[ticket/11997] Use get_controller_redirect_url() in redirect() function

This method of path_helper will now be used instead of the previous hack
of the phpbb_own_realpath() function.

PHPBB3-11997

phpBB/includes/functions.php

@@ -2655,6 +2655,8 @@ function redirect($url, $return = false, $disable_cd_check = false)
 {
 	global $db, $cache, $config, $user, $phpbb_root_path, $phpbb_filesystem, $phpbb_path_helper;
 
+	$failover_flag = false;
+
 	if (empty($user->lang))
 	{
 		$user->add_lang('common');
@@ -2668,16 +2670,6 @@ function redirect($url, $return = false, $disable_cd_check = false)
 	// Make sure no &'s are in, this will break the redirect
 	$url = str_replace('&', '&', $url);
 
-	// The url currently uses the web root path.
-	// However as we prepend the full board url later,
-	// we need to remove the relative web root path and
-	// prepend the normal root path again. Otherwise redirects
-	// from inside routes will not work as intended.
-	if ($phpbb_path_helper instanceof \phpbb\path_helper)
-	{
-		$url = $phpbb_path_helper->remove_web_root_path($url);
-	}
-
 	// Determine which type of redirect we need to handle...
 	$url_parts = @parse_url($url);
 
@@ -2704,6 +2696,31 @@ function redirect($url, $return = false, $disable_cd_check = false)
 		// Relative uri
 		$pathinfo = pathinfo($url);
 
+		// Also treat URLs that have a non-existing basename
+		if (!$disable_cd_check && (!file_exists($pathinfo['dirname'] . '/') || !file_exists($pathinfo['basename'])))
+		{
+			$url = str_replace('../', '', $url);
+			$pathinfo = pathinfo($url);
+
+			// Also treat URLs that have a non-existing basename
+			if (!file_exists($pathinfo['dirname'] . '/') || !file_exists($pathinfo['basename']))
+			{
+				// fallback to "last known user page"
+				// at least this way we know the user does not leave the phpBB root
+				if ($phpbb_path_helper instanceof \phpbb\path_helper)
+				{
+					$url = $phpbb_path_helper->get_controller_redirect_url($url);
+				}
+				else
+				{
+					$url = generate_board_url() . '/' . $user->page['page'];
+				}
+				$failover_flag = true;
+			}
+		}
+
+		if (!$failover_flag)
+		{
 			// Is the uri pointing to the current directory?
 			if ($pathinfo['dirname'] == '.')
 			{
@@ -2715,8 +2732,15 @@ function redirect($url, $return = false, $disable_cd_check = false)
 					$url = substr($url, 1);
 				}
 
+				if ($user->page['page_dir'])
+				{
+					$url = generate_board_url() . '/' . $user->page['page_dir'] . '/' . $url;
+				}
+				else
+				{
 					$url = generate_board_url() . '/' . $url;
 				}
+			}
 			else
 			{
 				// Used ./ before, but $phpbb_root_path is working better with urls within another root path
@@ -2752,6 +2776,8 @@ function redirect($url, $return = false, $disable_cd_check = false)
 				$url = (!empty($dir) ? $dir . '/' : '') . $url;
 				$url = generate_board_url() . '/' . $url;
 			}
+			$url = $phpbb_filesystem->clean_path($url);
+		}
 	}
 
 	// Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2
@@ -2769,8 +2795,6 @@ function redirect($url, $return = false, $disable_cd_check = false)
 		trigger_error('INSECURE_REDIRECT', E_USER_ERROR);
 	}
 
-	$url = $phpbb_filesystem->clean_path($url);
-
 	if ($return)
 	{
 		return $url;