mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-30 21:40:43 +02:00
Code Issues Releases Wiki Activity

[ticket/17296] Reduce complexity of relative paths on adm pages

Browse Source 
PHPBB3-17296
This commit is contained in:
Marc Alexander
2024-03-07 20:57:19 +01:00
parent 763c6f625f
commit bda99e1c35
2 changed files with 17 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
phpBB/phpbb/path_helper.php
View File

@@ -39,6 +39,9 @@ class path_helper
/** @var string */
protected $web_root_path;
/** @var bool Flag whether we're in adm path */
protected $in_adm_path = false;
/**
* Constructor
*
@@ -117,7 +120,13 @@ class path_helper
$path = substr($path, 8);
}
return $this->filesystem->clean_path($web_root_path . $path);
$path = $this->filesystem->clean_path($web_root_path . $path);
// Further clean path if we're in adm
if ($this->in_adm_path && strpos($path, $this->phpbb_root_path . $this->adm_relative_path) === 0)
{
$path = substr($path, strlen($this->phpbb_root_path . $this->adm_relative_path));
}
}
return $path;
@@ -181,6 +190,11 @@ class path_helper
return $this->web_root_path = $this->filesystem->clean_path('./../' . $this->phpbb_root_path);
}
if ($path_info === '/' && defined('ADMIN_START') && preg_match('/\/' . preg_quote($this->adm_relative_path, '/') . 'index\.' . $this->php_ext . '$/', $script_name))
{
$this->in_adm_path = true;
}
/*
* If the path info is empty (single /), then we're not using
* a route like app.php/foo/bar