mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-04-19 23:32:02 +02:00
Code Issues Releases Wiki Activity

Merge remote-tracking branch 'nickvergessen/ticket/12099' into develop-ascraeus

Browse Source 
* nickvergessen/ticket/12099:
  [ticket/12099] Fix correction in path_helper test
  [ticket/12099] Prepend ./ to path to fix assets
  [ticket/12099] Deduplicate path generation
  [ticket/12099] Fix clean_path() ".." stripping when previous directory was "."
  [ticket/12099] Break clean_path tests with a simple test
  [ticket/12099] Clean paths in tests
  [ticket/12099] Correctly fix go back to root before prepending the root path
  [ticket/12099] Clean some paths before using them
  [ticket/12099] Fix several issues in path_helper test
This commit is contained in:
Marc Alexander 2014-06-26 15:07:05 +02:00
commit 9b27d00d5f
4 changed files with 38 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
phpBB/phpbb/filesystem.php
View File

@ -35,7 +35,7 @@ class filesystem
continue;
}
if ($part === '..' && !empty($filtered) && $filtered[sizeof($filtered) - 1] !== '..')
if ($part === '..' && !empty($filtered) && $filtered[sizeof($filtered) - 1] !== '.' && $filtered[sizeof($filtered) - 1] !== '..')
{
array_pop($filtered);
}

31
phpBB/phpbb/path_helper.php
View File

@ -98,7 +98,7 @@ class path_helper
{
$path = substr($path, strlen($this->phpbb_root_path));
return $this->get_web_root_path() . $path;
return $this->filesystem->clean_path($this->get_web_root_path() . $path);
}
return $path;
@ -158,7 +158,7 @@ class path_helper
*/
if ($path_info === '/' && preg_match('/app\.' . $this->php_ext . '\/$/', $request_uri))
{
return $this->web_root_path = $this->phpbb_root_path . '../';
return $this->web_root_path = $this->filesystem->clean_path('./../' . $this->phpbb_root_path);
}
/*
@ -174,27 +174,20 @@ class path_helper
$corrections = substr_count($path_info, '/');
/*
* If the script name (e.g. phpBB/app.php) exists in the
* requestUri (e.g. phpBB/app.php/foo/template), then we
* are have a non-rewritten URL.
* If the script name (e.g. phpBB/app.php) does not exists in the
* requestUri (e.g. phpBB/app.php/foo/template), then we are rewriting
* the URL. So we must reduce the slash count by 1.
*/
if (strpos($request_uri, $script_name) === 0)
if (strpos($request_uri, $script_name) !== 0)
{
/*
* Append ../ to the end of the phpbb_root_path as many times
* as / exists in path_info
*/
return $this->web_root_path = $this->phpbb_root_path . str_repeat('../', $corrections);
$corrections--;
}
/*
* If we're here it means we're at a re-written path, so we must
* correct the relative path for web URLs. We must append ../
* to the end of the root path as many times as / exists in path_info
* less one time (because the script, e.g. /app.php, doesn't exist in
* the URL)
*/
return $this->web_root_path = $this->phpbb_root_path . str_repeat('../', $corrections - 1);
// Prepend ../ to the phpbb_root_path as many times as / exists in path_info
$this->web_root_path = $this->filesystem->clean_path(
'./' . str_repeat('../', $corrections) . $this->phpbb_root_path
);
return $this->web_root_path;
}
/**

2
tests/filesystem/clean_path_test.php
View File

@ -32,6 +32,8 @@ class phpbb_filesystem_clean_path_test extends phpbb_test_case
array('foo/bar/.', 'foo/bar'),
array('./foo/bar', './foo/bar'),
array('../foo/bar', '../foo/bar'),
array('./../foo/bar', './../foo/bar'),
array('././../foo/bar', './../foo/bar'),
array('one/two/three', 'one/two/three'),
array('one/two/../three', 'one/three'),
array('one/../two/three', 'two/three'),

39
tests/path_helper/path_helper_test.php
View File

@ -13,6 +13,7 @@
class phpbb_path_helper_test extends phpbb_test_case
{
/** @var \phpbb\path_helper */
protected $path_helper;
protected $phpbb_root_path = '';
@ -20,7 +21,8 @@ class phpbb_path_helper_test extends phpbb_test_case
{
parent::setUp();
$this->set_phpbb_root_path();
$filesystem = new \phpbb\filesystem();
$this->set_phpbb_root_path($filesystem);
$this->path_helper = new \phpbb\path_helper(
new \phpbb\symfony_request(
@ -40,9 +42,9 @@ class phpbb_path_helper_test extends phpbb_test_case
* any time we wish to use it in one of these functions (and
* also in general for everything else)
*/
public function set_phpbb_root_path()
public function set_phpbb_root_path($filesystem)
{
$this->phpbb_root_path = dirname(__FILE__) . './../../phpBB/';
$this->phpbb_root_path = $filesystem->clean_path(dirname(__FILE__) . '/../../phpBB/');
}
public function test_get_web_root_path()
@ -53,7 +55,8 @@ class phpbb_path_helper_test extends phpbb_test_case
public function basic_update_web_root_path_data()
{
$this->set_phpbb_root_path();
$filesystem = new \phpbb\filesystem();
$this->set_phpbb_root_path($filesystem);
return array(
array(
@ -71,7 +74,7 @@ class phpbb_path_helper_test extends phpbb_test_case
),
array(
$this->phpbb_root_path . $this->phpbb_root_path . 'test.php',
$this->phpbb_root_path . $this->phpbb_root_path . 'test.php',
$filesystem->clean_path($this->phpbb_root_path . $this->phpbb_root_path . 'test.php'),
),
);
}
@ -81,51 +84,55 @@ class phpbb_path_helper_test extends phpbb_test_case
*/
public function test_basic_update_web_root_path($input, $expected)
{
$this->assertEquals($expected, $this->path_helper->update_web_root_path($input, $symfony_request));
$this->assertEquals($expected, $this->path_helper->update_web_root_path($input));
}
public function update_web_root_path_data()
{
$this->set_phpbb_root_path();
$this->set_phpbb_root_path(new \phpbb\filesystem());
return array(
array(
$this->phpbb_root_path . 'test.php',
$this->phpbb_root_path . 'test.php',
'/',
null,
null,
'',
),
array(
$this->phpbb_root_path . 'test.php',
$this->phpbb_root_path . '../test.php',
'//',
null,
null,
'./../',
),
array(
$this->phpbb_root_path . 'test.php',
$this->phpbb_root_path . '../test.php',
'//',
'foo/bar.php',
'bar.php',
'./../',
),
array(
$this->phpbb_root_path . 'test.php',
$this->phpbb_root_path . '../../test.php',
'/foo/template',
'/phpbb3-fork/phpBB/app.php/foo/template',
'/phpbb3-fork/phpBB/app.php',
'./../../',
),
array(
$this->phpbb_root_path . 'test.php',
$this->phpbb_root_path . '../test.php',
'/foo/template',
'/phpbb3-fork/phpBB/foo/template',
'/phpbb3-fork/phpBB/app.php',
'./../',
),
array(
$this->phpbb_root_path . 'test.php',
$this->phpbb_root_path . '../test.php',
'/',
'/phpbb3-fork/phpBB/app.php/',
'/phpbb3-fork/phpBB/app.php',
'./../',
),
);
}
@ -133,9 +140,9 @@ class phpbb_path_helper_test extends phpbb_test_case
/**
* @dataProvider update_web_root_path_data
*/
public function test_update_web_root_path($input, $expected, $getPathInfo, $getRequestUri = null, $getScriptName = null)
public function test_update_web_root_path($input, $getPathInfo, $getRequestUri, $getScriptName, $correction)
{
$symfony_request = $this->getMock("\phpbb\symfony_request", array(), array(
$symfony_request = $this->getMock('\phpbb\symfony_request', array(), array(
new phpbb_mock_request(),
));
$symfony_request->expects($this->any())
@ -155,7 +162,7 @@ class phpbb_path_helper_test extends phpbb_test_case
'php'
);
$this->assertEquals($expected, $path_helper->update_web_root_path($input, $symfony_request));
$this->assertEquals($correction . $input, $path_helper->update_web_root_path($input, $symfony_request));
}
public function clean_url_data()