mirror of
https://github.com/phpbb/phpbb.git
synced 2025-08-05 16:27:38 +02:00
[ticket/11997] Add clean_url() method to path_helper
This method will get rid of unnecessary . and .. in URLs. PHPBB3-11997
This commit is contained in:
Marc Alexander
@@ -2777,7 +2777,7 @@ function redirect($url, $return = false, $disable_cd_check = false)
|
||||
$url = (!empty($dir) ? $dir . '/' : '') . $url;
|
||||
$url = generate_board_url() . '/' . $url;
|
||||
}
|
||||
$url = $phpbb_filesystem->clean_path($url);
|
||||
$url = $phpbb_path_helper->clean_url($url);;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -207,4 +207,27 @@ class path_helper
|
||||
|
||||
return generate_board_url() . $url;
|
||||
}
|
||||
|
||||
/**
|
||||
* Eliminates useless . and .. components from specified URL
|
||||
*
|
||||
* @param string $url URL to clean
|
||||
*
|
||||
* @return string Cleaned URL
|
||||
*/
|
||||
public function clean_url($url)
|
||||
{
|
||||
$delimiter_position = strpos($url, '://');
|
||||
// URL should contain :// but it shouldn't start with it.
|
||||
// Do not clean URLs that do not fit these constraints.
|
||||
if (empty($delimiter_position))
|
||||
{
|
||||
return $url;
|
||||
}
|
||||
$scheme = substr($url, 0, $delimiter_position) . '://';
|
||||
// Add length of URL delimiter to position
|
||||
$path = substr($url, $delimiter_position + 3);
|
||||
|
||||
return $scheme . $this->filesystem->clean_path($path);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -146,4 +146,27 @@ class phpbb_path_helper_web_root_path_test extends phpbb_test_case
|
||||
|
||||
$this->assertEquals($expected, $path_helper->update_web_root_path($input, $symfony_request));
|
||||
}
|
||||
|
||||
public function clean_url_data()
|
||||
{
|
||||
return array(
|
||||
array('', ''),
|
||||
array('://', '://'),
|
||||
array('http://', 'http://'),
|
||||
array('http://one/two/three', 'http://one/two/three'),
|
||||
array('http://../one/two', 'http://../one/two'),
|
||||
array('http://one/../two/three', 'http://two/three'),
|
||||
array('http://one/two/../three', 'http://one/three'),
|
||||
array('http://one/two/../../three', 'http://three'),
|
||||
array('http://one/two/../../../three', 'http://../three'),
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider clean_url_data
|
||||
*/
|
||||
public function test_clean_url($input, $expected)
|
||||
{
|
||||
$this->assertEquals($expected, $this->path_helper->clean_url($input));
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user