makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-08 04:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #6588 from marc1706/ticket/17296

Browse source 
[ticket/17296] Reduce complexity of relative paths on adm pages
This commit is contained in:
Marc Alexander 2024-03-19 22:11:46 +01:00
commit ff96c1a907
No known key found for this signature in database
GPG key ID: 50E0D2423696F995
4 changed files with 43 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
phpBB/adm/index.php
View file

@ -61,8 +61,8 @@ $template->set_custom_style(array(
), ),
), $phpbb_admin_path . 'style'); ), $phpbb_admin_path . 'style');
$template->assign_var('T_ASSETS_PATH', $phpbb_root_path . 'assets'); $template->assign_var('T_ASSETS_PATH', $phpbb_path_helper->update_web_root_path($phpbb_root_path . 'assets'));
$template->assign_var('T_TEMPLATE_PATH', $phpbb_admin_path . 'style'); $template->assign_var('T_TEMPLATE_PATH', $phpbb_path_helper->update_web_root_path($phpbb_root_path . 'style'));
// Instantiate new module // Instantiate new module
$module = new p_master(); $module = new p_master();

9
phpBB/phpbb/event/kernel_exception_subscriber.php
View file

@ -90,12 +90,15 @@ class kernel_exception_subscriber implements EventSubscriberInterface
} }
else if (!$this->debug && $exception instanceof NotFoundHttpException) else if (!$this->debug && $exception instanceof NotFoundHttpException)
{ {
// Do not update user session page if it does not exist
$this->user->update_session_page = false;
$message = $this->language->lang('PAGE_NOT_FOUND'); $message = $this->language->lang('PAGE_NOT_FOUND');
} }
// Do not update user session page if it does not exist
if ($exception instanceof NotFoundHttpException)
{
$this->user->update_session_page = false;
}
// Show <strong> text in bold // Show <strong> text in bold
$message = preg_replace('#&lt;(/?strong)&gt;#i', '<$1>', $message); $message = preg_replace('#&lt;(/?strong)&gt;#i', '<$1>', $message);

16
phpBB/phpbb/path_helper.php
View file

@ -39,6 +39,9 @@ class path_helper
/** @var string */ /** @var string */
protected $web_root_path; protected $web_root_path;
/** @var bool Flag whether we're in adm path */
protected $in_adm_path = false;
/** /**
* Constructor * Constructor
* *
@ -117,7 +120,13 @@ class path_helper
$path = substr($path, 8); $path = substr($path, 8);
} }
return $this->filesystem->clean_path($web_root_path . $path); $path = $this->filesystem->clean_path($web_root_path . $path);
// Further clean path if we're in adm
if ($this->in_adm_path && strpos($path, $this->phpbb_root_path . $this->adm_relative_path) === 0)
{
$path = substr($path, strlen($this->phpbb_root_path . $this->adm_relative_path));
}
} }
return $path; return $path;
@ -181,6 +190,11 @@ class path_helper
return $this->web_root_path = $this->filesystem->clean_path('./../' . $this->phpbb_root_path); return $this->web_root_path = $this->filesystem->clean_path('./../' . $this->phpbb_root_path);
} }
if ($path_info === '/' && defined('ADMIN_START') && preg_match('/\/' . preg_quote($this->adm_relative_path, '/') . 'index\.' . $this->php_ext . '$/', $script_name))
{
$this->in_adm_path = true;
}
/* /*
* If the path info is empty (single /), then we're not using * If the path info is empty (single /), then we're not using
* a route like app.php/foo/bar * a route like app.php/foo/bar

40
tests/functional/session_page_update_test.php
View file

@ -17,39 +17,39 @@
class phpbb_functional_session_page_update_test extends phpbb_functional_test_case class phpbb_functional_session_page_update_test extends phpbb_functional_test_case
{ {
protected function test_session_page_update() public function setUp(): void
{ {
parent::setUp();
global $db;
$db = $this->db;
// Delete previous session info for admin user
$sql = 'DELETE FROM ' . SESSIONS_TABLE . ' WHERE session_user_id = 2';
$db->sql_query($sql);
$this->login(); $this->login();
}
public function test_session_page_update()
{
$db = $this->get_db(); $db = $this->get_db();
if (!function_exists('utf_clean_string'))
{
require_once(__DIR__ . '/../../phpBB/includes/utf/utf_tools.php');
}
if (!function_exists('user_get_id_name'))
{
require_once(__DIR__ . '/../../phpBB/includes/functions_user.php');
}
$user_ids = [];
$username = [$this->get_logged_in_user()];
user_get_id_name($user_ids, $username);
$user_id = (int) $user_ids[0];
// Request index page // Request index page
self::request('GET', 'index.php'); self::request('GET', 'index.php');
$this->assertEquals(200, self::$client->getResponse()->getStatus()); $this->assertEquals(200, self::$client->getResponse()->getStatus());
$sql = 'SELECT session_page FROM ' . SESSIONS_TABLE . ' WHERE session_user_id = ' . $user_id . ' ORDER BY session_time DESC'; $sql = 'SELECT session_page FROM ' . SESSIONS_TABLE . ' WHERE session_user_id = 2 ORDER BY session_time DESC';
$db->sql_query_limit($sql, 1); $db->sql_query_limit($sql, 1);
$this->assertEquals('index.php', $db->sql_fetchfield('session_page')); $this->assertEquals('index.php', $db->sql_fetchfield('session_page'), 'Failed asserting that session_page is index.php for admin user');
// Request non-existent url // Request non-existent url
self::request('GET', 'nonexistent.jpg'); self::request('GET', 'nonexistent.jpg', [], false);
$this->assertEquals(404, self::$client->getResponse()->getStatus()); $this->assertEquals(404, self::$client->getResponse()->getStatus(), 'Failed asserting that status of non-existent image is 404');
$db->sql_query_limit($sql, 1); $db->sql_query_limit($sql, 1);
// User page should not be updated to non-existent one // User page should not be updated to non-existent one
$this->assertEquals('index.php', $db->sql_fetchfield('session_page')); $this->assertEquals('index.php', $db->sql_fetchfield('session_page'), 'Failed asserting that session page has not changed after 404');
} }
} }