Permalink
Browse files

Preparation for new file.php, new function get_file_argument() SC#5

  • Loading branch information...
skodak
skodak committed Nov 30, 2004
1 parent d5c9d4b commit 53eddb7b6e8036d71b8755f548a39483ff585ad5
Showing with 43 additions and 0 deletions.
  1. +43 −0 lib/weblib.php
View
@@ -529,6 +529,49 @@ function validate_email ($address) {
$address));
}
+function get_file_argument($scriptname) {
+/// returns file argument
+ global $_SERVER;
+
+ $relativepath = FALSE;
+
+ // first try normal parameter (compatible method == no relative links!)
+ $relativepath = optional_param('file', FALSE, PARAM_PATH);
+
+ // then try extract file from PATH_INFO (slasharguments method)
+ if (!$relativepath and !empty($_SERVER['PATH_INFO'])) {
+ $path_info = $_SERVER['PATH_INFO'];
+ // check that PATH_INFO works == must not contain the script name
+ if (!strpos($path_info, $scriptname)) {
+ $relativepath = clean_param(rawurldecode($path_info), PARAM_PATH);
+ if ($relativepath === '/test') {
+ print_header();
+ notice ('Slasharguments work - using PATH_INFO parameter :-D');
+ print_footer();
+ die;
+ }
+ }
+ }
+
+ // now if both fail try the old way
+ // (for compatibility with misconfigured or older buggy php implementations)
+ if (!$relativepath) {
+ $arr = explode($scriptname, me());
+ if (!empty($arr[1])) {
+ $path_info = strip_querystring($arr[1]);
+ $relativepath = clean_param(rawurldecode($path_info), PARAM_PATH);
+ if ($relativepath === '/test') {
+ print_header();
+ notice ('Slasharguments work - using compatibility hack :-|');
+ print_footer();
+ die;
+ }
+ }
+ }
+
+ return $relativepath;
+}
+
function detect_munged_arguments($string, $allowdots=1) {
if (substr_count($string, '..') > $allowdots) { // Sometimes we allow dots in references
return true;

0 comments on commit 53eddb7

Please sign in to comment.