diff --git a/e107_handlers/e107_class.php b/e107_handlers/e107_class.php index 1bb20c305..6217e0b09 100644 --- a/e107_handlers/e107_class.php +++ b/e107_handlers/e107_class.php @@ -4708,14 +4708,14 @@ class e107 //global $PLUGINS_DIRECTORY,$ADMIN_DIRECTORY, $eplug_admin; $PLUGINS_DIRECTORY = self::getFolder('plugins'); $ADMIN_DIRECTORY = self::getFolder('admin'); - + define('ADMINDIR', $ADMIN_DIRECTORY); // Outdated /*$requestQry = ''; $requestUrl = $_SERVER['REQUEST_URI']; if(strpos($_SERVER['REQUEST_URI'], '?') !== FALSE) list($requestUrl, $requestQry) = explode("?", $_SERVER['REQUEST_URI'], 2); */ - $eplug_admin = vartrue($GLOBALS['eplug_admin'], false); + // Leave e_SELF BC, use e_REQUEST_SELF instead /*// moved after page check - e_PAGE is important for BC @@ -4828,26 +4828,15 @@ class e107 unset($requestUrl, $requestUri); // END request uri/url detection, XSS protection - - // e_SELF has the full HTML path - $inAdminDir = FALSE; - $isPluginDir = strpos($_self,'/'.$PLUGINS_DIRECTORY) !== FALSE; // True if we're in a plugin - $e107Path = str_replace($this->base_path, '', $_self); // Knock off the initial bits $curPage = !empty($_SERVER['SCRIPT_FILENAME']) ? basename($_SERVER['SCRIPT_FILENAME']) : ''; $_SERVER['REQUEST_URI'] = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : ''; - if ( - (!$isPluginDir && strpos($e107Path, $ADMIN_DIRECTORY) === 0 ) // Core admin directory - || ($isPluginDir && (strpos($curPage,'_admin.php') !== false || strpos($curPage,'admin_') === 0 || strpos($e107Path, 'admin/') !== FALSE)) // Plugin admin file or directory - || (vartrue($eplug_admin) || deftrue('ADMIN_AREA')) // Admin forced - || (preg_match('/^\/(.*?)\/user(settings\.php|\/edit)(\?|\/)(\d+)$/i', $_SERVER['REQUEST_URI']) && ADMIN) - || ($isPluginDir && $curPage === 'prefs.php') //BC Fix for old plugins - || ($isPluginDir && $curPage === 'config.php') // BC Fix for old plugins - || ($isPluginDir && strpos($curPage,'_config.php')!==false) // BC Fix for old plugins eg. dtree_menu - ) - { - $inAdminDir = TRUE; - } + $isPluginDir = strpos($_self,'/'.$PLUGINS_DIRECTORY) !== FALSE; // True if we're in a plugin + $e107Path = str_replace($this->base_path, '', $_self); // Knock off the initial bits + $inAdminDir = $this->inAdminDir($e107Path, $curPage, $isPluginDir); + + // e_SELF has the full HTML path + if ($isPluginDir) { $temp = substr($e107Path, strpos($e107Path, '/') +1); @@ -4869,11 +4858,39 @@ class e107 define('e_ADMIN_AREA', ($inAdminDir && !deftrue('USER_AREA'))); } - define('ADMINDIR', $ADMIN_DIRECTORY); - return $this; } + /** + * Internal Use Only. + * @param $e107Path + * @param $curPage + * @param $isPluginDir + * @return bool + */ + public function inAdminDir($e107Path, $curPage, $isPluginDir) + { + $inAdminDir = false; + $eplug_admin = !empty($GLOBALS['eplug_admin']); + $ADMIN_DIRECTORY = ADMINDIR; + + if ( + (!$isPluginDir && strpos($e107Path, $ADMIN_DIRECTORY) === 0 ) // Core admin directory + || ($isPluginDir && (strpos($curPage,'_admin.php') !== false || strpos($curPage,'admin_') === 0 || strpos($e107Path, 'admin/') !== FALSE)) // Plugin admin file or directory + || (vartrue($eplug_admin) || deftrue('ADMIN_AREA')) // Admin forced + // || (preg_match('/^\/(.*?)\/user(settings\.php|\/edit)(\?|\/)(\d+)$/i', $_SERVER['REQUEST_URI']) && ADMIN) + || ($isPluginDir && $curPage === 'prefs.php') //BC Fix for old plugins + || ($isPluginDir && $curPage === 'config.php') // BC Fix for old plugins + || ($isPluginDir && strpos($curPage,'_config.php')!==false) // BC Fix for old plugins eg. dtree_menu + ) + { + $inAdminDir = TRUE; + } + + return $inAdminDir; + } + + /** * The second part of e107::set_urls() * Supposed to load after database has been initialized diff --git a/e107_tests/tests/unit/e107Test.php b/e107_tests/tests/unit/e107Test.php index b1a306869..e66c213d6 100644 --- a/e107_tests/tests/unit/e107Test.php +++ b/e107_tests/tests/unit/e107Test.php @@ -950,6 +950,41 @@ class e107Test extends \Codeception\Test\Unit } + public function testInAdminDir() + { + $tests = array( + 0 => array('path' => 'thumb.php', 'plugdir' => false, 'expected' => false), + 1 => array('path' => 'index.php', 'plugdir' => false, 'expected' => false), + 2 => array('path' => 'e107_admin/prefs.php', 'plugdir' => false, 'expected' => true), + 3 => array('path' => 'e107_admin/menus.php', 'plugdir' => false, 'expected' => true), + 4 => array('path' => 'e107_plugins/forum/forum.php', 'plugdir' => true, 'expected' => false), + 5 => array('path' => 'e107_plugins/vstore/admin_config.php', 'plugdir' => true, 'expected' => true), + 6 => array('path' => 'e107_plugins/login_menu/config.php', 'plugdir' => true, 'expected' => true), + 7 => array('path' => 'e107_plugins/aplugin/prefs.php', 'plugdir' => true, 'expected' => true), + 8 => array('path' => 'e107_plugins/dtree_menu/dtree_config.php', 'plugdir' => true, 'expected' => true), + ); + + foreach($tests as $var) + { + $curPage = basename($var['path']); + $result = $this->e107->inAdminDir($var['path'], $curPage, $var['plugdir']); + $this->assertSame($var['expected'], $result); + } + + // Test legacy override. + $GLOBALS['eplug_admin'] = true; + $result = $this->e107->inAdminDir('myplugin.php','myplugin.php', true); + $this->assertTrue($result); + + // Test legacy off. + $GLOBALS['eplug_admin'] = false; + $result = $this->e107->inAdminDir('myplugin.php','myplugin.php', true); + $this->assertFalse($result); + } + + + + public function testFilter_request() {