From f383d4221ce085dc36ef4c04a0a2c7c3f381b108 Mon Sep 17 00:00:00 2001 From: Pico88 Date: Mon, 21 Apr 2014 19:53:46 +0200 Subject: [PATCH 1/9] [ticket/12099] Add request argument to path_helper service PHPBB3-12099 --- phpBB/config/services.yml | 2 + phpBB/phpbb/path_helper.php | 54 ++++++++++++++++++- tests/avatar/manager_test.php | 2 + tests/controller/helper_route_test.php | 2 + tests/extension/metadata_manager_test.php | 2 + tests/path_helper/path_helper_test.php | 4 ++ tests/security/redirect_test.php | 2 + tests/template/template_events_test.php | 2 + tests/template/template_test_case.php | 2 + .../template/template_test_case_with_tree.php | 2 + .../phpbb_session_test_case.php | 2 + 11 files changed, 74 insertions(+), 2 deletions(-) diff --git a/phpBB/config/services.yml b/phpBB/config/services.yml index 72eeae9b15..a7addf510b 100644 --- a/phpBB/config/services.yml +++ b/phpBB/config/services.yml @@ -299,6 +299,8 @@ services: arguments: - @symfony_request - @filesystem + - @request + - @config - %core.root_path% - %core.php_ext% - %core.adm_relative_path% diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index b592cc4460..b157c5930a 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -24,6 +24,12 @@ class path_helper /** @var \phpbb\filesystem */ protected $filesystem; + /** @var \phpbb\request\request */ + protected $request; + + /** @var \phpbb\config\config */ + protected $config; + /** @var string */ protected $phpbb_root_path; @@ -41,13 +47,17 @@ class path_helper * * @param \phpbb\symfony_request $symfony_request * @param \phpbb\filesystem $filesystem + * @param \phpbb\request\request $request + * @param \phpbb\config\config $config * @param string $phpbb_root_path Relative path to phpBB root * @param string $php_ext PHP extension (php) */ - public function __construct(\phpbb\symfony_request $symfony_request, \phpbb\filesystem $filesystem, $phpbb_root_path, $php_ext, $adm_relative_path = null) + public function __construct(\phpbb\symfony_request $symfony_request, \phpbb\filesystem $filesystem, \phpbb\request\request $request, \phpbb\config\config $config, $phpbb_root_path, $php_ext, $adm_relative_path = null) { $this->symfony_request = $symfony_request; $this->filesystem = $filesystem; + $this->request = $request; + $this->config = $config; $this->phpbb_root_path = $phpbb_root_path; $this->php_ext = $php_ext; $this->adm_relative_path = $adm_relative_path; @@ -170,7 +180,47 @@ class path_helper return $this->web_root_path = $this->phpbb_root_path; } - // How many corrections might we need? + /* + * Check AJAX request + */ + if ($this->request->is_ajax()) + { + // Check referer + $referer = strtolower($this->request->header('Referer')); + + // Count chars + $chars = strlen($this->config['server_name'] . $this->config['script_path']) - 1; + + /* + * Return string without server name and script path + * e.g. 'http://localhost/phpBB/app.php', where server name is 'localhost' + * and script path is '/phpBB', will be cut to '/app.php' + */ + $ref = substr(strstr($referer, strtolower($this->config['server_name'] . $this->config['script_path'])), $chars); + + // How many slashes does the referer used? + $count_slashes = substr_count($ref, '/'); + + /* + * If the shorten referer has only 1 slash, + * return default path + */ + if ($count_slashes == 1) + { + return $this->web_root_path = $this->phpbb_root_path; + } + /* + * Otherwise we are on routed page so we must correct the relative path + * for web URLs. We must append ../ to the end of the root path + * as many times as / exists in shorten referer less one time + */ + else + { + return $this->web_root_path = $this->phpbb_root_path . str_repeat('../', $count_slashes - 1); + } + } + + // How many corrections might we need? $corrections = substr_count($path_info, '/'); /* diff --git a/tests/avatar/manager_test.php b/tests/avatar/manager_test.php index 246397ad6c..96d3ba1474 100644 --- a/tests/avatar/manager_test.php +++ b/tests/avatar/manager_test.php @@ -38,6 +38,8 @@ class phpbb_avatar_manager_test extends \phpbb_test_case new phpbb_mock_request() ), new \phpbb\filesystem(), + $this->getMock('\phpbb\request\request'), + $config, $phpbb_root_path, $phpEx ); diff --git a/tests/controller/helper_route_test.php b/tests/controller/helper_route_test.php index 621efaa830..a9e8e46a42 100644 --- a/tests/controller/helper_route_test.php +++ b/tests/controller/helper_route_test.php @@ -26,6 +26,8 @@ class phpbb_controller_helper_route_test extends phpbb_test_case new phpbb_mock_request() ), new \phpbb\filesystem(), + $this->getMock('\phpbb\request\request'), + new \phpbb\config\config(array()), $phpbb_root_path, $phpEx ); diff --git a/tests/extension/metadata_manager_test.php b/tests/extension/metadata_manager_test.php index 3678ac0a3f..b7f309b2a9 100644 --- a/tests/extension/metadata_manager_test.php +++ b/tests/extension/metadata_manager_test.php @@ -50,6 +50,8 @@ class phpbb_extension_metadata_manager_test extends phpbb_database_test_case new phpbb_mock_request() ), new \phpbb\filesystem(), + $this->getMock('\phpbb\request\request'), + new \phpbb\config\config(array()), $this->phpbb_root_path, $this->phpEx ), diff --git a/tests/path_helper/path_helper_test.php b/tests/path_helper/path_helper_test.php index 9866cb6efe..e7e2ae697f 100644 --- a/tests/path_helper/path_helper_test.php +++ b/tests/path_helper/path_helper_test.php @@ -29,6 +29,8 @@ class phpbb_path_helper_test extends phpbb_test_case new phpbb_mock_request() ), new \phpbb\filesystem(), + $this->getMock('\phpbb\request\request'), + new \phpbb\config\config(array()), $this->phpbb_root_path, 'php' ); @@ -158,6 +160,8 @@ class phpbb_path_helper_test extends phpbb_test_case $path_helper = new \phpbb\path_helper( $symfony_request, new \phpbb\filesystem(), + $this->getMock('\phpbb\request\request'), + new \phpbb\config\config(array()), $this->phpbb_root_path, 'php' ); diff --git a/tests/security/redirect_test.php b/tests/security/redirect_test.php index fb1011cde0..24c42ca8c2 100644 --- a/tests/security/redirect_test.php +++ b/tests/security/redirect_test.php @@ -63,6 +63,8 @@ class phpbb_security_redirect_test extends phpbb_security_test_base new phpbb_mock_request() ), new \phpbb\filesystem(), + $this->getMock('\phpbb\request\request'), + new \phpbb\config\config(array()), $this->phpbb_root_path, 'php' ); diff --git a/tests/template/template_events_test.php b/tests/template/template_events_test.php index ce3c90b78a..2c29d42173 100644 --- a/tests/template/template_events_test.php +++ b/tests/template/template_events_test.php @@ -143,6 +143,8 @@ Zeta test event in all', new phpbb_mock_request() ), new \phpbb\filesystem(), + $this->getMock('\phpbb\request\request'), + new \phpbb\config\config(array()), $phpbb_root_path, $phpEx ); diff --git a/tests/template/template_test_case.php b/tests/template/template_test_case.php index 00b823b2c4..d393027566 100644 --- a/tests/template/template_test_case.php +++ b/tests/template/template_test_case.php @@ -72,6 +72,8 @@ class phpbb_template_template_test_case extends phpbb_test_case new phpbb_mock_request() ), new \phpbb\filesystem(), + $this->getMock('\phpbb\request\request'), + new \phpbb\config\config(array()), $phpbb_root_path, $phpEx ); diff --git a/tests/template/template_test_case_with_tree.php b/tests/template/template_test_case_with_tree.php index 4f778a9c1c..c1b22e94e0 100644 --- a/tests/template/template_test_case_with_tree.php +++ b/tests/template/template_test_case_with_tree.php @@ -27,6 +27,8 @@ class phpbb_template_template_test_case_with_tree extends phpbb_template_templat new phpbb_mock_request() ), new \phpbb\filesystem(), + $this->getMock('\phpbb\request\request'), + new \phpbb\config\config(array()), $phpbb_root_path, $phpEx ); diff --git a/tests/test_framework/phpbb_session_test_case.php b/tests/test_framework/phpbb_session_test_case.php index 8a5d582573..144e05b5fa 100644 --- a/tests/test_framework/phpbb_session_test_case.php +++ b/tests/test_framework/phpbb_session_test_case.php @@ -32,6 +32,8 @@ abstract class phpbb_session_test_case extends phpbb_database_test_case $phpbb_path_helper = new \phpbb\path_helper( $symfony_request, $phpbb_filesystem, + $this->getMock('\phpbb\request\request'), + new \phpbb\config\config(array()), $phpbb_root_path, $phpEx ); From 779d8a68ffa1b48e61ebf514648aaadaf232b6ca Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Wed, 7 May 2014 23:13:45 +0200 Subject: [PATCH 2/9] [ticket/12099] Correctly fix the path when performing AJAX requests If the current request is a AJAX we need to fix the paths. We need to get the root path based on the Referer, so we can use the generated URLs in the template of the Referer. If we do not generate the relative path based on the Referer, but based on the currently requested URL, the generated URLs will not point to the intended locations: Referer desired URL desired relative root path memberlist.php faq.php ./ memberlist.php app.php/foo/bar ./ app.php/foo memberlist.php ../ app.php/foo app.php/fox ../ app.php/foo/bar memberlist.php ../../ ../page.php memberlist.php ./phpBB/ ../sub/page.php memberlist.php ./../phpBB/ PHPBB3-12099 --- phpBB/phpbb/path_helper.php | 119 +++++++++++++++++++++++++----------- 1 file changed, 82 insertions(+), 37 deletions(-) diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index b157c5930a..8552dbeb3a 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -24,7 +24,7 @@ class path_helper /** @var \phpbb\filesystem */ protected $filesystem; - /** @var \phpbb\request\request */ + /** @var \phpbb\request\request_interface */ protected $request; /** @var \phpbb\config\config */ @@ -181,46 +181,32 @@ class path_helper } /* - * Check AJAX request + * Check AJAX request: + * If the current request is a AJAX we need to fix the paths. + * We need to get the root path based on the Referer, so we can use + * the generated URLs in the template of the Referer. If we do not + * generate the relative path based on the Referer, but based on the + * currently requested URL, the generated URLs will not point to the + * intended locations: + * Referer desired URL desired relative root path + * memberlist.php faq.php ./ + * memberlist.php app.php/foo/bar ./ + * app.php/foo memberlist.php ../ + * app.php/foo app.php/fox ../ + * app.php/foo/bar memberlist.php ../../ + * ../page.php memberlist.php ./phpBB/ + * ../sub/page.php memberlist.php ./../phpBB/ */ - if ($this->request->is_ajax()) + if ($this->request->is_ajax() && $this->request->header('Referer')) { - // Check referer - $referer = strtolower($this->request->header('Referer')); - - // Count chars - $chars = strlen($this->config['server_name'] . $this->config['script_path']) - 1; - - /* - * Return string without server name and script path - * e.g. 'http://localhost/phpBB/app.php', where server name is 'localhost' - * and script path is '/phpBB', will be cut to '/app.php' - */ - $ref = substr(strstr($referer, strtolower($this->config['server_name'] . $this->config['script_path'])), $chars); - - // How many slashes does the referer used? - $count_slashes = substr_count($ref, '/'); - - /* - * If the shorten referer has only 1 slash, - * return default path - */ - if ($count_slashes == 1) - { - return $this->web_root_path = $this->phpbb_root_path; - } - /* - * Otherwise we are on routed page so we must correct the relative path - * for web URLs. We must append ../ to the end of the root path - * as many times as / exists in shorten referer less one time - */ - else - { - return $this->web_root_path = $this->phpbb_root_path . str_repeat('../', $count_slashes - 1); - } + $referer_web_root_path = $this->get_web_root_path_from_ajax_referer( + $this->request->header('Referer'), + $this->symfony_request->getUriForPath('') + ); + return $this->web_root_path = $this->phpbb_root_path . $referer_web_root_path; } - // How many corrections might we need? + // How many corrections might we need? $corrections = substr_count($path_info, '/'); /* @@ -240,6 +226,65 @@ class path_helper return $this->web_root_path; } + /** + * Get the web root path of the referer form an ajax request + * + * @param string $absolute_referer_url + * @param string $absolute_board_url + * @return string + */ + public function get_web_root_path_from_ajax_referer($absolute_referer_url, $absolute_board_url) + { + // If the board URL is in the beginning of the referer, this means + // we the referer is in the board URL or a subdirectory of it. + // So we just need to count the / (slashes) in the left over part of + // the referer and prepend ../ the the current root_path, to get the + // web root path of the referer. + if (strpos($absolute_referer_url, $absolute_board_url) === 0) + { + $relative_referer_path = substr($absolute_referer_url, strlen($absolute_board_url)); + $has_params = strpos($relative_referer_path, '?'); + if ($has_params !== false) + { + $relative_referer_path = substr($relative_referer_path, 0, $has_params); + } + $corrections = substr_count($relative_referer_path, '/'); + return $this->phpbb_root_path . str_repeat('../', $corrections - 1); + } + + // If not, it's a bit more complicated. We go to the parent directory + // of the referer until we find the remaining referer in the board URL. + // Foreach directory we need to add a ../ to the fixed root_path. + // When we finally found it, we need to remove the remaining referer + // from the board URL, to get the boards root path. + // If the then append these two strings, we get our fixed web root path. + $fixed_root_path = ''; + $referer_dir = $absolute_referer_url; + $has_params = strpos($referer_dir, '?'); + if ($has_params !== false) + { + $referer_dir = substr($referer_dir, 0, $has_params); + } + + // If we do not find a slash at the end of the referer, we come + // from a file. So the first dirname() does not need a traversal + // path correction. + if (substr($referer_dir, -1) !== '/') + { + $referer_dir = dirname($referer_dir); + } + + while (strpos($absolute_board_url, $referer_dir) !== 0) + { + $fixed_root_path .= '../'; + $referer_dir = dirname($referer_dir); + } + + $fixed_root_path .= substr($absolute_board_url, strlen($referer_dir) + 1); + // Add trailing slash + return $this->phpbb_root_path . $fixed_root_path . '/'; + } + /** * Eliminates useless . and .. components from specified URL * From b7e1959d56a3334f730e5d0fd4194f5e4d0597a3 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Wed, 7 May 2014 23:22:53 +0200 Subject: [PATCH 3/9] [ticket/12099] Remove config again PHPBB3-12099 --- phpBB/config/services.yml | 1 - phpBB/phpbb/path_helper.php | 10 +++------- tests/avatar/manager_test.php | 1 - tests/controller/helper_route_test.php | 1 - tests/extension/metadata_manager_test.php | 1 - tests/functions/build_url_test.php | 3 ++- tests/path_helper/path_helper_test.php | 2 -- tests/security/redirect_test.php | 1 - tests/template/template_events_test.php | 1 - tests/template/template_test_case.php | 1 - tests/template/template_test_case_with_tree.php | 1 - tests/test_framework/phpbb_session_test_case.php | 1 - 12 files changed, 5 insertions(+), 19 deletions(-) diff --git a/phpBB/config/services.yml b/phpBB/config/services.yml index a7addf510b..fdc8aa5870 100644 --- a/phpBB/config/services.yml +++ b/phpBB/config/services.yml @@ -300,7 +300,6 @@ services: - @symfony_request - @filesystem - @request - - @config - %core.root_path% - %core.php_ext% - %core.adm_relative_path% diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index 8552dbeb3a..ea45393709 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -27,9 +27,6 @@ class path_helper /** @var \phpbb\request\request_interface */ protected $request; - /** @var \phpbb\config\config */ - protected $config; - /** @var string */ protected $phpbb_root_path; @@ -47,17 +44,16 @@ class path_helper * * @param \phpbb\symfony_request $symfony_request * @param \phpbb\filesystem $filesystem - * @param \phpbb\request\request $request - * @param \phpbb\config\config $config + * @param \phpbb\request\request_interface $request * @param string $phpbb_root_path Relative path to phpBB root * @param string $php_ext PHP extension (php) + * @param mixed $adm_relative_path Relative path admin path to adm/ root */ - public function __construct(\phpbb\symfony_request $symfony_request, \phpbb\filesystem $filesystem, \phpbb\request\request $request, \phpbb\config\config $config, $phpbb_root_path, $php_ext, $adm_relative_path = null) + public function __construct(\phpbb\symfony_request $symfony_request, \phpbb\filesystem $filesystem, \phpbb\request\request_interface $request, $phpbb_root_path, $php_ext, $adm_relative_path = null) { $this->symfony_request = $symfony_request; $this->filesystem = $filesystem; $this->request = $request; - $this->config = $config; $this->phpbb_root_path = $phpbb_root_path; $this->php_ext = $php_ext; $this->adm_relative_path = $adm_relative_path; diff --git a/tests/avatar/manager_test.php b/tests/avatar/manager_test.php index 96d3ba1474..de505e2c9f 100644 --- a/tests/avatar/manager_test.php +++ b/tests/avatar/manager_test.php @@ -39,7 +39,6 @@ class phpbb_avatar_manager_test extends \phpbb_test_case ), new \phpbb\filesystem(), $this->getMock('\phpbb\request\request'), - $config, $phpbb_root_path, $phpEx ); diff --git a/tests/controller/helper_route_test.php b/tests/controller/helper_route_test.php index a9e8e46a42..206c3a4f0b 100644 --- a/tests/controller/helper_route_test.php +++ b/tests/controller/helper_route_test.php @@ -27,7 +27,6 @@ class phpbb_controller_helper_route_test extends phpbb_test_case ), new \phpbb\filesystem(), $this->getMock('\phpbb\request\request'), - new \phpbb\config\config(array()), $phpbb_root_path, $phpEx ); diff --git a/tests/extension/metadata_manager_test.php b/tests/extension/metadata_manager_test.php index b7f309b2a9..bf7031454e 100644 --- a/tests/extension/metadata_manager_test.php +++ b/tests/extension/metadata_manager_test.php @@ -51,7 +51,6 @@ class phpbb_extension_metadata_manager_test extends phpbb_database_test_case ), new \phpbb\filesystem(), $this->getMock('\phpbb\request\request'), - new \phpbb\config\config(array()), $this->phpbb_root_path, $this->phpEx ), diff --git a/tests/functions/build_url_test.php b/tests/functions/build_url_test.php index 7a70bddc71..06415a424e 100644 --- a/tests/functions/build_url_test.php +++ b/tests/functions/build_url_test.php @@ -30,10 +30,11 @@ class phpbb_build_url_test extends phpbb_test_case new phpbb_mock_request() ), new \phpbb\filesystem(), + $this->getMock('\phpbb\request\request'), $phpbb_root_path, 'php' ); - $phpbb_container->set('path_helper', $path_helper); + $phpbb_container->set('path_helper', $phpbb_path_helper); } public function build_url_test_data() { diff --git a/tests/path_helper/path_helper_test.php b/tests/path_helper/path_helper_test.php index e7e2ae697f..3990f3abd5 100644 --- a/tests/path_helper/path_helper_test.php +++ b/tests/path_helper/path_helper_test.php @@ -30,7 +30,6 @@ class phpbb_path_helper_test extends phpbb_test_case ), new \phpbb\filesystem(), $this->getMock('\phpbb\request\request'), - new \phpbb\config\config(array()), $this->phpbb_root_path, 'php' ); @@ -161,7 +160,6 @@ class phpbb_path_helper_test extends phpbb_test_case $symfony_request, new \phpbb\filesystem(), $this->getMock('\phpbb\request\request'), - new \phpbb\config\config(array()), $this->phpbb_root_path, 'php' ); diff --git a/tests/security/redirect_test.php b/tests/security/redirect_test.php index 24c42ca8c2..3961c2781e 100644 --- a/tests/security/redirect_test.php +++ b/tests/security/redirect_test.php @@ -64,7 +64,6 @@ class phpbb_security_redirect_test extends phpbb_security_test_base ), new \phpbb\filesystem(), $this->getMock('\phpbb\request\request'), - new \phpbb\config\config(array()), $this->phpbb_root_path, 'php' ); diff --git a/tests/template/template_events_test.php b/tests/template/template_events_test.php index 2c29d42173..c415c969fe 100644 --- a/tests/template/template_events_test.php +++ b/tests/template/template_events_test.php @@ -144,7 +144,6 @@ Zeta test event in all', ), new \phpbb\filesystem(), $this->getMock('\phpbb\request\request'), - new \phpbb\config\config(array()), $phpbb_root_path, $phpEx ); diff --git a/tests/template/template_test_case.php b/tests/template/template_test_case.php index d393027566..83446b5352 100644 --- a/tests/template/template_test_case.php +++ b/tests/template/template_test_case.php @@ -73,7 +73,6 @@ class phpbb_template_template_test_case extends phpbb_test_case ), new \phpbb\filesystem(), $this->getMock('\phpbb\request\request'), - new \phpbb\config\config(array()), $phpbb_root_path, $phpEx ); diff --git a/tests/template/template_test_case_with_tree.php b/tests/template/template_test_case_with_tree.php index c1b22e94e0..68ecc4b706 100644 --- a/tests/template/template_test_case_with_tree.php +++ b/tests/template/template_test_case_with_tree.php @@ -28,7 +28,6 @@ class phpbb_template_template_test_case_with_tree extends phpbb_template_templat ), new \phpbb\filesystem(), $this->getMock('\phpbb\request\request'), - new \phpbb\config\config(array()), $phpbb_root_path, $phpEx ); diff --git a/tests/test_framework/phpbb_session_test_case.php b/tests/test_framework/phpbb_session_test_case.php index 144e05b5fa..d4fc174a12 100644 --- a/tests/test_framework/phpbb_session_test_case.php +++ b/tests/test_framework/phpbb_session_test_case.php @@ -33,7 +33,6 @@ abstract class phpbb_session_test_case extends phpbb_database_test_case $symfony_request, $phpbb_filesystem, $this->getMock('\phpbb\request\request'), - new \phpbb\config\config(array()), $phpbb_root_path, $phpEx ); From 8feb383468cf0dc514a442c3cd03e101b9228799 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Thu, 8 May 2014 11:17:10 +0200 Subject: [PATCH 4/9] [ticket/12099] Add unit tests for get_web_root_path_from_ajax_referer() PHPBB3-12099 --- tests/path_helper/path_helper_test.php | 54 ++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/tests/path_helper/path_helper_test.php b/tests/path_helper/path_helper_test.php index 3990f3abd5..27e94d6a07 100644 --- a/tests/path_helper/path_helper_test.php +++ b/tests/path_helper/path_helper_test.php @@ -340,4 +340,58 @@ class phpbb_path_helper_test extends phpbb_test_case { $this->assertEquals($expected, $this->path_helper->append_url_params($url, $params, $is_amp)); } + + public function get_web_root_path_from_ajax_referer_data() + { + return array( + array( + 'http://www.phpbb.com/community/route1/route2/', + 'http://www.phpbb.com/community', + '../../', + ), + array( + 'http://www.phpbb.com/community/route1/route2', + 'http://www.phpbb.com/community', + '../', + ), + array( + 'http://www.phpbb.com/community/route1', + 'http://www.phpbb.com/community', + '', + ), + array( + 'http://www.phpbb.com/community/', + 'http://www.phpbb.com/community', + '', + ), + array( + 'http://www.phpbb.com/notcommunity/route1/route2/', + 'http://www.phpbb.com/community', + '../../../community/', + ), + array( + 'http://www.phpbb.com/notcommunity/route1/route2', + 'http://www.phpbb.com/community', + '../../community/', + ), + array( + 'http://www.phpbb.com/notcommunity/route1', + 'http://www.phpbb.com/community', + '../community/', + ), + array( + 'http://www.phpbb.com/notcommunity/', + 'http://www.phpbb.com/community', + '../community/', + ), + ); + } + + /** + * @dataProvider get_web_root_path_from_ajax_referer_data + */ + public function test_get_web_root_path_from_ajax_referer($referer_url, $board_url, $expected) + { + $this->assertEquals($this->phpbb_root_path . $expected, $this->path_helper->get_web_root_path_from_ajax_referer($referer_url, $board_url)); + } } From 31099a8efda204d764a1d6677a80ff5f710f4575 Mon Sep 17 00:00:00 2001 From: Tristan Darricau Date: Sun, 29 Jun 2014 21:02:03 +0200 Subject: [PATCH 5/9] [ticket/12787] Use a parameter (_referer) instead of the Referer header PHPBB3-12787 --- phpBB/phpbb/path_helper.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index ea45393709..287d5d9e0a 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -192,11 +192,13 @@ class path_helper * app.php/foo/bar memberlist.php ../../ * ../page.php memberlist.php ./phpBB/ * ../sub/page.php memberlist.php ./../phpBB/ + * + * The referer must be specified as a parameter in the query. */ - if ($this->request->is_ajax() && $this->request->header('Referer')) + if ($this->request->is_ajax() && $this->symfony_request->get('_referer')) { $referer_web_root_path = $this->get_web_root_path_from_ajax_referer( - $this->request->header('Referer'), + $this->symfony_request->get('_referer'), $this->symfony_request->getUriForPath('') ); return $this->web_root_path = $this->phpbb_root_path . $referer_web_root_path; From bc47e719b1c10ba43b7da0062f8236a8d137a159 Mon Sep 17 00:00:00 2001 From: Tristan Darricau Date: Sun, 29 Jun 2014 22:23:32 +0200 Subject: [PATCH 6/9] [ticket/12787] Fix the absolute board url PHPBB3-12787 --- phpBB/phpbb/path_helper.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index 287d5d9e0a..8b2c31b478 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -199,7 +199,7 @@ class path_helper { $referer_web_root_path = $this->get_web_root_path_from_ajax_referer( $this->symfony_request->get('_referer'), - $this->symfony_request->getUriForPath('') + $this->symfony_request->getSchemeAndHttpHost() . $this->symfony_request->getBasePath() ); return $this->web_root_path = $this->phpbb_root_path . $referer_web_root_path; } From 7399f29df8f764ff8096620a8f11afae0decc215 Mon Sep 17 00:00:00 2001 From: Tristan Darricau Date: Sat, 5 Jul 2014 14:01:14 +0200 Subject: [PATCH 7/9] [ticket/12787] Remove one app.php when it's both in $path and $web_root_path PHPBB3-12787 --- phpBB/phpbb/path_helper.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index 8b2c31b478..a8592eac6c 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -104,7 +104,13 @@ class path_helper { $path = substr($path, strlen($this->phpbb_root_path)); - return $this->filesystem->clean_path($this->get_web_root_path() . $path); + $web_root_path = $this->get_web_root_path(); + if (substr($web_root_path, -8) === 'app.php/' && substr($path, 0, 7) === 'app.php') + { + $path = substr($path, 8); + } + + return $this->filesystem->clean_path($web_root_path . $path); } return $path; From 9374d14e275d2ec1317558a7d7ba93ab71a2a4c1 Mon Sep 17 00:00:00 2001 From: Tristan Darricau Date: Tue, 8 Jul 2014 00:04:11 +0200 Subject: [PATCH 8/9] [ticket/12787] Add controller_helper::get_current_url() PHPBB3-12787 --- phpBB/config/services.yml | 1 + phpBB/phpbb/controller/helper.php | 17 ++++++++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/phpBB/config/services.yml b/phpBB/config/services.yml index fdc8aa5870..959d9db01b 100644 --- a/phpBB/config/services.yml +++ b/phpBB/config/services.yml @@ -96,6 +96,7 @@ services: - @config - @controller.provider - @ext.manager + - @symfony_request - %core.root_path% - %core.php_ext% diff --git a/phpBB/phpbb/controller/helper.php b/phpBB/phpbb/controller/helper.php index 930bc42a98..e330fb5b6d 100644 --- a/phpBB/phpbb/controller/helper.php +++ b/phpBB/phpbb/controller/helper.php @@ -40,6 +40,9 @@ class helper */ protected $config; + /* @var \phpbb\symfony_request */ + protected $symfony_request; + /** * phpBB root path * @var string @@ -60,14 +63,16 @@ class helper * @param \phpbb\config\config $config Config object * @param \phpbb\controller\provider $provider Path provider * @param \phpbb\extension\manager $manager Extension manager object + * @param \phpbb\symfony_request $symfony_request Symfony Request object * @param string $phpbb_root_path phpBB root path * @param string $php_ext PHP extension */ - public function __construct(\phpbb\template\template $template, \phpbb\user $user, \phpbb\config\config $config, \phpbb\controller\provider $provider, \phpbb\extension\manager $manager, $phpbb_root_path, $php_ext) + public function __construct(\phpbb\template\template $template, \phpbb\user $user, \phpbb\config\config $config, \phpbb\controller\provider $provider, \phpbb\extension\manager $manager, \phpbb\symfony_request $symfony_request, $phpbb_root_path, $php_ext) { $this->template = $template; $this->user = $user; $this->config = $config; + $this->symfony_request = $symfony_request; $this->phpbb_root_path = $phpbb_root_path; $this->php_ext = $php_ext; $provider->find_routing_files($manager->get_finder()); @@ -151,4 +156,14 @@ class helper return $this->render('message_body.html', $this->user->lang('INFORMATION'), $code); } + + /** + * Return the current url + * + * @return string + */ + public function get_current_url() + { + return generate_board_url(true) . $this->symfony_request->getRequestUri(); + } } From b4d7192b62c98b0738711a7b7647a47129adb902 Mon Sep 17 00:00:00 2001 From: Tristan Darricau Date: Tue, 8 Jul 2014 00:20:33 +0200 Subject: [PATCH 9/9] [ticket/12787] Updates phpbb_mock_controller_helper PHPBB3-12787 --- tests/mock/controller_helper.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/mock/controller_helper.php b/tests/mock/controller_helper.php index 9f70f8e96c..f9d231258e 100644 --- a/tests/mock/controller_helper.php +++ b/tests/mock/controller_helper.php @@ -23,4 +23,9 @@ class phpbb_mock_controller_helper extends \phpbb\controller\helper $provider->find_routing_files($manager->get_finder()); $this->route_collection = $provider->find($phpbb_root_path_ext)->get_routes(); } + + public function get_current_url() + { + return ''; + } }