mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-07 15:05:43 +02:00
Code Issues Releases Wiki Activity

Merge branch '3.2.x'

Browse Source
This commit is contained in:
Máté Bartus 2017-09-09 12:09:50 +02:00
commit dababbb9ad
4 changed files with 44 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
phpBB/includes/functions.php
View File

@ -1827,7 +1827,7 @@ function redirect($url, $return = false, $disable_cd_check = false)
/** /**
* Re-Apply session id after page reloads * Re-Apply session id after page reloads
*/ */
function reapply_sid($url) function reapply_sid($url, $is_route = false)
{ {
global $phpEx, $phpbb_root_path; global $phpEx, $phpbb_root_path;
@ -1849,7 +1849,7 @@ function reapply_sid($url)
$url = preg_replace("/$phpEx(&|&)+?/", "$phpEx?", $url); $url = preg_replace("/$phpEx(&|&)+?/", "$phpEx?", $url);
} }
return append_sid($url); return append_sid($url, false, true, false, $is_route);
} }
/** /**
@ -2172,7 +2172,7 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo
// re-add sid / transform & to & for user->page (user->page is always using &) // re-add sid / transform & to & for user->page (user->page is always using &)
$use_page = ($u_action) ? $u_action : str_replace('&', '&', $user->page['page']); $use_page = ($u_action) ? $u_action : str_replace('&', '&', $user->page['page']);
$u_action = reapply_sid($phpbb_path_helper->get_valid_page($use_page, $config['enable_mod_rewrite'])); $u_action = reapply_sid($phpbb_path_helper->get_valid_page($use_page, $config['enable_mod_rewrite']), $phpbb_path_helper->is_router_used());
$u_action .= ((strpos($u_action, '?') === false) ? '?' : '&') . 'confirm_key=' . $confirm_key; $u_action .= ((strpos($u_action, '?') === false) ? '?' : '&') . 'confirm_key=' . $confirm_key;
$template->assign_vars(array( $template->assign_vars(array(

13
phpBB/phpbb/path_helper.php
View File

@ -493,4 +493,17 @@ class path_helper
return $page; return $page;
} }
/**
* Tells if the router is currently in use (if the current page is a route or not)
*
* @return bool
*/
public function is_router_used()
{
// Script name URI (e.g. phpBB/app.php)
$script_name = $this->symfony_request->getScriptName();
return basename($script_name) === 'app.' . $this->php_ext;
}
} }

15
phpBB/phpbb/session.php
View File

@ -93,9 +93,18 @@ class session
$page_name .= str_replace('%2F', '/', urlencode($symfony_request_path)); $page_name .= str_replace('%2F', '/', urlencode($symfony_request_path));
} }
// current directory within the phpBB root (for example: adm) if (substr($root_path, 0, 2) === './' && strpos($root_path, '..') === false)
$root_dirs = explode('/', str_replace('\\', '/', filesystem_helper::realpath($root_path))); {
$page_dirs = explode('/', str_replace('\\', '/', filesystem_helper::realpath('./'))); $root_dirs = explode('/', str_replace('\\', '/', rtrim($root_path, '/')));
$page_dirs = explode('/', str_replace('\\', '/', '.'));
}
else
{
// current directory within the phpBB root (for example: adm)
$root_dirs = explode('/', str_replace('\\', '/', $phpbb_filesystem->realpath($root_path)));
$page_dirs = explode('/', str_replace('\\', '/', $phpbb_filesystem->realpath('./')));
}
$intersection = array_intersect_assoc($root_dirs, $page_dirs); $intersection = array_intersect_assoc($root_dirs, $page_dirs);
$root_dirs = array_diff_assoc($root_dirs, $intersection); $root_dirs = array_diff_assoc($root_dirs, $intersection);

16
tests/session/extract_page_test.php
View File

@ -136,6 +136,22 @@ class phpbb_session_extract_page_test extends phpbb_session_test_case
'forum' => 0, 'forum' => 0,
), ),
), ),
array(
'./community',
'/app.php',
'',
'/',
'/kb',
array(
'page_name' => 'app.php/kb',
'page_dir' => '..',
'query_string' => '',
'script_path' => '/',
'root_script_path' => '/community/',
'page' => '../app.php/kb',
'forum' => 0,
),
),
); );
} }