mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-12 19:54:12 +02:00
Code Issues Releases Wiki Activity

[ticket/11997] Correctly redirect to front controllers

Browse Source 
We currently do a lot of checks in order to prevent users from getting to
a 404 page. However, this logic relies on checking if a file or folder exists.
Due to the front controllers and the URL rewriting in 3.1, it is no longer
possible to rely on existing files for redirecting. This patch will take
care of properly redirecting users to front controller files. An incorrect
link will cause users to get a 404 error though.

PHPBB3-11997
This commit is contained in:
Marc Alexander
2013-11-08 23:12:42 +01:00
parent 082a467cc8
commit 60dda5577d
2 changed files with 21 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
tests/security/redirect_test.php
View File

@@ -21,8 +21,22 @@ class phpbb_security_redirect_test extends phpbb_security_test_base
array('bad://localhost/phpBB/index.php', 'INSECURE_REDIRECT', false),
array('http://www.otherdomain.com/somescript.php', false, 'http://localhost/phpBB'),
array("http://localhost/phpBB/memberlist.php\n\rConnection: close", 'INSECURE_REDIRECT', false),
array('javascript:test', false, 'http://localhost/phpBB/../javascript:test'),
array('javascript:test', false, 'http://localhost/phpBB/javascript:test'),
array('http://localhost/phpBB/index.php;url=', 'INSECURE_REDIRECT', false),
array('http://localhost/phpBB/app.php/foobar', false, 'http://localhost/phpBB/app.php/foobar'),
array('./app.php/foobar', false, 'http://localhost/phpBB/app.php/foobar'),
array('app.php/foobar', false, 'http://localhost/phpBB/app.php/foobar'),
array('./../app.php/foobar', false, 'http://localhost/phpBB/app.php/foobar'),
array('./../app.php/foo/bar', false, 'http://localhost/phpBB/app.php/foo/bar'),
array('./../foo/bar', false, 'http://localhost/phpBB/foo/bar'),
array('app.php/', false, 'http://localhost/phpBB/app.php/'),
array('./app.php/', false, 'http://localhost/phpBB/app.php/'),
array('foobar', false, 'http://localhost/phpBB/foobar'),
array('./foobar', false, 'http://localhost/phpBB/foobar'),
array('foo/bar', false, 'http://localhost/phpBB/foo/bar'),
array('./foo/bar', false, 'http://localhost/phpBB/foo/bar'),
array('./../index.php', false, 'http://localhost/phpBB/index.php'),
array('../index.php', false, 'http://localhost/phpBB/index.php'),
);
}