[ticket/13549] Do not exit when ORIG_PATH_INFO just contains SCRIPT_N…

…AME. The ORIG_PATH_INFO on IIS also contains the script name. Only use that for killing the script after removing the script name from ORIG_PATH_INFO. PHPBB3-13549
phpbb · Jan 28, 2015 · 7495055 · 7495055
1 parent 5ce89ae
commit 7495055
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php
@@ -105,7 +105,7 @@ function deregister_globals()
 function phpbb_has_trailing_path($phpEx)
 {
 	// Check if path_info is being used
-	if (!empty($_SERVER['PATH_INFO']) || !empty($_SERVER['ORIG_PATH_INFO']))
+	if (!empty($_SERVER['PATH_INFO']) || (!empty($_SERVER['ORIG_PATH_INFO']) && $_SERVER['SCRIPT_NAME'] != $_SERVER['ORIG_PATH_INFO']))
 	{
 		return true;
 	}

diff --git a/tests/security/trailing_path_test.php b/tests/security/trailing_path_test.php
@@ -36,19 +36,24 @@ public function data_has_trailing_path()
 			array(true, '', '', '/phpBB/index.php/?foo/a'),
 			array(true, '', '', '/projects/php.bb/phpBB/index.php/?a=5'),
 			array(false, '', '', '/projects/php.bb/phpBB/index.php?/a=5'),
+			array(false, '', '/phpBB/index.php', '/phpBB/index.php', '/phpBB/index.php'),
+			array(true, '', '/phpBB/index.php', '/phpBB/index.php'),
+			array(true, '', '/phpBB/index.php/', '/phpBB/index.php/', '/phpBB/index.php'),
+			array(true, '', '/phpBB/index.php/', '/phpBB/index.php/'),
 		);
 	}
 
 	/**
 	 * @dataProvider data_has_trailing_path
 	 */
-	public function test_has_trailing_path($expected, $path_info, $orig_path_info, $request_uri)
+	public function test_has_trailing_path($expected, $path_info, $orig_path_info, $request_uri, $script_name = '')
 	{
 		global $phpEx;
 
 		$_SERVER['PATH_INFO'] = $path_info;
 		$_SERVER['ORIG_PATH_INFO'] = $orig_path_info;
 		$_SERVER['REQUEST_URI'] = $request_uri;
+		$_SERVER['SCRIPT_NAME'] = $script_name;
 
 		$this->assertSame($expected, phpbb_has_trailing_path($phpEx));
 	}