (($dir_position = strpos($absolute_board_url, $referer_dir)) !== 0)

+

+ // Just return phpbb_root_path if we reach the top directory

+ if ($referer_dir === '.')

+ {

+ return $this->phpbb_root_path;

+ }

+

+ /**

+ * Get a valid page

+ *

+ * @param string $page The page to verify

+ * @param bool $mod_rewrite Whether mod_rewrite is enabled, default: false

+ *

+ * @return string A valid page based on given page and mod_rewrite

+ */

+ public function get_valid_page($page, $mod_rewrite = false)

+ {

+ // We need to be cautious here.

+ // On some situations, the redirect path is an absolute URL, sometimes a relative path

+ // For a relative path, let's prefix it with $phpbb_root_path to point to the correct location,

+ // else we use the URL directly.

+ $url_parts = parse_url($page);

+

+ // URL

+ if ($url_parts === false || empty($url_parts['scheme']) || empty($url_parts['host']))

+ {

+ // Remove 'app.php/' from the page, when rewrite is enabled.

+ // Treat app.php as a reserved file name and remove on mod rewrite

+ // even if it might not be in the phpBB root.

+ if ($mod_rewrite && ($app_position = strpos($page, 'app.' . $this->php_ext . '/')) !== false)

+ {

+ $page = substr($page, 0, $app_position) . substr($page, $app_position + strlen('app.' . $this->php_ext . '/'));

+ }

+

+ // Remove preceding slashes from page name and prepend root path

+ $page = $this->get_phpbb_root_path() . ltrim($page, '/\\');

+ }

+

+ return $page;

+ }