[ticket/15351] Makes confirm_works in a router context (app.php)

phpBB/includes/functions.php

@@ -1839,7 +1839,7 @@ function redirect($url, $return = false, $disable_cd_check = false)
 /**
 * Re-Apply session id after page reloads
 */
-function reapply_sid($url)
+function reapply_sid($url, $is_route = false)
 {
 	global $phpEx, $phpbb_root_path;
 
@@ -1861,7 +1861,7 @@ function reapply_sid($url)
 		$url = preg_replace("/$phpEx(&|&)+?/", "$phpEx?", $url);
 	}
 
-	return append_sid($url);
+	return append_sid($url, false, true, false, $is_route);
 }
 
 /**
@@ -2184,7 +2184,7 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo
 
 	// re-add sid / transform & to & for user->page (user->page is always using &)
 	$use_page = ($u_action) ? $u_action : str_replace('&', '&', $user->page['page']);
-	$u_action = reapply_sid($phpbb_path_helper->get_valid_page($use_page, $config['enable_mod_rewrite']));
+	$u_action = reapply_sid($phpbb_path_helper->get_valid_page($use_page, $config['enable_mod_rewrite']), $phpbb_path_helper->is_router_used());
 	$u_action .= ((strpos($u_action, '?') === false) ? '?' : '&') . 'confirm_key=' . $confirm_key;
 
 	$template->assign_vars(array(

phpBB/phpbb/path_helper.php

@@ -496,4 +496,17 @@ public function get_valid_page($page, $mod_rewrite = false)
 
 		return $page;
 	}
+
+	/**
+	 * Tells if the router is currently in use (if the current page is a route or not)
+	 *
+	 * @return bool
+	 */
+	public function is_router_used()
+	{
+		// Script name URI (e.g. phpBB/app.php)
+		$script_name = $this->symfony_request->getScriptName();
+
+		return basename($script_name) === 'app.' . $this->php_ext;
+	}
 }

phpBB/phpbb/session.php

@@ -91,9 +91,18 @@ static function extract_current_page($root_path)
 			$page_name .= str_replace('%2F', '/', urlencode($symfony_request_path));
 		}
 
-		// current directory within the phpBB root (for example: adm)
-		$root_dirs = explode('/', str_replace('\\', '/', $phpbb_filesystem->realpath($root_path)));
-		$page_dirs = explode('/', str_replace('\\', '/', $phpbb_filesystem->realpath('./')));
+		if (substr($root_path, 0, 2) === './' && strpos($root_path, '..') === false)
+		{
+			$root_dirs = explode('/', str_replace('\\', '/', rtrim($root_path, '/')));
+			$page_dirs = explode('/', str_replace('\\', '/', '.'));
+		}
+		else
+		{
+			// current directory within the phpBB root (for example: adm)
+			$root_dirs = explode('/', str_replace('\\', '/', $phpbb_filesystem->realpath($root_path)));
+			$page_dirs = explode('/', str_replace('\\', '/', $phpbb_filesystem->realpath('./')));
+		}
+
 		$intersection = array_intersect_assoc($root_dirs, $page_dirs);
 
 		$root_dirs = array_diff_assoc($root_dirs, $intersection);

tests/session/extract_page_test.php

@@ -136,6 +136,22 @@ static public function extract_current_page_data()
 					'forum' => 0,
 				),
 			),
+			array(
+				'./community',
+				'/app.php',
+				'',
+				'/',
+				'/kb',
+				array(
+					'page_name' => 'app.php/kb',
+					'page_dir' => '..',
+					'query_string' => '',
+					'script_path' => '/',
+					'root_script_path' => '/community/',
+					'page' => '../app.php/kb',
+					'forum' => 0,
+				),
+			),
 		);
 	}