mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-02-25 20:44:01 +01:00
Code Issues Releases Wiki Activity

Merge branch 'develop-ascraeus' into develop

Browse Source
This commit is contained in:
Marc Alexander 2014-07-08 18:49:03 +02:00
commit 3bd5214b5d
3 changed files with 29 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
phpBB/config/services.yml
View File

@ -364,3 +364,5 @@ services:
viewonline_helper: viewonline_helper:
class: phpbb\viewonline_helper class: phpbb\viewonline_helper
arguments:
- @filesystem

19
phpBB/phpbb/viewonline_helper.php
View File

@ -18,6 +18,17 @@ namespace phpbb;
*/ */
class viewonline_helper class viewonline_helper
{ {
/** @var \phpbb\filesystem */
protected $filesystem;
/**
* @param \phpbb\filesystem $filesystem
*/
public function __construct(\phpbb\filesystem $filesystem)
{
$this->filesystem = $filesystem;
}
/** /**
* Get user page * Get user page
* *
@ -26,7 +37,13 @@ class viewonline_helper
*/ */
public function get_user_page($session_page) public function get_user_page($session_page)
{ {
preg_match('#^([./\\]*+[a-z0-9/_-]+)#i', $session_page, $on_page); $session_page = $this->filesystem->clean_path($session_page);
if (strpos($session_page, './') === 0)
{
$session_page = substr($session_page, 2);
}
preg_match('#^((\.\./)*([a-z0-9/_-]+))#i', $session_page, $on_page);
if (empty($on_page)) if (empty($on_page))
{ {
$on_page[1] = ''; $on_page[1] = '';

14
tests/viewonline/helper_test.php
View File

@ -17,23 +17,27 @@ class phpbb_viewonline_helper_test extends phpbb_test_case
{ {
parent::setUp(); parent::setUp();
$this->viewonline_helper = new \phpbb\viewonline_helper(); $this->viewonline_helper = new \phpbb\viewonline_helper(new \phpbb\filesystem());
} }
public function session_pages_data() public function session_pages_data()
{ {
return array( return array(
array('index.php', 'index.php'), array('index.php', 'index'),
array('foobar/test.php', 'foobar/test.php'), array('foobar/test.php', 'foobar/test'),
array('', ''), array('', ''),
array('../index.php', '../index.php'), array('./../../index.php', '../../index'),
array('../subdir/index.php', '../subdir/index'),
array('../index.php', '../index'),
array('././index.php', 'index'),
array('./index.php', 'index'),
); );
} }
/** /**
* @dataProvider session_pages_data * @dataProvider session_pages_data
*/ */
public function test_get_user_page($expected, $session_page) public function test_get_user_page($session_page, $expected)
{ {
$on_page = $this->viewonline_helper->get_user_page($session_page); $on_page = $this->viewonline_helper->get_user_page($session_page);
$this->assertArrayHasKey(1, $on_page); $this->assertArrayHasKey(1, $on_page);