makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/10848] Redirect from adm to installer correctly.

Browse source 
PHPBB3-10848
This commit is contained in:
Oleg Pudeyev 2012-10-17 15:03:06 -04:00
parent f0544c884f
commit c630480ca1
3 changed files with 79 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
phpBB/common.php
View file

@ -38,10 +38,14 @@ if (!defined('PHPBB_INSTALLED'))
$script_name = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : getenv('REQUEST_URI'); $script_name = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : getenv('REQUEST_URI');
} }
// $phpbb_root_path accounts for redirects from e.g. /adm
$script_path = trim(dirname($script_name)) . '/' . $phpbb_root_path . 'install/index.' . $phpEx;
// Replace any number of consecutive backslashes and/or slashes with a single slash // Replace any number of consecutive backslashes and/or slashes with a single slash
// (could happen on some proxy setups and/or Windows servers) // (could happen on some proxy setups and/or Windows servers)
$script_path = trim(dirname($script_name)) . '/install/index.' . $phpEx;
$script_path = preg_replace('#[\\\\/]{2,}#', '/', $script_path); $script_path = preg_replace('#[\\\\/]{2,}#', '/', $script_path);
// Eliminate . and .. from the path
require($phpbb_root_path . 'includes/functions.' . $phpEx);
$script_path = clean_path($script_path);
$url = (($secure) ? 'https://' : 'http://') . $server_name; $url = (($secure) ? 'https://' : 'http://') . $server_name;

30
phpBB/includes/functions.php
View file

@ -1176,6 +1176,36 @@ else
} }
} }
/**
* Eliminates useless . and .. components from specified path.
*
* @param string $path Path to clean
* @return string Cleaned path
*/
function clean_path($path)
{
$exploded = explode('/', $path);
$filtered = array();
foreach ($exploded as $part)
{
if ($part === '.' && !empty($filtered))
{
continue;
}
if ($part === '..' && !empty($filtered) && $filtered[sizeof($filtered) - 1] !== '..')
{
array_pop($filtered);
}
else
{
$filtered[] = $part;
}
}
$path = implode('/', $filtered);
return $path;
}
if (!function_exists('htmlspecialchars_decode')) if (!function_exists('htmlspecialchars_decode'))
{ {
/** /**

44
tests/functions/clean_path_test.php Normal file
View file

@ -0,0 +1,44 @@
<?php
/**
*
* @package testing
* @copyright (c) 2012 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
require_once dirname(__FILE__) . '/../../phpBB/includes/functions.php';
class phpbb_clean_path_test extends phpbb_test_case
{
public function clean_path_test_data()
{
return array(
array('foo', 'foo'),
array('foo/bar', 'foo/bar'),
array('foo/bar/', 'foo/bar/'),
array('foo/./bar', 'foo/bar'),
array('foo/./././bar', 'foo/bar'),
array('foo/bar/.', 'foo/bar'),
array('./foo/bar', './foo/bar'),
array('../foo/bar', '../foo/bar'),
array('one/two/three', 'one/two/three'),
array('one/two/../three', 'one/three'),
array('one/../two/three', 'two/three'),
array('one/two/..', 'one'),
array('one/two/../', 'one/'),
array('one/two/../three/../four', 'one/four'),
array('one/two/three/../../four', 'one/four'),
);
}
/**
* @dataProvider clean_path_test_data
*/
public function test_clean_path($input, $expected)
{
$output = clean_path($input);
$this->assertEquals($expected, $output);
}
}