[ticket/11997] Add clean_url() method to path_helper

This method will get rid of unnecessary . and .. in URLs. PHPBB3-11997
2025-07-30 21:40:43 +02:00 · 2013-12-21 20:08:00 +01:00
parent 235d2069e0
commit d9358c26da
3 changed files with 47 additions and 1 deletions
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -2777,7 +2777,7 @@ function redirect($url, $return = false, $disable_cd_check = false)
 				$url = (!empty($dir) ? $dir . '/' : '') . $url;
 				$url = generate_board_url() . '/' . $url;
 			}
-			$url = $phpbb_filesystem->clean_path($url);
+			$url = $phpbb_path_helper->clean_url($url);;
 		}
 	}

--- a/phpBB/phpbb/path_helper.php
+++ b/phpBB/phpbb/path_helper.php
@@ -207,4 +207,27 @@ class path_helper

 		return generate_board_url() . $url;
 	}
+
+	/**
+	* Eliminates useless . and .. components from specified URL
+	*
+	* @param string $url URL to clean
+	*
+	* @return string Cleaned URL
+	*/
+	public function clean_url($url)
+	{
+		$delimiter_position = strpos($url, '://');
+		// URL should contain :// but it shouldn't start with it.
+		// Do not clean URLs that do not fit these constraints.
+		if (empty($delimiter_position))
+		{
+			return $url;
+		}
+		$scheme = substr($url, 0, $delimiter_position) . '://';
+		// Add length of URL delimiter to position
+		$path = substr($url, $delimiter_position + 3);
+
+		return $scheme . $this->filesystem->clean_path($path);
+	}
 }