From c630480ca1a426cb0897be35626baac2694fccf5 Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Wed, 17 Oct 2012 15:03:06 -0400 Subject: [PATCH 1/3] [ticket/10848] Redirect from adm to installer correctly. PHPBB3-10848 --- phpBB/common.php | 6 +++- phpBB/includes/functions.php | 30 ++++++++++++++++++++ tests/functions/clean_path_test.php | 44 +++++++++++++++++++++++++++++ 3 files changed, 79 insertions(+), 1 deletion(-) create mode 100644 tests/functions/clean_path_test.php diff --git a/phpBB/common.php b/phpBB/common.php index 491addc5e0..bdb33707cc 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -38,10 +38,14 @@ if (!defined('PHPBB_INSTALLED')) $script_name = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : getenv('REQUEST_URI'); } + // $phpbb_root_path accounts for redirects from e.g. /adm + $script_path = trim(dirname($script_name)) . '/' . $phpbb_root_path . 'install/index.' . $phpEx; // Replace any number of consecutive backslashes and/or slashes with a single slash // (could happen on some proxy setups and/or Windows servers) - $script_path = trim(dirname($script_name)) . '/install/index.' . $phpEx; $script_path = preg_replace('#[\\\\/]{2,}#', '/', $script_path); + // Eliminate . and .. from the path + require($phpbb_root_path . 'includes/functions.' . $phpEx); + $script_path = clean_path($script_path); $url = (($secure) ? 'https://' : 'http://') . $server_name; diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index ca58220619..2391b45038 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1176,6 +1176,36 @@ else } } +/** +* Eliminates useless . and .. components from specified path. +* +* @param string $path Path to clean +* @return string Cleaned path +*/ +function clean_path($path) +{ + $exploded = explode('/', $path); + $filtered = array(); + foreach ($exploded as $part) + { + if ($part === '.' && !empty($filtered)) + { + continue; + } + + if ($part === '..' && !empty($filtered) && $filtered[sizeof($filtered) - 1] !== '..') + { + array_pop($filtered); + } + else + { + $filtered[] = $part; + } + } + $path = implode('/', $filtered); + return $path; +} + if (!function_exists('htmlspecialchars_decode')) { /** diff --git a/tests/functions/clean_path_test.php b/tests/functions/clean_path_test.php new file mode 100644 index 0000000000..4c8fe54909 --- /dev/null +++ b/tests/functions/clean_path_test.php @@ -0,0 +1,44 @@ +assertEquals($expected, $output); + } +} From bb09cd9c8e76ac3af848d09db8ea1928dab66158 Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Wed, 17 Oct 2012 15:13:35 -0400 Subject: [PATCH 2/3] [ticket/10848] Add phpbb_ prefix. PHPBB3-10848 --- phpBB/common.php | 2 +- phpBB/includes/functions.php | 2 +- tests/functions/clean_path_test.php | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/phpBB/common.php b/phpBB/common.php index bdb33707cc..5849d48453 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -45,7 +45,7 @@ if (!defined('PHPBB_INSTALLED')) $script_path = preg_replace('#[\\\\/]{2,}#', '/', $script_path); // Eliminate . and .. from the path require($phpbb_root_path . 'includes/functions.' . $phpEx); - $script_path = clean_path($script_path); + $script_path = phpbb_clean_path($script_path); $url = (($secure) ? 'https://' : 'http://') . $server_name; diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 2391b45038..65d8be32ad 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1182,7 +1182,7 @@ else * @param string $path Path to clean * @return string Cleaned path */ -function clean_path($path) +function phpbb_clean_path($path) { $exploded = explode('/', $path); $filtered = array(); diff --git a/tests/functions/clean_path_test.php b/tests/functions/clean_path_test.php index 4c8fe54909..bcbe9838d9 100644 --- a/tests/functions/clean_path_test.php +++ b/tests/functions/clean_path_test.php @@ -37,7 +37,7 @@ class phpbb_clean_path_test extends phpbb_test_case */ public function test_clean_path($input, $expected) { - $output = clean_path($input); + $output = phpbb_clean_path($input); $this->assertEquals($expected, $output); } From b283df8241c3d8fc5f2684e37d8a0f237df39c4f Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Wed, 17 Oct 2012 22:35:36 -0400 Subject: [PATCH 3/3] [ticket/10848] Move include up. PHPBB3-10848 --- phpBB/common.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/phpBB/common.php b/phpBB/common.php index 5849d48453..31ca746924 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -26,6 +26,8 @@ if (file_exists($phpbb_root_path . 'config.' . $phpEx)) if (!defined('PHPBB_INSTALLED')) { // Redirect the user to the installer + require($phpbb_root_path . 'includes/functions.' . $phpEx); + // We have to generate a full HTTP/1.1 header here since we can't guarantee to have any of the information // available as used by the redirect function $server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME')); @@ -44,7 +46,6 @@ if (!defined('PHPBB_INSTALLED')) // (could happen on some proxy setups and/or Windows servers) $script_path = preg_replace('#[\\\\/]{2,}#', '/', $script_path); // Eliminate . and .. from the path - require($phpbb_root_path . 'includes/functions.' . $phpEx); $script_path = phpbb_clean_path($script_path); $url = (($secure) ? 'https://' : 'http://') . $server_name;