mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-04-21 16:22:22 +02:00
Code Issues Releases Wiki Activity

[ticket/17398] Use referer for web paths in ajax requests

Browse Source 
PHPBB-17398
This commit is contained in:
Marc Alexander 2024-10-09 20:16:30 +02:00
parent ecceeab709
commit fd58e4f338
No known key found for this signature in database
GPG Key ID: 50E0D2423696F995
3 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
phpBB/includes/functions.php
View File

@ -4069,7 +4069,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
'U_SEARCH_UNANSWERED' => append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=unanswered'),
'U_SEARCH_UNREAD' => append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=unreadposts'),
'U_SEARCH_ACTIVE_TOPICS'=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=active_topics'),
'U_DELETE_COOKIES' => $controller_helper->route('phpbb_ucp_delete_cookies_controller', ['_referer' => $controller_helper->get_current_url()]),
'U_DELETE_COOKIES' => $controller_helper->route('phpbb_ucp_delete_cookies_controller'),
'U_CONTACT_US' => ($config['contact_admin_form_enable'] && $config['email_enable']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contactadmin') : '',
'U_TEAM' => (!$auth->acl_get('u_viewprofile')) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=team'),
'U_TERMS_USE' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=terms'),

4
phpBB/phpbb/path_helper.php
View File

@ -223,13 +223,13 @@ class path_helper
*
* The referer must be specified as a parameter in the query.
*/
if ($this->request->is_ajax() && $this->symfony_request->get('_referer'))
if ($this->request->is_ajax() && $this->request->header('Referer'))
{
// We need to escape $absolute_board_url because it can be partially concatenated to the result.
$absolute_board_url = $this->request->escape($this->symfony_request->getSchemeAndHttpHost() . $this->symfony_request->getBasePath(), true);
$referer_web_root_path = $this->get_web_root_path_from_ajax_referer(
$this->symfony_request->get('_referer'),
$this->request->header('Referer'),
$absolute_board_url
);
return $this->web_root_path = $referer_web_root_path;

6
tests/path_helper/path_helper_test.php
View File

@ -470,9 +470,6 @@ class phpbb_path_helper_test extends phpbb_test_case
->setConstructorArgs([new phpbb_mock_request()])
->setMethods(['get', 'getSchemeAndHttpHost', 'getBasePath', 'getPathInfo'])
->getMock();
$symfony_request->method('get')
->with('_referer')
->willReturn('http://www.phpbb.com/community/route1/route2/');
$symfony_request->method('getSchemeAndHttpHost')
->willReturn('http://www.phpbb.com');
$symfony_request->method('getBasePath')
@ -486,6 +483,9 @@ class phpbb_path_helper_test extends phpbb_test_case
->willReturn(true);
$request->method('escape')
->willReturnArgument(0);
$request->method('header')
->with('Referer')
->willReturn('http://www.phpbb.com/community/route1/route2/');
$path_helper = new \phpbb\path_helper(
$symfony_request,