From 40497ec824344116143bc30b84fe8eb1c1971ebf Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Tue, 21 Oct 2014 22:16:53 -0500 Subject: [ticket/13192] Add method for generating valid user page links PHPBB3-13192 --- phpBB/phpbb/path_helper.php | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) (limited to 'phpBB') diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index 936564d8b6..77f123bf2c 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -445,4 +445,35 @@ class path_helper return $url_parts['base'] . (($params) ? '?' . $this->glue_url_params($params) : ''); } + + /** + * Get a valid user page + * + * @param string $user_page The current user page + * @param bool $mod_rewrite Whether mod_rewrite is enabled, default: false + * + * @return string A valid user page based on user page and mod_rewrite + */ + public function get_valid_user_page($user_page, $mod_rewrite = false) + { + // We need to be cautious here. + // On some situations, the redirect path is an absolute URL, sometimes a relative path + // For a relative path, let's prefix it with $phpbb_root_path to point to the correct location, + // else we use the URL directly. + $url_parts = parse_url($user_page); + + // URL + if ($url_parts === false || empty($url_parts['scheme']) || empty($url_parts['host'])) + { + // Remove 'app.php/' from the page, when rewrite is enabled + if ($mod_rewrite && strpos($user_page, 'app.' . $this->php_ext . '/') === 0) + { + $user_page = substr($user_page, strlen('app.' . $this->php_ext . '/')); + } + + $user_page = $this->get_phpbb_root_path() . $user_page; + } + + return $user_page; + } } -- cgit v1.2.1 From c381ad2002546042de5a71dedbea1a7d45d1e2d8 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Tue, 21 Oct 2014 22:17:24 -0500 Subject: [ticket/13192] Use get_valid_user_page method in build_url function PHPBB3-13192 --- phpBB/includes/functions.php | 21 +-------------------- 1 file changed, 1 insertion(+), 20 deletions(-) (limited to 'phpBB') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 7700dcfd27..d1d0f8f681 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2396,26 +2396,7 @@ function build_url($strip_vars = false) { global $config, $user, $phpbb_path_helper; - $php_ext = $phpbb_path_helper->get_php_ext(); - $page = $user->page['page']; - - // We need to be cautious here. - // On some situations, the redirect path is an absolute URL, sometimes a relative path - // For a relative path, let's prefix it with $phpbb_root_path to point to the correct location, - // else we use the URL directly. - $url_parts = parse_url($page); - - // URL - if ($url_parts === false || empty($url_parts['scheme']) || empty($url_parts['host'])) - { - // Remove 'app.php/' from the page, when rewrite is enabled - if ($config['enable_mod_rewrite'] && strpos($page, 'app.' . $php_ext . '/') === 0) - { - $page = substr($page, strlen('app.' . $php_ext . '/')); - } - - $page = $phpbb_path_helper->get_phpbb_root_path() . $page; - } + $page = $phpbb_path_helper->get_valid_user_page($user->page['page'], $config['enable_mod_rewrite']); // Append SID $redirect = append_sid($page, false, false); -- cgit v1.2.1 From ce8c09f51f47b5e6806d51da643fba82d2341372 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Tue, 21 Oct 2014 22:17:48 -0500 Subject: [ticket/13192] Use get_valid_user_page in confirm_box() and cleanup globals The $request global existed twice and the $phpEx global is not being used in confirm_box(). PHPBB3-13192 --- phpBB/includes/functions.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'phpBB') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index d1d0f8f681..d11aadacfa 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2638,7 +2638,7 @@ function check_form_key($form_name, $timespan = false) function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_body.html', $u_action = '') { global $user, $template, $db, $request; - global $phpEx, $phpbb_root_path, $request; + global $phpbb_path_helper, $phpbb_root_path; if (isset($_POST['cancel'])) { @@ -2700,8 +2700,8 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo } // re-add sid / transform & to & for user->page (user->page is always using &) - $use_page = ($u_action) ? $phpbb_root_path . $u_action : $phpbb_root_path . str_replace('&', '&', $user->page['page']); - $u_action = reapply_sid($use_page); + $use_page = ($u_action) ? $u_action : str_replace('&', '&', $user->page['page']); + $u_action = reapply_sid($phpbb_path_helper->get_valid_user_page($use_page)); $u_action .= ((strpos($u_action, '?') === false) ? '?' : '&') . 'confirm_key=' . $confirm_key; $template->assign_vars(array( -- cgit v1.2.1 From a623868f20574e19d6840af11bce8836ad436e95 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Tue, 21 Oct 2014 22:38:03 -0500 Subject: [ticket/13192] Pass correct parameters and rename method to get_valid_page PHPBB3-13192 --- phpBB/includes/functions.php | 6 +++--- phpBB/phpbb/path_helper.php | 18 +++++++++--------- 2 files changed, 12 insertions(+), 12 deletions(-) (limited to 'phpBB') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index d11aadacfa..169c741ecf 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2396,7 +2396,7 @@ function build_url($strip_vars = false) { global $config, $user, $phpbb_path_helper; - $page = $phpbb_path_helper->get_valid_user_page($user->page['page'], $config['enable_mod_rewrite']); + $page = $phpbb_path_helper->get_valid_page($user->page['page'], $config['enable_mod_rewrite']); // Append SID $redirect = append_sid($page, false, false); @@ -2638,7 +2638,7 @@ function check_form_key($form_name, $timespan = false) function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_body.html', $u_action = '') { global $user, $template, $db, $request; - global $phpbb_path_helper, $phpbb_root_path; + global $config, $phpbb_path_helper; if (isset($_POST['cancel'])) { @@ -2701,7 +2701,7 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo // re-add sid / transform & to & for user->page (user->page is always using &) $use_page = ($u_action) ? $u_action : str_replace('&', '&', $user->page['page']); - $u_action = reapply_sid($phpbb_path_helper->get_valid_user_page($use_page)); + $u_action = reapply_sid($phpbb_path_helper->get_valid_page($use_page, $config['enable_mod_rewrite'])); $u_action .= ((strpos($u_action, '?') === false) ? '?' : '&') . 'confirm_key=' . $confirm_key; $template->assign_vars(array( diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index 77f123bf2c..0a41efc128 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -447,33 +447,33 @@ class path_helper } /** - * Get a valid user page + * Get a valid page * - * @param string $user_page The current user page + * @param string $page The page to verify * @param bool $mod_rewrite Whether mod_rewrite is enabled, default: false * - * @return string A valid user page based on user page and mod_rewrite + * @return string A valid page based on given page and mod_rewrite */ - public function get_valid_user_page($user_page, $mod_rewrite = false) + public function get_valid_page($page, $mod_rewrite = false) { // We need to be cautious here. // On some situations, the redirect path is an absolute URL, sometimes a relative path // For a relative path, let's prefix it with $phpbb_root_path to point to the correct location, // else we use the URL directly. - $url_parts = parse_url($user_page); + $url_parts = parse_url($page); // URL if ($url_parts === false || empty($url_parts['scheme']) || empty($url_parts['host'])) { // Remove 'app.php/' from the page, when rewrite is enabled - if ($mod_rewrite && strpos($user_page, 'app.' . $this->php_ext . '/') === 0) + if ($mod_rewrite && strpos($page, 'app.' . $this->php_ext . '/') === 0) { - $user_page = substr($user_page, strlen('app.' . $this->php_ext . '/')); + $page = substr($page, strlen('app.' . $this->php_ext . '/')); } - $user_page = $this->get_phpbb_root_path() . $user_page; + $page = $this->get_phpbb_root_path() . $page; } - return $user_page; + return $page; } } -- cgit v1.2.1 From 281cc5353208258e7f4a9032f720c5f1ae0fb8dc Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 2 Nov 2014 12:01:42 +0100 Subject: [ticket/13192] Remove app.php on mod rewrite even if app.php is outside root PHPBB3-13192 --- phpBB/phpbb/path_helper.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'phpBB') diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index 0a41efc128..b2ec9d98e0 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -465,13 +465,16 @@ class path_helper // URL if ($url_parts === false || empty($url_parts['scheme']) || empty($url_parts['host'])) { - // Remove 'app.php/' from the page, when rewrite is enabled - if ($mod_rewrite && strpos($page, 'app.' . $this->php_ext . '/') === 0) + // Remove 'app.php/' from the page, when rewrite is enabled. + // Treat app.php as a reserved file name and remove on mod rewrite + // even if it might not be in the phpBB root. + if ($mod_rewrite && ($app_position = strpos($page, 'app.' . $this->php_ext . '/')) !== false) { - $page = substr($page, strlen('app.' . $this->php_ext . '/')); + $page = substr($page, 0, $app_position) . substr($page, $app_position + strlen('app.' . $this->php_ext . '/')); } - $page = $this->get_phpbb_root_path() . $page; + // Remove preceding slashes from page name and prepend root path + $page = $this->get_phpbb_root_path() . preg_replace('@^(?:([\\/\\\])?)@', '', $page); } return $page; -- cgit v1.2.1 From e6509aaf606264414f30248afd1081ff05207328 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sat, 10 Jan 2015 12:46:40 +0100 Subject: [ticket/13192] Use ltrim() instead of preg_replace() PHPBB3-13192 --- phpBB/phpbb/path_helper.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB') diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index b2ec9d98e0..6feb64b07e 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -474,7 +474,7 @@ class path_helper } // Remove preceding slashes from page name and prepend root path - $page = $this->get_phpbb_root_path() . preg_replace('@^(?:([\\/\\\])?)@', '', $page); + $page = $this->get_phpbb_root_path() . ltrim($page, '/\\'); } return $page; -- cgit v1.2.1