diff options
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/includes/functions.php | 27 | ||||
| -rw-r--r-- | phpBB/phpbb/path_helper.php | 34 |
2 files changed, 38 insertions, 23 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 321394639b..97429a0be4 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2396,26 +2396,7 @@ function build_url($strip_vars = false) { global $config, $user, $phpbb_path_helper; - $php_ext = $phpbb_path_helper->get_php_ext(); - $page = $user->page['page']; - - // We need to be cautious here. - // On some situations, the redirect path is an absolute URL, sometimes a relative path - // For a relative path, let's prefix it with $phpbb_root_path to point to the correct location, - // else we use the URL directly. - $url_parts = parse_url($page); - - // URL - if ($url_parts === false || empty($url_parts['scheme']) || empty($url_parts['host'])) - { - // Remove 'app.php/' from the page, when rewrite is enabled - if ($config['enable_mod_rewrite'] && strpos($page, 'app.' . $php_ext . '/') === 0) - { - $page = substr($page, strlen('app.' . $php_ext . '/')); - } - - $page = $phpbb_path_helper->get_phpbb_root_path() . $page; - } + $page = $phpbb_path_helper->get_valid_page($user->page['page'], $config['enable_mod_rewrite']); // Append SID $redirect = append_sid($page, false, false); @@ -2657,7 +2638,7 @@ function check_form_key($form_name, $timespan = false) function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_body.html', $u_action = '') { global $user, $template, $db, $request; - global $phpEx, $phpbb_root_path, $request; + global $config, $phpbb_path_helper; if (isset($_POST['cancel'])) { @@ -2719,8 +2700,8 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo } // re-add sid / transform & to & for user->page (user->page is always using &) - $use_page = ($u_action) ? $phpbb_root_path . $u_action : $phpbb_root_path . str_replace('&', '&', $user->page['page']); - $u_action = reapply_sid($use_page); + $use_page = ($u_action) ? $u_action : str_replace('&', '&', $user->page['page']); + $u_action = reapply_sid($phpbb_path_helper->get_valid_page($use_page, $config['enable_mod_rewrite'])); $u_action .= ((strpos($u_action, '?') === false) ? '?' : '&') . 'confirm_key=' . $confirm_key; $template->assign_vars(array( diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index b49d8d13c2..5400c1c5a6 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -455,4 +455,38 @@ class path_helper return $url_parts['base'] . (($params) ? '?' . $this->glue_url_params($params) : ''); } + + /** + * Get a valid page + * + * @param string $page The page to verify + * @param bool $mod_rewrite Whether mod_rewrite is enabled, default: false + * + * @return string A valid page based on given page and mod_rewrite + */ + public function get_valid_page($page, $mod_rewrite = false) + { + // We need to be cautious here. + // On some situations, the redirect path is an absolute URL, sometimes a relative path + // For a relative path, let's prefix it with $phpbb_root_path to point to the correct location, + // else we use the URL directly. + $url_parts = parse_url($page); + + // URL + if ($url_parts === false || empty($url_parts['scheme']) || empty($url_parts['host'])) + { + // Remove 'app.php/' from the page, when rewrite is enabled. + // Treat app.php as a reserved file name and remove on mod rewrite + // even if it might not be in the phpBB root. + if ($mod_rewrite && ($app_position = strpos($page, 'app.' . $this->php_ext . '/')) !== false) + { + $page = substr($page, 0, $app_position) . substr($page, $app_position + strlen('app.' . $this->php_ext . '/')); + } + + // Remove preceding slashes from page name and prepend root path + $page = $this->get_phpbb_root_path() . ltrim($page, '/\\'); + } + + return $page; + } } |