makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-08 04:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge remote-tracking branch 'nickvergessen/ticket/12099' into develop-ascraeus

Browse source 
* nickvergessen/ticket/12099:
  [ticket/12099] Fix correction in path_helper test
  [ticket/12099] Prepend ./ to path to fix assets
  [ticket/12099] Deduplicate path generation
  [ticket/12099] Fix clean_path() ".." stripping when previous directory was "."
  [ticket/12099] Break clean_path tests with a simple test
  [ticket/12099] Clean paths in tests
  [ticket/12099] Correctly fix go back to root before prepending the root path
  [ticket/12099] Clean some paths before using them
  [ticket/12099] Fix several issues in path_helper test
This commit is contained in:
Marc Alexander 2014-06-26 15:07:05 +02:00
commit 9b27d00d5f
4 changed files with 38 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
phpBB/phpbb/filesystem.php
View file

@ -35,7 +35,7 @@ class filesystem
continue; continue;
} }
if ($part === '..' && !empty($filtered) && $filtered[sizeof($filtered) - 1] !== '..') if ($part === '..' && !empty($filtered) && $filtered[sizeof($filtered) - 1] !== '.' && $filtered[sizeof($filtered) - 1] !== '..')
{ {
array_pop($filtered); array_pop($filtered);
} }

31
phpBB/phpbb/path_helper.php
View file

@ -98,7 +98,7 @@ class path_helper
{ {
$path = substr($path, strlen($this->phpbb_root_path)); $path = substr($path, strlen($this->phpbb_root_path));
return $this->get_web_root_path() . $path; return $this->filesystem->clean_path($this->get_web_root_path() . $path);
} }
return $path; return $path;
@ -158,7 +158,7 @@ class path_helper
*/ */
if ($path_info === '/' && preg_match('/app\.' . $this->php_ext . '\/$/', $request_uri)) if ($path_info === '/' && preg_match('/app\.' . $this->php_ext . '\/$/', $request_uri))
{ {
return $this->web_root_path = $this->phpbb_root_path . '../'; return $this->web_root_path = $this->filesystem->clean_path('./../' . $this->phpbb_root_path);
} }
/* /*
@ -174,27 +174,20 @@ class path_helper
$corrections = substr_count($path_info, '/'); $corrections = substr_count($path_info, '/');
/* /*
* If the script name (e.g. phpBB/app.php) exists in the * If the script name (e.g. phpBB/app.php) does not exists in the
* requestUri (e.g. phpBB/app.php/foo/template), then we * requestUri (e.g. phpBB/app.php/foo/template), then we are rewriting
* are have a non-rewritten URL. * the URL. So we must reduce the slash count by 1.
*/ */
if (strpos($request_uri, $script_name) === 0) if (strpos($request_uri, $script_name) !== 0)
{ {
/* $corrections--;
* Append ../ to the end of the phpbb_root_path as many times
* as / exists in path_info
*/
return $this->web_root_path = $this->phpbb_root_path . str_repeat('../', $corrections);
} }
/* // Prepend ../ to the phpbb_root_path as many times as / exists in path_info
* If we're here it means we're at a re-written path, so we must $this->web_root_path = $this->filesystem->clean_path(
* correct the relative path for web URLs. We must append ../ './' . str_repeat('../', $corrections) . $this->phpbb_root_path
* to the end of the root path as many times as / exists in path_info );
* less one time (because the script, e.g. /app.php, doesn't exist in return $this->web_root_path;
* the URL)
*/
return $this->web_root_path = $this->phpbb_root_path . str_repeat('../', $corrections - 1);
} }
/** /**

2
tests/filesystem/clean_path_test.php
View file

@ -32,6 +32,8 @@ class phpbb_filesystem_clean_path_test extends phpbb_test_case
array('foo/bar/.', 'foo/bar'), array('foo/bar/.', 'foo/bar'),
array('./foo/bar', './foo/bar'), array('./foo/bar', './foo/bar'),
array('../foo/bar', '../foo/bar'), array('../foo/bar', '../foo/bar'),
array('./../foo/bar', './../foo/bar'),
array('././../foo/bar', './../foo/bar'),
array('one/two/three', 'one/two/three'), array('one/two/three', 'one/two/three'),
array('one/two/../three', 'one/three'), array('one/two/../three', 'one/three'),
array('one/../two/three', 'two/three'), array('one/../two/three', 'two/three'),

39
tests/path_helper/path_helper_test.php
View file

@ -13,6 +13,7 @@
class phpbb_path_helper_test extends phpbb_test_case class phpbb_path_helper_test extends phpbb_test_case
{ {
/** @var \phpbb\path_helper */
protected $path_helper; protected $path_helper;
protected $phpbb_root_path = ''; protected $phpbb_root_path = '';
@ -20,7 +21,8 @@ class phpbb_path_helper_test extends phpbb_test_case
{ {
parent::setUp(); parent::setUp();
$this->set_phpbb_root_path(); $filesystem = new \phpbb\filesystem();
$this->set_phpbb_root_path($filesystem);
$this->path_helper = new \phpbb\path_helper( $this->path_helper = new \phpbb\path_helper(
new \phpbb\symfony_request( new \phpbb\symfony_request(
@ -40,9 +42,9 @@ class phpbb_path_helper_test extends phpbb_test_case
* any time we wish to use it in one of these functions (and * any time we wish to use it in one of these functions (and
* also in general for everything else) * also in general for everything else)
*/ */
public function set_phpbb_root_path() public function set_phpbb_root_path($filesystem)
{ {
$this->phpbb_root_path = dirname(__FILE__) . './../../phpBB/'; $this->phpbb_root_path = $filesystem->clean_path(dirname(__FILE__) . '/../../phpBB/');
} }
public function test_get_web_root_path() public function test_get_web_root_path()
@ -53,7 +55,8 @@ class phpbb_path_helper_test extends phpbb_test_case
public function basic_update_web_root_path_data() public function basic_update_web_root_path_data()
{ {
$this->set_phpbb_root_path(); $filesystem = new \phpbb\filesystem();
$this->set_phpbb_root_path($filesystem);
return array( return array(
array( array(
@ -71,7 +74,7 @@ class phpbb_path_helper_test extends phpbb_test_case
), ),
array( array(
$this->phpbb_root_path . $this->phpbb_root_path . 'test.php', $this->phpbb_root_path . $this->phpbb_root_path . 'test.php',
$this->phpbb_root_path . $this->phpbb_root_path . 'test.php', $filesystem->clean_path($this->phpbb_root_path . $this->phpbb_root_path . 'test.php'),
), ),
); );
} }
@ -81,51 +84,55 @@ class phpbb_path_helper_test extends phpbb_test_case
*/ */
public function test_basic_update_web_root_path($input, $expected) public function test_basic_update_web_root_path($input, $expected)
{ {
$this->assertEquals($expected, $this->path_helper->update_web_root_path($input, $symfony_request)); $this->assertEquals($expected, $this->path_helper->update_web_root_path($input));
} }
public function update_web_root_path_data() public function update_web_root_path_data()
{ {
$this->set_phpbb_root_path(); $this->set_phpbb_root_path(new \phpbb\filesystem());
return array( return array(
array( array(
$this->phpbb_root_path . 'test.php',
$this->phpbb_root_path . 'test.php', $this->phpbb_root_path . 'test.php',
'/', '/',
null,
null,
'',
), ),
array( array(
$this->phpbb_root_path . 'test.php', $this->phpbb_root_path . 'test.php',
$this->phpbb_root_path . '../test.php',
'//', '//',
null,
null,
'./../',
), ),
array( array(
$this->phpbb_root_path . 'test.php', $this->phpbb_root_path . 'test.php',
$this->phpbb_root_path . '../test.php',
'//', '//',
'foo/bar.php', 'foo/bar.php',
'bar.php', 'bar.php',
'./../',
), ),
array( array(
$this->phpbb_root_path . 'test.php', $this->phpbb_root_path . 'test.php',
$this->phpbb_root_path . '../../test.php',
'/foo/template', '/foo/template',
'/phpbb3-fork/phpBB/app.php/foo/template', '/phpbb3-fork/phpBB/app.php/foo/template',
'/phpbb3-fork/phpBB/app.php', '/phpbb3-fork/phpBB/app.php',
'./../../',
), ),
array( array(
$this->phpbb_root_path . 'test.php', $this->phpbb_root_path . 'test.php',
$this->phpbb_root_path . '../test.php',
'/foo/template', '/foo/template',
'/phpbb3-fork/phpBB/foo/template', '/phpbb3-fork/phpBB/foo/template',
'/phpbb3-fork/phpBB/app.php', '/phpbb3-fork/phpBB/app.php',
'./../',
), ),
array( array(
$this->phpbb_root_path . 'test.php', $this->phpbb_root_path . 'test.php',
$this->phpbb_root_path . '../test.php',
'/', '/',
'/phpbb3-fork/phpBB/app.php/', '/phpbb3-fork/phpBB/app.php/',
'/phpbb3-fork/phpBB/app.php', '/phpbb3-fork/phpBB/app.php',
'./../',
), ),
); );
} }
@ -133,9 +140,9 @@ class phpbb_path_helper_test extends phpbb_test_case
/** /**
* @dataProvider update_web_root_path_data * @dataProvider update_web_root_path_data
*/ */
public function test_update_web_root_path($input, $expected, $getPathInfo, $getRequestUri = null, $getScriptName = null) public function test_update_web_root_path($input, $getPathInfo, $getRequestUri, $getScriptName, $correction)
{ {
$symfony_request = $this->getMock("\phpbb\symfony_request", array(), array( $symfony_request = $this->getMock('\phpbb\symfony_request', array(), array(
new phpbb_mock_request(), new phpbb_mock_request(),
)); ));
$symfony_request->expects($this->any()) $symfony_request->expects($this->any())
@ -155,7 +162,7 @@ class phpbb_path_helper_test extends phpbb_test_case
'php' 'php'
); );
$this->assertEquals($expected, $path_helper->update_web_root_path($input, $symfony_request)); $this->assertEquals($correction . $input, $path_helper->update_web_root_path($input, $symfony_request));
} }
public function clean_url_data() public function clean_url_data()