makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-27 21:58:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/17141] Ensure correction is newer below 0

Browse source 
PHPBB3-17141
This commit is contained in:
Marc Alexander 2023-06-26 23:14:21 +02:00
parent 5ee2efd4c2
commit 8223a956df
No known key found for this signature in database
GPG key ID: 50E0D2423696F995
2 changed files with 58 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
phpBB/phpbb/path_helper.php
View file

@ -236,7 +236,7 @@ class path_helper
// Prepend ../ to the phpbb_root_path as many times as / exists in path_info // Prepend ../ to the phpbb_root_path as many times as / exists in path_info
$this->web_root_path = $this->filesystem->clean_path( $this->web_root_path = $this->filesystem->clean_path(
'./' . str_repeat('../', $corrections) . $this->phpbb_root_path './' . str_repeat('../', max(0, $corrections)) . $this->phpbb_root_path
); );
return $this->web_root_path; return $this->web_root_path;
} }
@ -264,7 +264,7 @@ class path_helper
$relative_referer_path = substr($relative_referer_path, 0, $has_params); $relative_referer_path = substr($relative_referer_path, 0, $has_params);
} }
$corrections = substr_count($relative_referer_path, '/'); $corrections = substr_count($relative_referer_path, '/');
return $this->phpbb_root_path . str_repeat('../', $corrections - 1); return $this->phpbb_root_path . str_repeat('../', max(0, $corrections - 1));
} }
// If not, it's a bit more complicated. We go to the parent directory // If not, it's a bit more complicated. We go to the parent directory

90
tests/path_helper/path_helper_test.php
View file

@ -59,25 +59,25 @@ class phpbb_path_helper_test extends phpbb_test_case
$filesystem = new \phpbb\filesystem\filesystem(); $filesystem = new \phpbb\filesystem\filesystem();
$this->set_phpbb_root_path($filesystem); $this->set_phpbb_root_path($filesystem);
return array( return [
array( [
'http://www.test.com/test.php', 'http://www.test.com/test.php',
'http://www.test.com/test.php', 'http://www.test.com/test.php',
'/', '/',
), ],
array( [
$this->phpbb_root_path . 'test.php', $this->phpbb_root_path . 'test.php',
$this->phpbb_root_path . 'test.php', $this->phpbb_root_path . 'test.php',
), ],
array( [
'test.php', 'test.php',
'test.php', 'test.php',
), ],
array( [
$this->phpbb_root_path . $this->phpbb_root_path . 'test.php', $this->phpbb_root_path . $this->phpbb_root_path . 'test.php',
$filesystem->clean_path($this->phpbb_root_path . $this->phpbb_root_path . 'test.php'), $filesystem->clean_path($this->phpbb_root_path . $this->phpbb_root_path . 'test.php'),
), ],
); ];
} }
/** /**
@ -158,6 +158,13 @@ class phpbb_path_helper_test extends phpbb_test_case
'/phpbb3-fork/phpBB/app.php', '/phpbb3-fork/phpBB/app.php',
'', '',
), ),
array(
'./../'.$this->phpbb_root_path . 'test.php',
'',
'/phpbb3-fork/phpBB/foo',
'/phpbb3-fork/phpBB/app.php',
'',
),
); );
} }
@ -393,63 +400,78 @@ class phpbb_path_helper_test extends phpbb_test_case
public function get_web_root_path_from_ajax_referer_data() public function get_web_root_path_from_ajax_referer_data()
{ {
return array( return [
array( [
'http://www.phpbb.com/community/route1/route2/', 'http://www.phpbb.com/community/route1/route2/',
'http://www.phpbb.com/community', 'http://www.phpbb.com/community',
'../../', '../../',
), ],
array( [
'http://www.phpbb.com/community/route1/route2/?f=9',
'http://www.phpbb.com/community',
'../../',
],
[
'http://www.phpbb.com/community/route1/route2', 'http://www.phpbb.com/community/route1/route2',
'http://www.phpbb.com/community', 'http://www.phpbb.com/community',
'../', '../',
), ],
array( [
'http://www.phpbb.com/community/route1', 'http://www.phpbb.com/community/route1',
'http://www.phpbb.com/community', 'http://www.phpbb.com/community',
'', '',
), ],
array( [
'http://www.phpbb.com/community/', 'http://www.phpbb.com/community/',
'http://www.phpbb.com/community', 'http://www.phpbb.com/community',
'', '',
), ],
array( [
'http://www.phpbb.com/notcommunity/route1/route2/', 'http://www.phpbb.com/notcommunity/route1/route2/',
'http://www.phpbb.com/community', 'http://www.phpbb.com/community',
'../../../community/', '../../../community/',
), ],
array( [
'http://www.phpbb.com/notcommunity/route1/route2/?f=9',
'http://www.phpbb.com/community',
'../../../community/',
],
[
'http://www.phpbb.com/notcommunity/route1/route2', 'http://www.phpbb.com/notcommunity/route1/route2',
'http://www.phpbb.com/community', 'http://www.phpbb.com/community',
'../../community/', '../../community/',
), ],
array( [
'http://www.phpbb.com/notcommunity/route1', 'http://www.phpbb.com/notcommunity/route1',
'http://www.phpbb.com/community', 'http://www.phpbb.com/community',
'../community/', '../community/',
), ],
array( [
'http://www.phpbb.com/notcommunity/', 'http://www.phpbb.com/notcommunity/',
'http://www.phpbb.com/community', 'http://www.phpbb.com/community',
'../community/', '../community/',
), ],
array( [
'http://www.phpbb.com/foobar', 'http://www.phpbb.com/foobar',
'http://www.phpbb.com', 'http://www.phpbb.com',
'', '',
), ],
array( [
'http://www.foobar.com', 'http://www.foobar.com',
'http://www.phpbb.com', 'http://www.phpbb.com',
'/www.phpbb.com/', '/www.phpbb.com/',
), ],
array( [
'foobar', 'foobar',
'http://www.phpbb.com/community', 'http://www.phpbb.com/community',
'', '',
) ],
); [
'https://www.phpbb.com',
'https://www.phpbb.com',
''
]
];
} }
/** /**