mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-01-17 22:28:46 +01:00
Code Issues Releases Wiki Activity

[ticket/12834] Correctly match directories in session page

Browse Source 
Also clean path before working with it

PHPBB3-12834
This commit is contained in:
Joas Schilling 2014-07-08 17:53:32 +02:00
parent 633a517791
commit e3e236da72
3 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
phpBB/config/services.yml
View File

@ -362,3 +362,5 @@ services:
viewonline_helper: viewonline_helper:
class: phpbb\viewonline_helper class: phpbb\viewonline_helper
arguments:
- @filesystem

19
phpBB/phpbb/viewonline_helper.php
View File

@ -18,6 +18,17 @@ namespace phpbb;
*/ */
class viewonline_helper class viewonline_helper
{ {
/** @var \phpbb\filesystem */
protected $filesystem;
/**
* @param \phpbb\filesystem $filesystem
*/
public function __construct(\phpbb\filesystem $filesystem)
{
$this->filesystem = $filesystem;
}
/** /**
* Get user page * Get user page
* *
@ -26,7 +37,13 @@ class viewonline_helper
*/ */
public function get_user_page($session_page) public function get_user_page($session_page)
{ {
preg_match('#^([./\\]*+[a-z0-9/_-]+)#i', $session_page, $on_page); $session_page = $this->filesystem->clean_path($session_page);
if (strpos($session_page, './') === 0)
{
$session_page = substr($session_page, 2);
}
preg_match('#^((\.\./)*([a-z0-9/_-]+))#i', $session_page, $on_page);
if (empty($on_page)) if (empty($on_page))
{ {
$on_page[1] = ''; $on_page[1] = '';

2
tests/viewonline/helper_test.php
View File

@ -17,7 +17,7 @@ class phpbb_viewonline_helper_test extends phpbb_test_case
{ {
parent::setUp(); parent::setUp();
$this->viewonline_helper = new \phpbb\viewonline_helper(); $this->viewonline_helper = new \phpbb\viewonline_helper(new \phpbb\filesystem());
} }
public function session_pages_data() public function session_pages_data()