From 633a5177915682492f90499ebb53fc0d87c15785 Mon Sep 17 00:00:00 2001
From: Joas Schilling <nickvergessen@gmx.de>
Date: Tue, 8 Jul 2014 17:53:06 +0200
Subject: [PATCH 1/2] [ticket/12834] Fix tests to match what we want to have

PHPBB3-12834
---
 tests/viewonline/helper_test.php | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/tests/viewonline/helper_test.php b/tests/viewonline/helper_test.php
index e4950bb51a..2c903c6b23 100644
--- a/tests/viewonline/helper_test.php
+++ b/tests/viewonline/helper_test.php
@@ -23,17 +23,21 @@ class phpbb_viewonline_helper_test extends phpbb_test_case
 	public function session_pages_data()
 	{
 		return array(
-			array('index.php', 'index.php'),
-			array('foobar/test.php', 'foobar/test.php'),
+			array('index.php', 'index'),
+			array('foobar/test.php', 'foobar/test'),
 			array('', ''),
-			array('../index.php', '../index.php'),
+			array('./../../index.php', '../../index'),
+			array('../subdir/index.php', '../subdir/index'),
+			array('../index.php', '../index'),
+			array('././index.php', 'index'),
+			array('./index.php', 'index'),
 		);
 	}
 
 	/**
 	* @dataProvider session_pages_data
 	*/
-	public function test_get_user_page($expected, $session_page)
+	public function test_get_user_page($session_page, $expected)
 	{
 		$on_page = $this->viewonline_helper->get_user_page($session_page);
 		$this->assertArrayHasKey(1, $on_page);

From e3e236da72f9bb8985fcecc25758c98559f76179 Mon Sep 17 00:00:00 2001
From: Joas Schilling <nickvergessen@gmx.de>
Date: Tue, 8 Jul 2014 17:53:32 +0200
Subject: [PATCH 2/2] [ticket/12834] Correctly match directories in session
 page

Also clean path before working with it

PHPBB3-12834
---
 phpBB/config/services.yml         |  2 ++
 phpBB/phpbb/viewonline_helper.php | 19 ++++++++++++++++++-
 tests/viewonline/helper_test.php  |  2 +-
 3 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/phpBB/config/services.yml b/phpBB/config/services.yml
index 735a49c99b..0862650011 100644
--- a/phpBB/config/services.yml
+++ b/phpBB/config/services.yml
@@ -362,3 +362,5 @@ services:
 
     viewonline_helper:
         class: phpbb\viewonline_helper
+        arguments:
+            - @filesystem
diff --git a/phpBB/phpbb/viewonline_helper.php b/phpBB/phpbb/viewonline_helper.php
index 3fc33119a3..b722f9d911 100644
--- a/phpBB/phpbb/viewonline_helper.php
+++ b/phpBB/phpbb/viewonline_helper.php
@@ -18,6 +18,17 @@ namespace phpbb;
 */
 class viewonline_helper
 {
+	/** @var \phpbb\filesystem */
+	protected $filesystem;
+
+	/**
+	* @param \phpbb\filesystem $filesystem
+	*/
+	public function __construct(\phpbb\filesystem $filesystem)
+	{
+		$this->filesystem = $filesystem;
+	}
+
 	/**
 	* Get user page
 	*
@@ -26,7 +37,13 @@ class viewonline_helper
 	*/
 	public function get_user_page($session_page)
 	{
-		preg_match('#^([./\\]*+[a-z0-9/_-]+)#i', $session_page, $on_page);
+		$session_page = $this->filesystem->clean_path($session_page);
+		if (strpos($session_page, './') === 0)
+		{
+			$session_page = substr($session_page, 2);
+		}
+
+		preg_match('#^((\.\./)*([a-z0-9/_-]+))#i', $session_page, $on_page);
 		if (empty($on_page))
 		{
 			$on_page[1] = '';
diff --git a/tests/viewonline/helper_test.php b/tests/viewonline/helper_test.php
index 2c903c6b23..bbbed59de7 100644
--- a/tests/viewonline/helper_test.php
+++ b/tests/viewonline/helper_test.php
@@ -17,7 +17,7 @@ class phpbb_viewonline_helper_test extends phpbb_test_case
 	{
 		parent::setUp();
 
-		$this->viewonline_helper = new \phpbb\viewonline_helper();
+		$this->viewonline_helper = new \phpbb\viewonline_helper(new \phpbb\filesystem());
 	}
 
 	public function session_pages_data()