From d07e152ea7e820c5a0e47aeb8004fa0b5621a314 Mon Sep 17 00:00:00 2001 From: Chris Smith Date: Sat, 13 Mar 2010 01:54:04 +0000 Subject: [bug/58025] Search robots are now redirected if they send a SID in the request Previously search robots could stumble upon a board link somewhere on the web containing a SID they'd follow it and end up indexing that page with the SID in the request URI, this fix prevents that by redirecting them to the same URI just without the SID. --- phpBB/docs/CHANGELOG.html | 1 + phpBB/includes/session.php | 6 ++++++ 2 files changed, 7 insertions(+) (limited to 'phpBB') diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 7b8d8f63f2..7df49bd81b 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -103,6 +103,7 @@
  • [Fix] Allow multibyte keys in request_var(). (Bug #51555)
  • [Fix] Prevent wrong tar archive type detection. (Bug #12531)
  • [Fix] Correct redirection after login to forum not in web root (Bug #58755)
    • +
  • [Fix] Redirect search engines that access pages with SIDs in the URL. (Bug #58025)
  • [Feature] Support for Microsoft's Native SQL Server Driver for PHP (Bug #57055 - Patch by Chris Pucci at Microsoft)
    • diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 1a302d5991..8beb0161f9 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -608,6 +608,12 @@ class session } else { + // Bot user, if they have a SID in the Request URI we need to get rid of it + // otherwise they'll index this page with the SID, duplicate content oh my! + if (isset($_GET['sid'])) + { + redirect(build_url(array('sid'))); + } $this->data['session_last_visit'] = $this->time_now; } -- cgit v1.2.1 From b64686073aaeb00feaf9d285c8cf62f3e677544b Mon Sep 17 00:00:00 2001 From: Chris Smith Date: Sat, 6 Mar 2010 18:02:26 +0000 Subject: [bug/58685] Correct spelling errors in append_sid() comments. --- phpBB/includes/functions.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 917433a970..ce1f5f5462 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2139,8 +2139,8 @@ function append_sid($url, $params = false, $is_amp = true, $session_id = false) { global $_SID, $_EXTRA_URL, $phpbb_hook; - // Developers using the hook function need to globalise the $_SID and $_EXTRA_URL on their own and also handle it appropiatly. - // They could mimick most of what is within this function + // Developers using the hook function need to globalise the $_SID and $_EXTRA_URL on their own and also handle it appropriately. + // They could mimic most of what is within this function if (!empty($phpbb_hook) && $phpbb_hook->call_hook(__FUNCTION__, $url, $params, $is_amp, $session_id)) { if ($phpbb_hook->hook_return(__FUNCTION__)) -- cgit v1.2.1 From eca2db4afefdfbb256d61fae3f942835848f04e0 Mon Sep 17 00:00:00 2001 From: Josh Woody Date: Wed, 17 Mar 2010 23:24:34 -0500 Subject: [bug/56965] Redirect fails with directory traversal Correct invalid r10536 with a boolean flag. Note that this fix for the bug will not actually correct the redirects, it will only prevent phpBB from redirecting outside $phpbb_root_path when redirect()'s third argument is not provided. --- phpBB/includes/functions.php | 90 +++++++++++++++++++++++--------------------- 1 file changed, 48 insertions(+), 42 deletions(-) (limited to 'phpBB') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 38f910974a..be949a1258 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2297,6 +2297,8 @@ function redirect($url, $return = false, $disable_cd_check = false) { global $db, $cache, $config, $user, $phpbb_root_path; + $failover_flag = false; + if (empty($user->lang)) { $user->add_lang('common'); @@ -2344,65 +2346,69 @@ function redirect($url, $return = false, $disable_cd_check = false) if (!file_exists($pathinfo['dirname'])) { // fallback to "last known user page" + // at least this way we know the user does not leave the phpBB root $url = generate_board_url() . '/' . $user->page['page']; - break; + $failover_flag = true; } } - // Is the uri pointing to the current directory? - if ($pathinfo['dirname'] == '.') + if (!$failover_flag) { - $url = str_replace('./', '', $url); - - // Strip / from the beginning - if ($url && substr($url, 0, 1) == '/') + // Is the uri pointing to the current directory? + if ($pathinfo['dirname'] == '.') { - $url = substr($url, 1); - } + $url = str_replace('./', '', $url); - if ($user->page['page_dir']) - { - $url = generate_board_url() . '/' . $user->page['page_dir'] . '/' . $url; + // Strip / from the beginning + if ($url && substr($url, 0, 1) == '/') + { + $url = substr($url, 1); + } + + if ($user->page['page_dir']) + { + $url = generate_board_url() . '/' . $user->page['page_dir'] . '/' . $url; + } + else + { + $url = generate_board_url() . '/' . $url; + } } else { - $url = generate_board_url() . '/' . $url; - } - } - else - { - // Used ./ before, but $phpbb_root_path is working better with urls within another root path - $root_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($phpbb_root_path))); - $page_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($pathinfo['dirname']))); - $intersection = array_intersect_assoc($root_dirs, $page_dirs); + // Used ./ before, but $phpbb_root_path is working better with urls within another root path + $root_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($phpbb_root_path))); + $page_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($pathinfo['dirname']))); + $intersection = array_intersect_assoc($root_dirs, $page_dirs); - $root_dirs = array_diff_assoc($root_dirs, $intersection); - $page_dirs = array_diff_assoc($page_dirs, $intersection); + $root_dirs = array_diff_assoc($root_dirs, $intersection); + $page_dirs = array_diff_assoc($page_dirs, $intersection); - $dir = str_repeat('../', sizeof($root_dirs)) . implode('/', $page_dirs); + $dir = str_repeat('../', sizeof($root_dirs)) . implode('/', $page_dirs); - // Strip / from the end - if ($dir && substr($dir, -1, 1) == '/') - { - $dir = substr($dir, 0, -1); - } + // Strip / from the end + if ($dir && substr($dir, -1, 1) == '/') + { + $dir = substr($dir, 0, -1); + } - // Strip / from the beginning - if ($dir && substr($dir, 0, 1) == '/') - { - $dir = substr($dir, 1); - } + // Strip / from the beginning + if ($dir && substr($dir, 0, 1) == '/') + { + $dir = substr($dir, 1); + } - $url = str_replace($pathinfo['dirname'] . '/', '', $url); + $url = str_replace($pathinfo['dirname'] . '/', '', $url); - // Strip / from the beginning - if (substr($url, 0, 1) == '/') - { - $url = substr($url, 1); - } + // Strip / from the beginning + if (substr($url, 0, 1) == '/') + { + $url = substr($url, 1); + } - $url = (!empty($dir) ? $dir . '/' : '') . $url; - $url = generate_board_url() . '/' . $url; + $url = (!empty($dir) ? $dir . '/' : '') . $url; + $url = generate_board_url() . '/' . $url; + } } } -- cgit v1.2.1