From c368d170cf09d06ff63249d4405323e6108d90bb Mon Sep 17 00:00:00 2001 From: Tristan Darricau Date: Fri, 8 Sep 2017 10:45:22 +0200 Subject: [PATCH] [ticket/15351] Makes confirm_works in a router context (app.php) PHPBB3-15351 --- phpBB/includes/functions.php | 6 +++--- phpBB/phpbb/path_helper.php | 13 +++++++++++++ phpBB/phpbb/session.php | 15 ++++++++++++--- tests/session/extract_page_test.php | 16 ++++++++++++++++ 4 files changed, 44 insertions(+), 6 deletions(-) diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 6c15c143007..6a36210dcae 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1839,7 +1839,7 @@ function redirect($url, $return = false, $disable_cd_check = false) /** * Re-Apply session id after page reloads */ -function reapply_sid($url) +function reapply_sid($url, $is_route = false) { global $phpEx, $phpbb_root_path; @@ -1861,7 +1861,7 @@ function reapply_sid($url) $url = preg_replace("/$phpEx(&|&)+?/", "$phpEx?", $url); } - return append_sid($url); + return append_sid($url, false, true, false, $is_route); } /** @@ -2184,7 +2184,7 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo // re-add sid / transform & to & for user->page (user->page is always using &) $use_page = ($u_action) ? $u_action : str_replace('&', '&', $user->page['page']); - $u_action = reapply_sid($phpbb_path_helper->get_valid_page($use_page, $config['enable_mod_rewrite'])); + $u_action = reapply_sid($phpbb_path_helper->get_valid_page($use_page, $config['enable_mod_rewrite']), $phpbb_path_helper->is_router_used()); $u_action .= ((strpos($u_action, '?') === false) ? '?' : '&') . 'confirm_key=' . $confirm_key; $template->assign_vars(array( diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index 154361ef649..5b6db35f23b 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -496,4 +496,17 @@ public function get_valid_page($page, $mod_rewrite = false) return $page; } + + /** + * Tells if the router is currently in use (if the current page is a route or not) + * + * @return bool + */ + public function is_router_used() + { + // Script name URI (e.g. phpBB/app.php) + $script_name = $this->symfony_request->getScriptName(); + + return basename($script_name) === 'app.' . $this->php_ext; + } } diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index c5b50c2b076..6b5b8f2625c 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -91,9 +91,18 @@ static function extract_current_page($root_path) $page_name .= str_replace('%2F', '/', urlencode($symfony_request_path)); } - // current directory within the phpBB root (for example: adm) - $root_dirs = explode('/', str_replace('\\', '/', $phpbb_filesystem->realpath($root_path))); - $page_dirs = explode('/', str_replace('\\', '/', $phpbb_filesystem->realpath('./'))); + if (substr($root_path, 0, 2) === './' && strpos($root_path, '..') === false) + { + $root_dirs = explode('/', str_replace('\\', '/', rtrim($root_path, '/'))); + $page_dirs = explode('/', str_replace('\\', '/', '.')); + } + else + { + // current directory within the phpBB root (for example: adm) + $root_dirs = explode('/', str_replace('\\', '/', $phpbb_filesystem->realpath($root_path))); + $page_dirs = explode('/', str_replace('\\', '/', $phpbb_filesystem->realpath('./'))); + } + $intersection = array_intersect_assoc($root_dirs, $page_dirs); $root_dirs = array_diff_assoc($root_dirs, $intersection); diff --git a/tests/session/extract_page_test.php b/tests/session/extract_page_test.php index 88eb7b2c1ab..f8aa3d27a54 100644 --- a/tests/session/extract_page_test.php +++ b/tests/session/extract_page_test.php @@ -136,6 +136,22 @@ static public function extract_current_page_data() 'forum' => 0, ), ), + array( + './community', + '/app.php', + '', + '/', + '/kb', + array( + 'page_name' => 'app.php/kb', + 'page_dir' => '..', + 'query_string' => '', + 'script_path' => '/', + 'root_script_path' => '/community/', + 'page' => '../app.php/kb', + 'forum' => 0, + ), + ), ); }