mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-01 14:30:32 +02:00
Code Issues Releases Wiki Activity

Merge remote-tracking branch 'nickvergessen/ticket/12099' into develop-ascraeus

Browse Source 
* nickvergessen/ticket/12099:
  [ticket/12099] Fix correction in path_helper test
  [ticket/12099] Prepend ./ to path to fix assets
  [ticket/12099] Deduplicate path generation
  [ticket/12099] Fix clean_path() ".." stripping when previous directory was "."
  [ticket/12099] Break clean_path tests with a simple test
  [ticket/12099] Clean paths in tests
  [ticket/12099] Correctly fix go back to root before prepending the root path
  [ticket/12099] Clean some paths before using them
  [ticket/12099] Fix several issues in path_helper test
This commit is contained in:
Marc Alexander
2014-06-26 15:07:05 +02:00
parent 69b9aa2859 e71f65c2bb
commit 9b27d00d5f
4 changed files with 38 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
phpBB/phpbb/filesystem.php
View File

@@ -35,7 +35,7 @@ class filesystem
continue;
}
if ($part === '..' && !empty($filtered) && $filtered[sizeof($filtered) - 1] !== '..')
if ($part === '..' && !empty($filtered) && $filtered[sizeof($filtered) - 1] !== '.' && $filtered[sizeof($filtered) - 1] !== '..')
{
array_pop($filtered);
}

31
phpBB/phpbb/path_helper.php
View File

@@ -98,7 +98,7 @@ class path_helper
{
$path = substr($path, strlen($this->phpbb_root_path));
return $this->get_web_root_path() . $path;
return $this->filesystem->clean_path($this->get_web_root_path() . $path);
}
return $path;
@@ -158,7 +158,7 @@ class path_helper
*/
if ($path_info === '/' && preg_match('/app\.' . $this->php_ext . '\/$/', $request_uri))
{
return $this->web_root_path = $this->phpbb_root_path . '../';
return $this->web_root_path = $this->filesystem->clean_path('./../' . $this->phpbb_root_path);
}
/*
@@ -174,27 +174,20 @@ class path_helper
$corrections = substr_count($path_info, '/');
/*
* If the script name (e.g. phpBB/app.php) exists in the
* requestUri (e.g. phpBB/app.php/foo/template), then we
* are have a non-rewritten URL.
* If the script name (e.g. phpBB/app.php) does not exists in the
* requestUri (e.g. phpBB/app.php/foo/template), then we are rewriting
* the URL. So we must reduce the slash count by 1.
*/
if (strpos($request_uri, $script_name) === 0)
if (strpos($request_uri, $script_name) !== 0)
{
/*
* Append ../ to the end of the phpbb_root_path as many times
* as / exists in path_info
*/
return $this->web_root_path = $this->phpbb_root_path . str_repeat('../', $corrections);
$corrections--;
}
/*
* If we're here it means we're at a re-written path, so we must
* correct the relative path for web URLs. We must append ../
* to the end of the root path as many times as / exists in path_info
* less one time (because the script, e.g. /app.php, doesn't exist in
* the URL)
*/
return $this->web_root_path = $this->phpbb_root_path . str_repeat('../', $corrections - 1);
// Prepend ../ to the phpbb_root_path as many times as / exists in path_info
$this->web_root_path = $this->filesystem->clean_path(
'./' . str_repeat('../', $corrections) . $this->phpbb_root_path
);
return $this->web_root_path;
}
/**