From 281cc5353208258e7f4a9032f720c5f1ae0fb8dc Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 2 Nov 2014 12:01:42 +0100 Subject: [PATCH] [ticket/13192] Remove app.php on mod rewrite even if app.php is outside root PHPBB3-13192 --- phpBB/phpbb/path_helper.php | 11 +++++++---- tests/path_helper/path_helper_test.php | 2 ++ 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index 0a41efc128..b2ec9d98e0 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -465,13 +465,16 @@ class path_helper // URL if ($url_parts === false || empty($url_parts['scheme']) || empty($url_parts['host'])) { - // Remove 'app.php/' from the page, when rewrite is enabled - if ($mod_rewrite && strpos($page, 'app.' . $this->php_ext . '/') === 0) + // Remove 'app.php/' from the page, when rewrite is enabled. + // Treat app.php as a reserved file name and remove on mod rewrite + // even if it might not be in the phpBB root. + if ($mod_rewrite && ($app_position = strpos($page, 'app.' . $this->php_ext . '/')) !== false) { - $page = substr($page, strlen('app.' . $this->php_ext . '/')); + $page = substr($page, 0, $app_position) . substr($page, $app_position + strlen('app.' . $this->php_ext . '/')); } - $page = $this->get_phpbb_root_path() . $page; + // Remove preceding slashes from page name and prepend root path + $page = $this->get_phpbb_root_path() . preg_replace('@^(?:([\\/\\\])?)@', '', $page); } return $page; diff --git a/tests/path_helper/path_helper_test.php b/tests/path_helper/path_helper_test.php index 26cb940b54..62c2a24b22 100644 --- a/tests/path_helper/path_helper_test.php +++ b/tests/path_helper/path_helper_test.php @@ -432,6 +432,8 @@ class phpbb_path_helper_test extends phpbb_test_case array('foo/index', false, 'foo/index'), array('app.php/foo', false, 'app.php/foo'), array('app.php/foo', true, 'foo'), + array('/../app.php/foo', false, '../app.php/foo'), + array('/../app.php/foo', true, '../foo'), ); }