From 235d2069e0e7cecfd51d4eed5c875cc865f35486 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sat, 21 Dec 2013 16:31:20 +0100 Subject: [PATCH] [ticket/11997] Allow redirects to parent folders like previously Redirects to parent folders were possible with the previous redirect function. This change will allow these redirects again. PHPBB3-11997 --- phpBB/includes/functions.php | 9 +++++---- tests/functional/extension_controller_test.php | 4 +++- tests/security/redirect_test.php | 4 ++-- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index d874b7b19e..4c9c3323f7 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2653,7 +2653,7 @@ function generate_board_url($without_script_path = false) */ function redirect($url, $return = false, $disable_cd_check = false) { - global $db, $cache, $config, $user, $phpbb_root_path, $phpbb_filesystem, $phpbb_path_helper; + global $db, $cache, $config, $user, $phpbb_root_path, $phpbb_filesystem, $phpbb_path_helper, $phpEx; $failover_flag = false; @@ -2696,14 +2696,15 @@ function redirect($url, $return = false, $disable_cd_check = false) // Relative uri $pathinfo = pathinfo($url); - // Also treat URLs that have a non-existing basename - if (!$disable_cd_check && (!file_exists($pathinfo['dirname'] . '/') || !file_exists($pathinfo['basename']))) + // Also treat URLs that have a non-existing basename and fit + // controller style URLs + if (!$disable_cd_check && (!file_exists($pathinfo['dirname'] . '/') || (!file_exists($url) && preg_match('/^[\.]?+[\/]?+(?:app\.php)?+[a-zA-Z0-9\/]/', $url)))) { $url = str_replace('../', '', $url); $pathinfo = pathinfo($url); // Also treat URLs that have a non-existing basename - if (!file_exists($pathinfo['dirname'] . '/') || !file_exists($pathinfo['basename'])) + if (!file_exists($pathinfo['dirname'] . '/') || (!file_exists($url) && preg_match('/^[\.]?+[\/]?+(?:app\.php)?+[a-zA-Z0-9\/]/', $url))) { // fallback to "last known user page" // at least this way we know the user does not leave the phpBB root diff --git a/tests/functional/extension_controller_test.php b/tests/functional/extension_controller_test.php index 5127aa7f47..2476cf0c19 100644 --- a/tests/functional/extension_controller_test.php +++ b/tests/functional/extension_controller_test.php @@ -132,7 +132,9 @@ class phpbb_functional_extension_controller_test extends phpbb_functional_test_c $row_num = str_replace('redirect_expected_', '', $redirect); - $this->assertContains($filesystem->clean_path(self::$root_url) . $crawler->filter('#redirect_expected_' . $row_num)->text(), $crawler->filter('#redirect_' . $row_num)->text()); + $redirect = $crawler->filter('#redirect_' . $row_num)->text(); + $redirect = substr($redirect, 0, strpos($redirect, 'sid') - 1); + $this->assertContains($crawler->filter('#redirect_expected_' . $row_num)->text(), $redirect); } $this->phpbb_extension_manager->purge('foo/bar'); diff --git a/tests/security/redirect_test.php b/tests/security/redirect_test.php index 48360e3034..24ddaa265d 100644 --- a/tests/security/redirect_test.php +++ b/tests/security/redirect_test.php @@ -38,9 +38,9 @@ class phpbb_security_redirect_test extends phpbb_security_test_base array('./foobar', false, false, 'http://localhost/phpBB/foobar'), array('foo/bar', false, false, 'http://localhost/phpBB/foo/bar'), array('./foo/bar', false, false, 'http://localhost/phpBB/foo/bar'), - array('./../index.php', false, false, 'http://localhost/phpBB/index.php'), + array('./../index.php', false, false, 'http://localhost/index.php'), array('./../index.php', true, false, 'http://localhost/index.php'), - array('../index.php', false, false, 'http://localhost/phpBB/index.php'), + array('../index.php', false, false, 'http://localhost/index.php'), array('../index.php', true, false, 'http://localhost/index.php'), array('./index.php', false, false, 'http://localhost/phpBB/index.php'), );