From 204904441a373db335375e973f78b9e8b2741867 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Wed, 11 Jun 2014 23:34:51 +0200
Subject: [PATCH] [ticket/9801] Allow display of page outside board directory
 on viewonline

Until now, the preg_match didn't take into account that a page might be
outside the board directory. After this change, the regular expression will
allow preceding dots and slashes. Paths like ../../test.php will be allowed.
The page will be unknown in viewonline.php and it will revert to index.php as
current page. However, the core.viewonline_overwrite_location event will
receive proper info of the page the user is on right now allowing a listener
to change the info that is being displayed.

PHPBB3-9801
---
 phpBB/viewonline.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/phpBB/viewonline.php b/phpBB/viewonline.php
index 43b5f7f001..69e63faa86 100644
--- a/phpBB/viewonline.php
+++ b/phpBB/viewonline.php
@@ -213,7 +213,7 @@ while ($row = $db->sql_fetchrow($result))
 		continue;
 	}
 
-	preg_match('#^([a-z0-9/_-]+)#i', $row['session_page'], $on_page);
+	preg_match('#^([./\\]*+[a-z0-9/_-]+)#i', $row['session_page'], $on_page);
 	if (!sizeof($on_page))
 	{
 		$on_page[1] = '';