From b378bd7a2e4aca8c607924ca6288227451d879e5 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Thu, 8 May 2014 11:03:50 +0200 Subject: [ticket/12099] Fix several issues in path_helper test PHPBB3-12099 --- tests/path_helper/path_helper_test.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tests/path_helper/path_helper_test.php b/tests/path_helper/path_helper_test.php index a3ad901379..d4bcce31b2 100644 --- a/tests/path_helper/path_helper_test.php +++ b/tests/path_helper/path_helper_test.php @@ -13,6 +13,7 @@ class phpbb_path_helper_test extends phpbb_test_case { + /** @var \phpbb\path_helper */ protected $path_helper; protected $phpbb_root_path = ''; @@ -42,7 +43,7 @@ class phpbb_path_helper_test extends phpbb_test_case */ public function set_phpbb_root_path() { - $this->phpbb_root_path = dirname(__FILE__) . './../../phpBB/'; + $this->phpbb_root_path = dirname(__FILE__) . '/../../phpBB/'; } public function test_get_web_root_path() @@ -81,7 +82,7 @@ class phpbb_path_helper_test extends phpbb_test_case */ public function test_basic_update_web_root_path($input, $expected) { - $this->assertEquals($expected, $this->path_helper->update_web_root_path($input, $symfony_request)); + $this->assertEquals($expected, $this->path_helper->update_web_root_path($input)); } public function update_web_root_path_data() @@ -135,7 +136,7 @@ class phpbb_path_helper_test extends phpbb_test_case */ public function test_update_web_root_path($input, $expected, $getPathInfo, $getRequestUri = null, $getScriptName = null) { - $symfony_request = $this->getMock("\phpbb\symfony_request", array(), array( + $symfony_request = $this->getMock('\phpbb\symfony_request', array(), array( new phpbb_mock_request(), )); $symfony_request->expects($this->any()) -- cgit v1.2.1 From 64f51bd3ddd362d25012edef9af692ddd1fd4fc7 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Sun, 11 May 2014 15:35:54 +0200 Subject: [ticket/12099] Clean some paths before using them PHPBB3-12099 --- phpBB/phpbb/path_helper.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index 0d83e7447e..eb2cbf7313 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -98,7 +98,7 @@ class path_helper { $path = substr($path, strlen($this->phpbb_root_path)); - return $this->get_web_root_path() . $path; + return $this->filesystem->clean_path($this->get_web_root_path() . $path); } return $path; @@ -158,7 +158,7 @@ class path_helper */ if ($path_info === '/' && preg_match('/app\.' . $this->php_ext . '\/$/', $request_uri)) { - return $this->web_root_path = $this->phpbb_root_path . '../'; + return $this->web_root_path = $this->filesystem->clean_path('../' . $this->phpbb_root_path); } /* -- cgit v1.2.1 From 58cfdfe14386e48047f3620d1c09218fdbaac5f0 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Sun, 11 May 2014 14:54:51 +0200 Subject: [ticket/12099] Correctly fix go back to root before prepending the root path This allows moving app.php outside of phpBB and still work as expected PHPBB3-12099 --- phpBB/phpbb/path_helper.php | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index eb2cbf7313..b206f491d0 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -184,17 +184,21 @@ class path_helper * Append ../ to the end of the phpbb_root_path as many times * as / exists in path_info */ - return $this->web_root_path = $this->phpbb_root_path . str_repeat('../', $corrections); + $this->web_root_path = $this->filesystem->clean_path(str_repeat('../', $corrections) . $this->phpbb_root_path); + } + else + { + /* + * If we're here it means we're at a re-written path, so we must + * correct the relative path for web URLs. We must append ../ + * to the end of the root path as many times as / exists in path_info + * less one time (because the script, e.g. /app.php, doesn't exist in + * the URL) + */ + $this->web_root_path = $this->filesystem->clean_path(str_repeat('../', $corrections - 1) . $this->phpbb_root_path); } - /* - * If we're here it means we're at a re-written path, so we must - * correct the relative path for web URLs. We must append ../ - * to the end of the root path as many times as / exists in path_info - * less one time (because the script, e.g. /app.php, doesn't exist in - * the URL) - */ - return $this->web_root_path = $this->phpbb_root_path . str_repeat('../', $corrections - 1); + return $this->web_root_path; } /** -- cgit v1.2.1 From b8f3972afaca9701defb0f719ef668c9bab5d5ca Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Sun, 11 May 2014 15:36:26 +0200 Subject: [ticket/12099] Clean paths in tests PHPBB3-12099 --- tests/path_helper/path_helper_test.php | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/tests/path_helper/path_helper_test.php b/tests/path_helper/path_helper_test.php index d4bcce31b2..4eac2f567b 100644 --- a/tests/path_helper/path_helper_test.php +++ b/tests/path_helper/path_helper_test.php @@ -21,7 +21,8 @@ class phpbb_path_helper_test extends phpbb_test_case { parent::setUp(); - $this->set_phpbb_root_path(); + $filesystem = new \phpbb\filesystem(); + $this->set_phpbb_root_path($filesystem); $this->path_helper = new \phpbb\path_helper( new \phpbb\symfony_request( @@ -41,9 +42,9 @@ class phpbb_path_helper_test extends phpbb_test_case * any time we wish to use it in one of these functions (and * also in general for everything else) */ - public function set_phpbb_root_path() + public function set_phpbb_root_path($filesystem) { - $this->phpbb_root_path = dirname(__FILE__) . '/../../phpBB/'; + $this->phpbb_root_path = $filesystem->clean_path(dirname(__FILE__) . '/../../phpBB/'); } public function test_get_web_root_path() @@ -54,7 +55,8 @@ class phpbb_path_helper_test extends phpbb_test_case public function basic_update_web_root_path_data() { - $this->set_phpbb_root_path(); + $filesystem = new \phpbb\filesystem(); + $this->set_phpbb_root_path($filesystem); return array( array( @@ -72,7 +74,7 @@ class phpbb_path_helper_test extends phpbb_test_case ), array( $this->phpbb_root_path . $this->phpbb_root_path . 'test.php', - $this->phpbb_root_path . $this->phpbb_root_path . 'test.php', + $filesystem->clean_path($this->phpbb_root_path . $this->phpbb_root_path . 'test.php'), ), ); } @@ -87,43 +89,43 @@ class phpbb_path_helper_test extends phpbb_test_case public function update_web_root_path_data() { - $this->set_phpbb_root_path(); + $this->set_phpbb_root_path(new \phpbb\filesystem()); return array( array( $this->phpbb_root_path . 'test.php', - $this->phpbb_root_path . 'test.php', + '', '/', ), array( $this->phpbb_root_path . 'test.php', - $this->phpbb_root_path . '../test.php', + '../', '//', ), array( $this->phpbb_root_path . 'test.php', - $this->phpbb_root_path . '../test.php', + '../', '//', 'foo/bar.php', 'bar.php', ), array( $this->phpbb_root_path . 'test.php', - $this->phpbb_root_path . '../../test.php', + '../../', '/foo/template', '/phpbb3-fork/phpBB/app.php/foo/template', '/phpbb3-fork/phpBB/app.php', ), array( $this->phpbb_root_path . 'test.php', - $this->phpbb_root_path . '../test.php', + '../', '/foo/template', '/phpbb3-fork/phpBB/foo/template', '/phpbb3-fork/phpBB/app.php', ), array( $this->phpbb_root_path . 'test.php', - $this->phpbb_root_path . '../test.php', + '../', '/', '/phpbb3-fork/phpBB/app.php/', '/phpbb3-fork/phpBB/app.php', @@ -134,7 +136,7 @@ class phpbb_path_helper_test extends phpbb_test_case /** * @dataProvider update_web_root_path_data */ - public function test_update_web_root_path($input, $expected, $getPathInfo, $getRequestUri = null, $getScriptName = null) + public function test_update_web_root_path($input, $correction, $getPathInfo, $getRequestUri = null, $getScriptName = null) { $symfony_request = $this->getMock('\phpbb\symfony_request', array(), array( new phpbb_mock_request(), @@ -156,7 +158,7 @@ class phpbb_path_helper_test extends phpbb_test_case 'php' ); - $this->assertEquals($expected, $path_helper->update_web_root_path($input, $symfony_request)); + $this->assertEquals($correction . $input, $path_helper->update_web_root_path($input, $symfony_request)); } public function clean_url_data() -- cgit v1.2.1 From 41e52d9c9d3add473f46c6cc12d3fc208516d581 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Tue, 13 May 2014 20:04:16 +0200 Subject: [ticket/12099] Break clean_path tests with a simple test PHPBB3-12099 --- tests/filesystem/clean_path_test.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/filesystem/clean_path_test.php b/tests/filesystem/clean_path_test.php index 1aef0d8a0c..c585b17155 100644 --- a/tests/filesystem/clean_path_test.php +++ b/tests/filesystem/clean_path_test.php @@ -32,6 +32,8 @@ class phpbb_filesystem_clean_path_test extends phpbb_test_case array('foo/bar/.', 'foo/bar'), array('./foo/bar', './foo/bar'), array('../foo/bar', '../foo/bar'), + array('./../foo/bar', './../foo/bar'), + array('././../foo/bar', './../foo/bar'), array('one/two/three', 'one/two/three'), array('one/two/../three', 'one/three'), array('one/../two/three', 'two/three'), -- cgit v1.2.1 From 638d43d6fea5b5c3c1690b23d7cbe7b9bcef48c9 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Tue, 13 May 2014 20:04:53 +0200 Subject: [ticket/12099] Fix clean_path() ".." stripping when previous directory was "." PHPBB3-12099 --- phpBB/phpbb/filesystem.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/phpbb/filesystem.php b/phpBB/phpbb/filesystem.php index 683a12ab76..77517082e5 100644 --- a/phpBB/phpbb/filesystem.php +++ b/phpBB/phpbb/filesystem.php @@ -35,7 +35,7 @@ class filesystem continue; } - if ($part === '..' && !empty($filtered) && $filtered[sizeof($filtered) - 1] !== '..') + if ($part === '..' && !empty($filtered) && $filtered[sizeof($filtered) - 1] !== '.' && $filtered[sizeof($filtered) - 1] !== '..') { array_pop($filtered); } -- cgit v1.2.1 From edc5908e483bbd36f7dff641039ff0d37a4fdc5a Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Mon, 9 Jun 2014 00:48:02 +0200 Subject: [ticket/12099] Deduplicate path generation PHPBB3-12099 --- phpBB/phpbb/path_helper.php | 27 +++++++-------------------- 1 file changed, 7 insertions(+), 20 deletions(-) diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index b206f491d0..e63aa06a57 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -174,30 +174,17 @@ class path_helper $corrections = substr_count($path_info, '/'); /* - * If the script name (e.g. phpBB/app.php) exists in the - * requestUri (e.g. phpBB/app.php/foo/template), then we - * are have a non-rewritten URL. + * If the script name (e.g. phpBB/app.php) does not exists in the + * requestUri (e.g. phpBB/app.php/foo/template), then we are rewriting + * the URL. So we must reduce the slash count by 1. */ - if (strpos($request_uri, $script_name) === 0) + if (strpos($request_uri, $script_name) !== 0) { - /* - * Append ../ to the end of the phpbb_root_path as many times - * as / exists in path_info - */ - $this->web_root_path = $this->filesystem->clean_path(str_repeat('../', $corrections) . $this->phpbb_root_path); - } - else - { - /* - * If we're here it means we're at a re-written path, so we must - * correct the relative path for web URLs. We must append ../ - * to the end of the root path as many times as / exists in path_info - * less one time (because the script, e.g. /app.php, doesn't exist in - * the URL) - */ - $this->web_root_path = $this->filesystem->clean_path(str_repeat('../', $corrections - 1) . $this->phpbb_root_path); + $corrections--; } + // Prepend ../ to the phpbb_root_path as many times as / exists in path_info + $this->web_root_path = $this->filesystem->clean_path(str_repeat('../', $corrections) . $this->phpbb_root_path); return $this->web_root_path; } -- cgit v1.2.1 From 1a6d8dd94d916a7dddbfc6abca8cd4a2f1adf5b9 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Mon, 9 Jun 2014 01:10:18 +0200 Subject: [ticket/12099] Prepend ./ to path to fix assets PHPBB3-12099 --- phpBB/phpbb/path_helper.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index e63aa06a57..685a5ec180 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -158,7 +158,7 @@ class path_helper */ if ($path_info === '/' && preg_match('/app\.' . $this->php_ext . '\/$/', $request_uri)) { - return $this->web_root_path = $this->filesystem->clean_path('../' . $this->phpbb_root_path); + return $this->web_root_path = $this->filesystem->clean_path('./../' . $this->phpbb_root_path); } /* @@ -184,7 +184,9 @@ class path_helper } // Prepend ../ to the phpbb_root_path as many times as / exists in path_info - $this->web_root_path = $this->filesystem->clean_path(str_repeat('../', $corrections) . $this->phpbb_root_path); + $this->web_root_path = $this->filesystem->clean_path( + './' . str_repeat('../', $corrections) . $this->phpbb_root_path + ); return $this->web_root_path; } -- cgit v1.2.1 From e71f65c2bb8a810f669b275856cf7e3654d34810 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Tue, 10 Jun 2014 21:06:36 +0200 Subject: [ticket/12099] Fix correction in path_helper test PHPBB3-12099 --- tests/path_helper/path_helper_test.php | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/tests/path_helper/path_helper_test.php b/tests/path_helper/path_helper_test.php index 4eac2f567b..9866cb6efe 100644 --- a/tests/path_helper/path_helper_test.php +++ b/tests/path_helper/path_helper_test.php @@ -94,41 +94,45 @@ class phpbb_path_helper_test extends phpbb_test_case return array( array( $this->phpbb_root_path . 'test.php', - '', '/', + null, + null, + '', ), array( $this->phpbb_root_path . 'test.php', - '../', '//', + null, + null, + './../', ), array( $this->phpbb_root_path . 'test.php', - '../', '//', 'foo/bar.php', 'bar.php', + './../', ), array( $this->phpbb_root_path . 'test.php', - '../../', '/foo/template', '/phpbb3-fork/phpBB/app.php/foo/template', '/phpbb3-fork/phpBB/app.php', + './../../', ), array( $this->phpbb_root_path . 'test.php', - '../', '/foo/template', '/phpbb3-fork/phpBB/foo/template', '/phpbb3-fork/phpBB/app.php', + './../', ), array( $this->phpbb_root_path . 'test.php', - '../', '/', '/phpbb3-fork/phpBB/app.php/', '/phpbb3-fork/phpBB/app.php', + './../', ), ); } @@ -136,7 +140,7 @@ class phpbb_path_helper_test extends phpbb_test_case /** * @dataProvider update_web_root_path_data */ - public function test_update_web_root_path($input, $correction, $getPathInfo, $getRequestUri = null, $getScriptName = null) + public function test_update_web_root_path($input, $getPathInfo, $getRequestUri, $getScriptName, $correction) { $symfony_request = $this->getMock('\phpbb\symfony_request', array(), array( new phpbb_mock_request(), -- cgit v1.2.1