From fd58e4f338fa9fcbf99199d17d3385f29d361572 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Wed, 9 Oct 2024 20:16:30 +0200 Subject: [PATCH] [ticket/17398] Use referer for web paths in ajax requests PHPBB-17398 --- phpBB/includes/functions.php | 2 +- phpBB/phpbb/path_helper.php | 4 ++-- tests/path_helper/path_helper_test.php | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 40cf689a9f..0627fdc8b3 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -4069,7 +4069,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id = 'U_SEARCH_UNANSWERED' => append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=unanswered'), 'U_SEARCH_UNREAD' => append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=unreadposts'), 'U_SEARCH_ACTIVE_TOPICS'=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=active_topics'), - 'U_DELETE_COOKIES' => $controller_helper->route('phpbb_ucp_delete_cookies_controller', ['_referer' => $controller_helper->get_current_url()]), + 'U_DELETE_COOKIES' => $controller_helper->route('phpbb_ucp_delete_cookies_controller'), 'U_CONTACT_US' => ($config['contact_admin_form_enable'] && $config['email_enable']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contactadmin') : '', 'U_TEAM' => (!$auth->acl_get('u_viewprofile')) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=team'), 'U_TERMS_USE' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=terms'), diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index bcfb738144..5954ec163a 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -223,13 +223,13 @@ class path_helper * * The referer must be specified as a parameter in the query. */ - if ($this->request->is_ajax() && $this->symfony_request->get('_referer')) + if ($this->request->is_ajax() && $this->request->header('Referer')) { // We need to escape $absolute_board_url because it can be partially concatenated to the result. $absolute_board_url = $this->request->escape($this->symfony_request->getSchemeAndHttpHost() . $this->symfony_request->getBasePath(), true); $referer_web_root_path = $this->get_web_root_path_from_ajax_referer( - $this->symfony_request->get('_referer'), + $this->request->header('Referer'), $absolute_board_url ); return $this->web_root_path = $referer_web_root_path; diff --git a/tests/path_helper/path_helper_test.php b/tests/path_helper/path_helper_test.php index 8d010c2f06..16c6719288 100644 --- a/tests/path_helper/path_helper_test.php +++ b/tests/path_helper/path_helper_test.php @@ -470,9 +470,6 @@ class phpbb_path_helper_test extends phpbb_test_case ->setConstructorArgs([new phpbb_mock_request()]) ->setMethods(['get', 'getSchemeAndHttpHost', 'getBasePath', 'getPathInfo']) ->getMock(); - $symfony_request->method('get') - ->with('_referer') - ->willReturn('http://www.phpbb.com/community/route1/route2/'); $symfony_request->method('getSchemeAndHttpHost') ->willReturn('http://www.phpbb.com'); $symfony_request->method('getBasePath') @@ -486,6 +483,9 @@ class phpbb_path_helper_test extends phpbb_test_case ->willReturn(true); $request->method('escape') ->willReturnArgument(0); + $request->method('header') + ->with('Referer') + ->willReturn('http://www.phpbb.com/community/route1/route2/'); $path_helper = new \phpbb\path_helper( $symfony_request,