Skip to content
Permalink
Browse files

Backport 7eec482 to 2.x

Backport fixes to base path generation that prevent issue when a URL
contains // it can circumvent the base path generation, which results in
unwanted user data in the base/webroot paths. This creates an
opportunity for CSS manipulation in old versions of IE, and newer ones
via iframe inheritance.
  • Loading branch information...
markstory committed Jun 7, 2015
1 parent 0e6fcc0 commit 6d60e6a4db395d7698cd748b3255fb525627ae30
Showing with 20 additions and 0 deletions.
  1. +2 −0 lib/Cake/Network/CakeRequest.php
  2. +18 −0 lib/Cake/Test/Case/Network/CakeRequestTest.php
@@ -293,6 +293,8 @@ protected function _base() {
if (!$baseUrl) {
$base = dirname(env('PHP_SELF'));
// Clean up additional / which cause following code to fail..
$base = preg_replace('#/+#', '/', $base);
$indexPos = strpos($base, '/webroot/index.php');
if ($indexPos !== false) {
@@ -1361,6 +1361,24 @@ public function testBaseUrlWithModRewriteAndIndexPhp() {
$this->assertEquals('/cakephp/bananas/eat/tasty_banana', $request->here);
}
/**
* Test that even if mod_rewrite is on, and the url contains index.php
* and there are numerous //s that the base/webroot is calculated correctly.
*
* @return void
*/
public function testBaseUrlWithModRewriteAndExtraSlashes() {
$_SERVER['REQUEST_URI'] = '/cakephp/webroot///index.php/bananas/eat';
$_SERVER['PHP_SELF'] = '/cakephp/webroot///index.php/bananas/eat';
$_SERVER['PATH_INFO'] = '/bananas/eat';
$request = new CakeRequest();
$this->assertEquals('/cakephp', $request->base);
$this->assertEquals('/cakephp/', $request->webroot);
$this->assertEquals('bananas/eat', $request->url);
$this->assertEquals('/cakephp/bananas/eat', $request->here);
}
/**
* Test base, webroot, and URL parsing when there is no URL rewriting
*

0 comments on commit 6d60e6a

Please sign in to comment.
You can’t perform that action at this time.