diff --git a/phpBB/adm/index.php b/phpBB/adm/index.php index 0f9ff7eaee..25975e0466 100644 --- a/phpBB/adm/index.php +++ b/phpBB/adm/index.php @@ -68,8 +68,8 @@ $template->set_custom_style( ], ); -$template->assign_var('T_ASSETS_PATH', $phpbb_root_path . 'assets'); -$template->assign_var('T_TEMPLATE_PATH', $phpbb_admin_path . 'style'); +$template->assign_var('T_ASSETS_PATH', $phpbb_path_helper->update_web_root_path($phpbb_root_path . 'assets')); +$template->assign_var('T_TEMPLATE_PATH', $phpbb_path_helper->update_web_root_path($phpbb_root_path . 'style')); // Instantiate new module $module = new p_master(); diff --git a/phpBB/phpbb/event/kernel_exception_subscriber.php b/phpBB/phpbb/event/kernel_exception_subscriber.php index 9de9d94bd6..953bc5b5ec 100644 --- a/phpBB/phpbb/event/kernel_exception_subscriber.php +++ b/phpBB/phpbb/event/kernel_exception_subscriber.php @@ -90,12 +90,15 @@ class kernel_exception_subscriber implements EventSubscriberInterface } else if (!$this->debug && $exception instanceof NotFoundHttpException) { - // Do not update user session page if it does not exist - $this->user->update_session_page = false; - $message = $this->language->lang('PAGE_NOT_FOUND'); } + // Do not update user session page if it does not exist + if ($exception instanceof NotFoundHttpException) + { + $this->user->update_session_page = false; + } + // Show text in bold $message = preg_replace('#<(/?strong)>#i', '<$1>', $message); diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index 0f3bb4d3cb..aa898c7b12 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -38,6 +38,9 @@ class path_helper /** @var string */ protected $web_root_path; + /** @var bool Flag whether we're in adm path */ + protected $in_adm_path = false; + /** * Constructor * @@ -114,7 +117,13 @@ class path_helper $path = substr($path, 8); } - return filesystem_helper::clean_path($web_root_path . $path); + $path = filesystem_helper::clean_path($web_root_path . $path); + + // Further clean path if we're in adm + if ($this->in_adm_path && str_starts_with($path, $this->phpbb_root_path . $this->adm_relative_path)) + { + $path = substr($path, strlen($this->phpbb_root_path . $this->adm_relative_path)); + } } return $path; @@ -178,6 +187,11 @@ class path_helper return $this->web_root_path = filesystem_helper::clean_path('./../' . $this->phpbb_root_path); } + if ($path_info === '/' && defined('ADMIN_START') && preg_match('/\/' . preg_quote($this->adm_relative_path, '/') . 'index\.' . $this->php_ext . '$/', $script_name)) + { + $this->in_adm_path = true; + } + /* * If the path info is empty (single /), then we're not using * a route like app.php/foo/bar diff --git a/tests/functional/session_page_update_test.php b/tests/functional/session_page_update_test.php index b2e04c0def..963c4c782f 100644 --- a/tests/functional/session_page_update_test.php +++ b/tests/functional/session_page_update_test.php @@ -17,39 +17,38 @@ class phpbb_functional_session_page_update_test extends phpbb_functional_test_case { - protected function test_session_page_update() + public function setUp(): void { + parent::setUp(); + + global $db; + + $db = $this->db; + $this->login(); + } + + public function test_session_page_update() + { $db = $this->get_db(); - if (!function_exists('utf_clean_string')) - { - require_once(__DIR__ . '/../../phpBB/includes/utf/utf_tools.php'); - } - if (!function_exists('user_get_id_name')) - { - require_once(__DIR__ . '/../../phpBB/includes/functions_user.php'); - } - - $user_ids = []; - $username = [$this->get_logged_in_user()]; - user_get_id_name($user_ids, $username); - $user_id = (int) $user_ids[0]; + // Sleep for 2 seconds to ensure we don't have session time race condition + sleep(2); // Request index page self::request('GET', 'index.php'); - $this->assertEquals(200, self::$client->getResponse()->getStatus()); + $this->assertEquals(200, self::$client->getInternalResponse()->getStatusCode(), 'Failed asserting that status of index page is 200'); - $sql = 'SELECT session_page FROM ' . SESSIONS_TABLE . ' WHERE session_user_id = ' . $user_id . ' ORDER BY session_time DESC'; + $sql = 'SELECT session_page FROM ' . SESSIONS_TABLE . ' WHERE session_user_id = 2 ORDER BY session_time DESC'; $db->sql_query_limit($sql, 1); - $this->assertEquals('index.php', $db->sql_fetchfield('session_page')); + $this->assertEquals('index.php', $db->sql_fetchfield('session_page'), 'Failed asserting that session_page is index.php for admin user'); // Request non-existent url - self::request('GET', 'nonexistent.jpg'); - $this->assertEquals(404, self::$client->getResponse()->getStatus()); + self::request('GET', 'nonexistent.jpg', [], false); + $this->assertEquals(404, self::$client->getInternalResponse()->getStatusCode(), 'Failed asserting that status of non-existent image is 404'); $db->sql_query_limit($sql, 1); // User page should not be updated to non-existent one - $this->assertEquals('index.php', $db->sql_fetchfield('session_page')); + $this->assertEquals('index.php', $db->sql_fetchfield('session_page'), 'Failed asserting that session page has not changed after 404'); } }