mirror of
https://github.com/phpbb/phpbb.git
synced 2025-10-24 05:06:09 +02:00
[ticket/security-169] Stop loop through referer dir in top directory
SECURITY-169
This commit is contained in:
@@ -278,10 +278,16 @@ class path_helper
|
|||||||
$referer_dir = dirname($referer_dir);
|
$referer_dir = dirname($referer_dir);
|
||||||
}
|
}
|
||||||
|
|
||||||
while (strpos($absolute_board_url, $referer_dir) !== 0)
|
while (($dir_position = strpos($absolute_board_url, $referer_dir)) !== 0)
|
||||||
{
|
{
|
||||||
$fixed_root_path .= '../';
|
$fixed_root_path .= '../';
|
||||||
$referer_dir = dirname($referer_dir);
|
$referer_dir = dirname($referer_dir);
|
||||||
|
|
||||||
|
// Just return phpbb_root_path if we reach the top directory
|
||||||
|
if ($referer_dir === '.')
|
||||||
|
{
|
||||||
|
return $this->phpbb_root_path;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$fixed_root_path .= substr($absolute_board_url, strlen($referer_dir) + 1);
|
$fixed_root_path .= substr($absolute_board_url, strlen($referer_dir) + 1);
|
||||||
|
@@ -411,6 +411,21 @@ class phpbb_path_helper_test extends phpbb_test_case
|
|||||||
'http://www.phpbb.com/community',
|
'http://www.phpbb.com/community',
|
||||||
'../community/',
|
'../community/',
|
||||||
),
|
),
|
||||||
|
array(
|
||||||
|
'http://www.phpbb.com/foobar',
|
||||||
|
'http://www.phpbb.com',
|
||||||
|
'',
|
||||||
|
),
|
||||||
|
array(
|
||||||
|
'http://www.foobar.com',
|
||||||
|
'http://www.phpbb.com',
|
||||||
|
'/www.phpbb.com/',
|
||||||
|
),
|
||||||
|
array(
|
||||||
|
'foobar',
|
||||||
|
'http://www.phpbb.com/community',
|
||||||
|
'',
|
||||||
|
)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user