+<?php

+/**

+*

+* This file is part of the phpBB Forum Software package.

+*

+* @copyright (c) phpBB Limited <https://www.phpbb.com>

+* @license GNU General Public License, version 2 (GPL-2.0)

+*

+* For full copyright and license information, please see

+* the docs/CREDITS.txt file.

+*

+*/

+

+namespace phpbb;

+

+class config_php_file

+{

+ /** @var string phpBB Root Path */

+ protected $phpbb_root_path;

+

+ /** @var string php file extension */

+ protected $php_ext;

+

+ /**

+ * Indicates whether the php config file has been loaded.

+ *

+ * @var bool

+ */

+ protected $config_loaded = false;

+

+ /**

+ * The content of the php config file

+ *

+ * @var array

+ */

+ protected $config_data = array();

+

+ /**

+ * The path to the config file. (Default: $phpbb_root_path . 'config.' . $php_ext)

+ *

+ * @var string

+ */

+ protected $config_file;

+

+ private $defined_vars;

+

+ /**

+ * Constructor

+ *

+ * @param string $phpbb_root_path phpBB Root Path

+ * @param string $php_ext php file extension

+ */

+ function __construct($phpbb_root_path, $php_ext)

+ {

+ $this->phpbb_root_path = $phpbb_root_path;

+ $this->php_ext = $php_ext;

+ $this->config_file = $this->phpbb_root_path . 'config.' . $this->php_ext;

+ }

+

+ /**

+ * Set the path to the config file.

+ *

+ * @param string $config_file

+ */

+ public function set_config_file($config_file)

+ {

+ $this->config_file = $config_file;

+ $this->config_loaded = false;

+ }

+

+ /**

+ * Returns an associative array containing the variables defined by the config file.

+ *

+ * @return bool|array Return the content of the config file or false if the file does not exists.

+ */

+ public function get_all()

+ {

+ if (!$this->load_config_file())

+ {

+ return false;

+ }

+

+ return $this->config_data;

+ }

+

+ /**

+ * Return the value of a variable defined into the config.php file and false if the variable does not exist.

+ *

+ * @param string $variable The name of the variable

+ * @return mixed

+ */

+ public function get($variable)

+ {

+ if (!$this->load_config_file())

+ {

+ return false;

+ }

+

+ return isset($this->config_data[$variable]) ? $this->config_data[$variable] : false;

+ }

+

+ /**

+ * Load the config file and store the information.

+ *

+ * @return bool True if the file was correctly loaded, false otherwise.

+ */

+ protected function load_config_file()

+ {

+ if (!$this->config_loaded)

+ {

+ if (file_exists($this->config_file))

+ {

+ $this->defined_vars = get_defined_vars();

+

+ require($this->config_file);

+ $this->config_data = array_diff_key(get_defined_vars(), $this->defined_vars);

+

+ $this->config_loaded = true;

+ }

+ else

+ {

+ return false;

+ }

+ }

+

+ return true;

+ }

+

+ /**

+ * Convert either 3.0 dbms or 3.1 db driver class name to 3.1 db driver class name.

+ *

+ * If $dbms is a valid 3.1 db driver class name, returns it unchanged.

+ * Otherwise prepends phpbb\db\driver\ to the dbms to convert a 3.0 dbms

+ * to 3.1 db driver class name.

+ *

+ * @param string $dbms dbms parameter

+ * @return string driver class

+ * @throws \RuntimeException

+ */

+ public function convert_30_dbms_to_31($dbms)

+ {

+ // Note: this check is done first because mysqli extension

+ // supplies a mysqli class, and class_exists($dbms) would return

+ // true for mysqli class.

+ // However, per the docblock any valid 3.1 driver name should be

+ // recognized by this function, and have priority over 3.0 dbms.

+ if (strpos($dbms, 'phpbb\db\driver') === false && class_exists('phpbb\db\driver\\' . $dbms))

+ {

+ return 'phpbb\db\driver\\' . $dbms;

+ }

+

+ if (class_exists($dbms))

+ {

+ // Additionally we could check that $dbms extends phpbb\db\driver\driver.

+ // http://php.net/manual/en/class.reflectionclass.php

+ // Beware of possible performance issues:

+ // http://stackoverflow.com/questions/294582/php-5-reflection-api-performance

+ // We could check for interface implementation in all paths or

+ // only when we do not prepend phpbb\db\driver\.

+

+ /*

+ $reflection = new \ReflectionClass($dbms);

+

+ if ($reflection->isSubclassOf('phpbb\db\driver\driver'))

+ {

+ return $dbms;

+ }

+ */

+

+ return $dbms;

+ }

+

+ throw new \RuntimeException("You have specified an invalid dbms driver: $dbms");

+ }

+}

+ /* @var \phpbb\symfony_request */

+ protected $symfony_request;

+

+ * @param \phpbb\symfony_request $symfony_request Symfony Request object

+ public function __construct(\phpbb\template\template $template, \phpbb\user $user, \phpbb\config\config $config, \phpbb\controller\provider $provider, \phpbb\extension\manager $manager, \phpbb\symfony_request $symfony_request, $phpbb_root_path, $php_ext)

+ $this->symfony_request = $symfony_request;

+

+ /**

+ * Return the current url

+ *

+ * @return string

+ */

+ public function get_current_url()

+ {

+ return generate_board_url(true) . $this->symfony_request->getRequestUri();

+ }

+* Minimum Requirement is Version 8.3+

+ var $multi_insert = true;

+ catch (\Exception $e)

+ $this->connect_error = $e->getMessage();

+ return array('message' => $this->connect_error);

+ if (class_exists('SQLite3', false) && isset($this->dbo))

+ /**

+ * Language data should be in array -> each language_data in separate key

+ * array(

+ * array(

+ * 'option_id' => value,

+ * 'field_type' => value,

+ * 'lang_value' => value,

+ * ),

+ * array(

+ * 'option_id' => value,

+ * 'field_type' => value,

+ * 'lang_value' => value,

+ * ),

+ * )

+ */

+ protected $profilefield_language_data;

+

+ public function revert_data()

+ {

+ return array(

+ array('custom', array(array($this, 'delete_custom_profile_field_data'))),

+ );

+ }

+

+ * Create Custom profile fields languguage entries

+ */

+ public function create_language_entries()

+ {

+ $field_id = $this->get_custom_profile_field_id();

+

+ $insert_buffer = new \phpbb\db\sql_insert_buffer($this->db, PROFILE_FIELDS_LANG_TABLE);

+

+ $sql = 'SELECT lang_id

+ FROM ' . LANG_TABLE;

+ $result = $this->db->sql_query($sql);

+ while ($lang_id = (int) $this->db->sql_fetchfield('lang_id'))

+ {

+ foreach ($this->profilefield_language_data as $language_data)

+ {

+ $insert_buffer->insert(array_merge(array(

+ 'field_id' => $field_id,

+ 'lang_id' => $lang_id,

+ ), $language_data));

+ }

+ }

+ $this->db->sql_freeresult($result);

+

+ $insert_buffer->flush();

+ }

+

+ /**

+ * Clean database when reverting the migration

+ */

+ public function delete_custom_profile_field_data()

+ {

+ $field_id = $this->get_custom_profile_field_id();

+

+ $sql = 'DELETE FROM ' . PROFILE_FIELDS_TABLE . '

+ WHERE field_id = ' . $field_id;

+ $this->db->sql_query($sql);

+

+ $sql = 'DELETE FROM ' . PROFILE_LANG_TABLE . '

+ WHERE field_id = ' . $field_id;

+ $this->db->sql_query($sql);

+

+ $sql = 'DELETE FROM ' . PROFILE_FIELDS_LANG_TABLE . '

+ WHERE field_id = ' . $field_id;

+ $this->db->sql_query($sql);

+ }

+

+ /**

+ * Get custom profile field id

+ * @return int custom profile filed id

+ */

+ public function get_custom_profile_field_id()

+ {

+ $sql = 'SELECT field_id

+ FROM ' . PROFILE_FIELDS_TABLE . "

+ WHERE field_name = '" . $this->profilefield_name . "'";

+ $result = $this->db->sql_query($sql);

+ $field_id = (int) $this->db->sql_fetchfield('field_id');

+ $this->db->sql_freeresult($result);

+

+ return $field_id;

+ }

+

+ /**

+<?php

+/**

+*

+* This file is part of the phpBB Forum Software package.

+*

+* @copyright (c) phpBB Limited <https://www.phpbb.com>

+* @license GNU General Public License, version 2 (GPL-2.0)

+*

+* For full copyright and license information, please see

+* the docs/CREDITS.txt file.

+*

+*/

+

+namespace phpbb\db\migration\tool;

+

+/**

+* Migration config_text tool

+*/

+class config_text implements \phpbb\db\migration\tool\tool_interface

+{

+ /** @var \phpbb\config\db_text */

+ protected $config_text;

+

+ /**

+ * Constructor

+ *

+ * @param \phpbb\config\db_text $config_text

+ */

+ public function __construct(\phpbb\config\db_text $config_text)

+ {

+ $this->config_text = $config_text;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function get_name()

+ {

+ return 'config_text';

+ }

+

+ /**

+ * Add a config_text setting.

+ *

+ * @param string $config_name The name of the config_text setting

+ * you would like to add

+ * @param mixed $config_value The value of the config_text setting

+ * @return null

+ */

+ public function add($config_name, $config_value)

+ {

+ if (!is_null($this->config_text->get($config_name)))

+ {

+ return;

+ }

+

+ $this->config_text->set($config_name, $config_value);

+ }

+

+ /**

+ * Update an existing config_text setting.

+ *

+ * @param string $config_name The name of the config_text setting you would

+ * like to update

+ * @param mixed $config_value The value of the config_text setting

+ * @return null

+ * @throws \phpbb\db\migration\exception

+ */

+ public function update($config_name, $config_value)

+ {

+ if (is_null($this->config_text->get($config_name)))

+ {

+ throw new \phpbb\db\migration\exception('CONFIG_NOT_EXIST', $config_name);

+ }

+

+ $this->config_text->set($config_name, $config_value);

+ }

+

+ /**

+ * Remove an existing config_text setting.

+ *

+ * @param string $config_name The name of the config_text setting you would

+ * like to remove

+ * @return null

+ */

+ public function remove($config_name)

+ {

+ if (is_null($this->config_text->get($config_name)))

+ {

+ return;

+ }

+

+ $this->config_text->delete($config_name);

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function reverse()

+ {

+ $arguments = func_get_args();

+ $original_call = array_shift($arguments);

+

+ $call = false;

+ switch ($original_call)

+ {

+ case 'add':

+ $call = 'remove';

+ break;

+

+ case 'remove':

+ $call = 'add';

+ if (sizeof($arguments) == 1)

+ {

+ $arguments[] = '';

+ }

+ break;

+ }

+

+ if ($call)

+ {

+ return call_user_func_array(array(&$this, $call), $arguments);

+ }

+ }

+}

+<?php

+/**

+*

+* This file is part of the phpBB Forum Software package.

+*

+* @copyright (c) phpBB Limited <https://www.phpbb.com>

+* @license GNU General Public License, version 2 (GPL-2.0)

+*

+* For full copyright and license information, please see

+* the docs/CREDITS.txt file.

+*

+*/

+

+namespace phpbb\di;

+

+use Symfony\Component\DependencyInjection\ContainerBuilder;

+use Symfony\Component\DependencyInjection\Dumper\PhpDumper;

+

+class container_builder

+{

+ /** @var string phpBB Root Path */

+ protected $phpbb_root_path;

+

+ /** @var string php file extension */

+ protected $php_ext;

+

+ /**

+ * The container under construction

+ *

+ * @var ContainerBuilder

+ */

+ protected $container;

+

+ /**

+ * @var \phpbb\db\driver\driver_interface

+ */

+ protected $dbal_connection = null;

+

+ /**

+ * @var array the installed extensions

+ */

+ protected $installed_exts = null;

+

+ /**

+ * Indicates whether the php config file should be injected into the container (default to true).

+ *

+ * @var bool

+ */

+ protected $inject_config = true;

+

+ /**

+ * Indicates whether extensions should be used (default to true).

+ *

+ * @var bool

+ */

+ protected $use_extensions = true;

+

+ /**

+ * Defines a custom path to find the configuration of the container (default to $this->phpbb_root_path . 'config')

+ *

+ * @var string

+ */

+ protected $config_path = null;

+

+ /**

+ * Indicates whether the phpBB compile pass should be used (default to true).

+ *

+ * @var bool

+ */

+ protected $use_custom_pass = true;

+

+ /**

+ * Indicates whether the kernel compile pass should be used (default to true).

+ *

+ * @var bool

+ */

+ protected $use_kernel_pass = true;

+

+ /**

+ * Indicates whether the container should be dumped to the filesystem (default to true).

+ *

+ * If DEBUG_CONTAINER is set this option is ignored and a new container is build.

+ *

+ * @var bool

+ */

+ protected $dump_container = true;

+

+ /**

+ * Indicates if the container should be compiled automatically (default to true).

+ *

+ * @var bool

+ */

+ protected $compile_container = true;

+

+ /**

+ * Custom parameters to inject into the container.

+ *

+ * Default to true:

+ * array(

+ * 'core.root_path', $this->phpbb_root_path,

+ * 'core.php_ext', $this->php_ext,

+ * );

+ *

+ * @var array

+ */

+ protected $custom_parameters = null;

+

+ /**

+ * @var \phpbb\config_php_file

+ */

+ protected $config_php_file;

+

+ /**

+ * Constructor

+ *

+ * @param \phpbb\config_php_file $config_php_file

+ * @param string $phpbb_root_path Path to the phpbb includes directory.

+ * @param string $php_ext php file extension

+ */

+ function __construct(\phpbb\config_php_file $config_php_file, $phpbb_root_path, $php_ext)

+ {

+ $this->config_php_file = $config_php_file;

+ $this->phpbb_root_path = $phpbb_root_path;

+ $this->php_ext = $php_ext;

+ }

+

+ /**

+ * Build and return a new Container respecting the current configuration

+ *

+ * @return \phpbb_cache_container|ContainerBuilder

+ */

+ public function get_container()

+ {

+ $container_filename = $this->get_container_filename();

+ if (!defined('DEBUG_CONTAINER') && $this->dump_container && file_exists($container_filename))

+ {

+ require($container_filename);

+ $this->container = new \phpbb_cache_container();

+ }

+ else

+ {

+ if ($this->config_path === null)

+ {

+ $this->config_path = $this->phpbb_root_path . 'config';

+ }

+ $container_extensions = array(new \phpbb\di\extension\core($this->config_path));

+

+ if ($this->use_extensions)

+ {

+ $installed_exts = $this->get_installed_extensions();

+ $container_extensions[] = new \phpbb\di\extension\ext($installed_exts);

+ }

+

+ if ($this->inject_config)

+ {

+ $container_extensions[] = new \phpbb\di\extension\config($this->config_php_file);

+ }

+

+ $this->container = $this->create_container($container_extensions);

+

+ if ($this->use_custom_pass)

+ {

+ $this->container->addCompilerPass(new \phpbb\di\pass\collection_pass());

+

+ if ($this->use_kernel_pass)

+ {

+ $this->container->addCompilerPass(new \phpbb\di\pass\kernel_pass());

+ }

+ }

+

+ $this->inject_custom_parameters();

+

+ if ($this->compile_container)

+ {

+ $this->container->compile();

+ }

+

+ if ($this->dump_container && !defined('DEBUG'))

+ {

+ $this->dump_container($container_filename);

+ }

+ }

+

+ $this->container->set('config.php', $this->config_php_file);

+

+ if ($this->compile_container)

+ {

+ $this->inject_dbal();

+ }

+

+ return $this->container;

+ }

+

+ /**

+ * Set if the extensions should be used.

+ *

+ * @param bool $use_extensions

+ */

+ public function set_use_extensions($use_extensions)

+ {

+ $this->use_extensions = $use_extensions;

+ }

+

+ /**

+ * Set if the phpBB compile pass have to be used.

+ *

+ * @param bool $use_custom_pass

+ */

+ public function set_use_custom_pass($use_custom_pass)

+ {

+ $this->use_custom_pass = $use_custom_pass;

+ }

+

+ /**

+ * Set if the kernel compile pass have to be used.

+ *

+ * @param bool $use_kernel_pass

+ */

+ public function set_use_kernel_pass($use_kernel_pass)

+ {

+ $this->use_kernel_pass = $use_kernel_pass;

+ }

+

+ /**

+ * Set if the php config file should be injecting into the container.

+ *

+ * @param bool $inject_config

+ */

+ public function set_inject_config($inject_config)

+ {

+ $this->inject_config = $inject_config;

+ }

+

+ /**

+ * Set if a dump container should be used.

+ *

+ * If DEBUG_CONTAINER is set this option is ignored and a new container is build.

+ *

+ * @var bool $dump_container

+ */

+ public function set_dump_container($dump_container)

+ {

+ $this->dump_container = $dump_container;

+ }

+

+ /**

+ * Set if the container should be compiled automatically (default to true).

+ *

+ * @var bool $dump_container

+ */

+ public function set_compile_container($compile_container)

+ {

+ $this->compile_container = $compile_container;

+ }

+

+ /**

+ * Set a custom path to find the configuration of the container

+ *

+ * @param string $config_path

+ */

+ public function set_config_path($config_path)

+ {

+ $this->config_path = $config_path;

+ }

+

+ /**

+ * Set custom parameters to inject into the container.

+ *

+ * @param array $custom_parameters

+ */

+ public function set_custom_parameters($custom_parameters)

+ {

+ $this->custom_parameters = $custom_parameters;

+ }

+

+ /**

+ * Dump the container to the disk.

+ *

+ * @param string $container_filename The name of the file.

+ */

+ protected function dump_container($container_filename)

+ {

+ $dumper = new PhpDumper($this->container);

+ $cached_container_dump = $dumper->dump(array(

+ 'class' => 'phpbb_cache_container',

+ 'base_class' => 'Symfony\\Component\\DependencyInjection\\ContainerBuilder',

+ ));

+

+ file_put_contents($container_filename, $cached_container_dump);

+ }

+

+ /**

+ * Inject the connection into the container if one was opened.

+ */

+ protected function inject_dbal()

+ {

+ if ($this->dbal_connection !== null)

+ {

+ $this->container->get('dbal.conn')->set_driver($this->dbal_connection);

+ }

+ }

+

+ /**

+ * Get DB connection.

+ *

+ * @return \phpbb\db\driver\driver_interface

+ */

+ protected function get_dbal_connection()

+ {

+ if ($this->dbal_connection === null)

+ {

+ $dbal_driver_class = $this->config_php_file->convert_30_dbms_to_31($this->config_php_file->get('dbms'));

+ $this->dbal_connection = new $dbal_driver_class();

+ $this->dbal_connection->sql_connect(

+ $this->config_php_file->get('dbhost'),

+ $this->config_php_file->get('dbuser'),

+ $this->config_php_file->get('dbpasswd'),

+ $this->config_php_file->get('dbname'),

+ $this->config_php_file->get('dbport'),

+ defined('PHPBB_DB_NEW_LINK') && PHPBB_DB_NEW_LINK

+ );

+ }

+

+ return $this->dbal_connection;

+ }

+

+ /**

+ * Get enabled extensions.

+ *

+ * @return array enabled extensions

+ */

+ protected function get_installed_extensions()

+ {

+ $db = $this->get_dbal_connection();

+ $extension_table = $this->config_php_file->get('table_prefix') . 'ext';

+

+ $sql = 'SELECT *

+ FROM ' . $extension_table . '

+ WHERE ext_active = 1';

+

+ $result = $db->sql_query($sql);

+ $rows = $db->sql_fetchrowset($result);

+ $db->sql_freeresult($result);

+

+ $exts = array();

+ foreach ($rows as $row)

+ {

+ $exts[$row['ext_name']] = $this->phpbb_root_path . 'ext/' . $row['ext_name'] . '/';

+ }

+

+ return $exts;

+ }

+

+ /**

+ * Create the ContainerBuilder object

+ *

+ * @param array $extensions Array of Container extension objects

+ * @return ContainerBuilder object

+ */

+ protected function create_container(array $extensions)

+ {

+ $container = new ContainerBuilder();

+

+ foreach ($extensions as $extension)

+ {

+ $container->registerExtension($extension);

+ $container->loadFromExtension($extension->getAlias());

+ }

+

+ return $container;

+ }

+

+ /**

+ * Inject the customs parameters into the container

+ */

+ protected function inject_custom_parameters()

+ {

+ if ($this->custom_parameters === null)

+ {

+ $this->custom_parameters = array(

+ 'core.root_path' => $this->phpbb_root_path,

+ 'core.php_ext' => $this->php_ext,

+ );

+ }

+

+ foreach ($this->custom_parameters as $key => $value)

+ {

+ $this->container->setParameter($key, $value);

+ }

+ }

+

+ /**

+ * Get the filename under which the dumped container will be stored.

+ *

+ * @return string Path for dumped container

+ */

+ protected function get_container_filename()

+ {

+ $filename = str_replace(array('/', '.'), array('slash', 'dot'), $this->phpbb_root_path);

+ return $this->phpbb_root_path . 'cache/container_' . $filename . '.' . $this->php_ext;

+ }

+}

+ /** @var array */

+ protected $config_php;

+

+ public function __construct(\phpbb\config_php_file $config_php)

+ $this->config_php = $config_php;

+ $container->setParameter('core.adm_relative_path', ($this->config_php->get('phpbb_adm_relative_path') ? $this->config_php->get('phpbb_adm_relative_path') : 'adm/'));

+ $container->setParameter('core.table_prefix', $this->config_php->get('table_prefix'));

+ $container->setParameter('cache.driver.class', $this->convert_30_acm_type($this->config_php->get('acm_type')));

+ $container->setParameter('dbal.driver.class', $this->config_php->convert_30_dbms_to_31($this->config_php->get('dbms')));

+ $container->setParameter('dbal.dbhost', $this->config_php->get('dbhost'));

+ $container->setParameter('dbal.dbuser', $this->config_php->get('dbuser'));

+ $container->setParameter('dbal.dbpasswd', $this->config_php->get('dbpasswd'));

+ $container->setParameter('dbal.dbname', $this->config_php->get('dbname'));

+ $container->setParameter('dbal.dbport', $this->config_php->get('dbport'));

+ /** @var \phpbb\request\request_interface */

+ protected $request;

+

+ * @param \phpbb\request\request_interface $request

+ * @param mixed $adm_relative_path Relative path admin path to adm/ root

+ public function __construct(\phpbb\symfony_request $symfony_request, \phpbb\filesystem $filesystem, \phpbb\request\request_interface $request, $phpbb_root_path, $php_ext, $adm_relative_path = null)

+ $this->request = $request;

+ $web_root_path = $this->get_web_root_path();

+ if (substr($web_root_path, -8) === 'app.php/' && substr($path, 0, 7) === 'app.php')

+ {

+ $path = substr($path, 8);

+ }

+

+ return $this->filesystem->clean_path($web_root_path . $path);

+ /*

+ * Check AJAX request:

+ * If the current request is a AJAX we need to fix the paths.

+ * We need to get the root path based on the Referer, so we can use

+ * the generated URLs in the template of the Referer. If we do not

+ * generate the relative path based on the Referer, but based on the

+ * currently requested URL, the generated URLs will not point to the

+ * intended locations:

+ * Referer desired URL desired relative root path

+ * memberlist.php faq.php ./

+ * memberlist.php app.php/foo/bar ./

+ * app.php/foo memberlist.php ../

+ * app.php/foo app.php/fox ../

+ * app.php/foo/bar memberlist.php ../../

+ * ../page.php memberlist.php ./phpBB/

+ * ../sub/page.php memberlist.php ./../phpBB/

+ *

+ * The referer must be specified as a parameter in the query.

+ */

+ if ($this->request->is_ajax() && $this->symfony_request->get('_referer'))

+ {

+ $referer_web_root_path = $this->get_web_root_path_from_ajax_referer(

+ $this->symfony_request->get('_referer'),

+ $this->symfony_request->getSchemeAndHttpHost() . $this->symfony_request->getBasePath()

+ );

+ return $this->web_root_path = $this->phpbb_root_path . $referer_web_root_path;

+ }

+

+ * Get the web root path of the referer form an ajax request

+ *

+ * @param string $absolute_referer_url

+ * @param string $absolute_board_url

+ * @return string

+ */

+ public function get_web_root_path_from_ajax_referer($absolute_referer_url, $absolute_board_url)

+ {

+ // If the board URL is in the beginning of the referer, this means

+ // we the referer is in the board URL or a subdirectory of it.

+ // So we just need to count the / (slashes) in the left over part of

+ // the referer and prepend ../ the the current root_path, to get the

+ // web root path of the referer.

+ if (strpos($absolute_referer_url, $absolute_board_url) === 0)

+ {

+ $relative_referer_path = substr($absolute_referer_url, strlen($absolute_board_url));

+ $has_params = strpos($relative_referer_path, '?');

+ if ($has_params !== false)

+ {

+ $relative_referer_path = substr($relative_referer_path, 0, $has_params);

+ }

+ $corrections = substr_count($relative_referer_path, '/');

+ return $this->phpbb_root_path . str_repeat('../', $corrections - 1);

+ }

+

+ // If not, it's a bit more complicated. We go to the parent directory

+ // of the referer until we find the remaining referer in the board URL.

+ // Foreach directory we need to add a ../ to the fixed root_path.

+ // When we finally found it, we need to remove the remaining referer

+ // from the board URL, to get the boards root path.

+ // If the then append these two strings, we get our fixed web root path.

+ $fixed_root_path = '';

+ $referer_dir = $absolute_referer_url;

+ $has_params = strpos($referer_dir, '?');

+ if ($has_params !== false)

+ {

+ $referer_dir = substr($referer_dir, 0, $has_params);

+ }

+

+ // If we do not find a slash at the end of the referer, we come

+ // from a file. So the first dirname() does not need a traversal

+ // path correction.

+ if (substr($referer_dir, -1) !== '/')

+ {

+ $referer_dir = dirname($referer_dir);

+ }

+

+ while (strpos($absolute_board_url, $referer_dir) !== 0)

+ {

+ $fixed_root_path .= '../';

+ $referer_dir = dirname($referer_dir);

+ }

+

+ $fixed_root_path .= substr($absolute_board_url, strlen($referer_dir) + 1);

+ // Add trailing slash

+ return $this->phpbb_root_path . $fixed_root_path . '/';

+ }

+

+ /**

+ /** @var \phpbb\filesystem */

+ protected $filesystem;

+

+ /**

+ * @param \phpbb\filesystem $filesystem

+ */

+ public function __construct(\phpbb\filesystem $filesystem)

+ {

+ $this->filesystem = $filesystem;

+ }

+

+ $session_page = $this->filesystem->clean_path($session_page);

+ if (strpos($session_page, './') === 0)

+ {

+ $session_page = substr($session_page, 2);

+ }

+

+ preg_match('#^((\.\./)*([a-z0-9/_-]+))#i', $session_page, $on_page);