Skip to content
Permalink
Browse files Browse the repository at this point in the history
Improve detection of script name
In case PHP_SELF was not set by server, we used REQUEST_URI, which might
embed PATH_INFO as well. However we really need to know the path without
it, so let's strip it as well.

Signed-off-by: Michal Čihař <michal@cihar.com>
  • Loading branch information
nijel committed Jun 16, 2016
1 parent 4767f24 commit 27caf5b
Show file tree
Hide file tree
Showing 3 changed files with 94 additions and 9 deletions.
6 changes: 1 addition & 5 deletions libraries/Config.php
Expand Up @@ -1393,11 +1393,7 @@ public function getCookiePath()
return $cookie_path;
}

if (isset($GLOBALS['PMA_PHP_SELF'])) {
$parsed_url = parse_url($GLOBALS['PMA_PHP_SELF']);
} else {
$parsed_url = parse_url(PMA_getenv('REQUEST_URI'));
}
$parsed_url = parse_url($GLOBALS['PMA_PHP_SELF']);

$parts = explode(
'/',
Expand Down
13 changes: 9 additions & 4 deletions libraries/core.lib.php
Expand Up @@ -940,15 +940,20 @@ function PMA_setGlobalDbOrTable($param)
*/
function PMA_cleanupPathInfo()
{
global $PMA_PHP_SELF, $_PATH_INFO;
global $PMA_PHP_SELF;

$PMA_PHP_SELF = PMA_getenv('PHP_SELF');
if (empty($PMA_PHP_SELF)) {
$PMA_PHP_SELF = urldecode(PMA_getenv('REQUEST_URI'));
}
$_PATH_INFO = PMA_getenv('PATH_INFO');
if (! empty($_PATH_INFO) && ! empty($PMA_PHP_SELF)) {
$path_info_pos = mb_strrpos($PMA_PHP_SELF, $_PATH_INFO);
$pathLength = $path_info_pos + mb_strlen($_PATH_INFO);
if ($pathLength === mb_strlen($PMA_PHP_SELF)) {
$PMA_PHP_SELF = mb_substr($PMA_PHP_SELF, 0, $path_info_pos);
if ($path_info_pos !== false) {
$path_info_part = mb_substr($PMA_PHP_SELF, $path_info_pos, mb_strlen($_PATH_INFO));
if ($path_info_part == $_PATH_INFO) {
$PMA_PHP_SELF = mb_substr($PMA_PHP_SELF, 0, $path_info_pos);
}
}
}
$PMA_PHP_SELF = htmlspecialchars($PMA_PHP_SELF);
Expand Down
84 changes: 84 additions & 0 deletions test/libraries/core/PMA_cleanupPathInfo_test.php
@@ -0,0 +1,84 @@
<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
*
* PMA_fatalError() displays the given error message on phpMyAdmin error page in
* foreign language
* and ends script execution and closes session
*
* @package PhpMyAdmin-test
*/




/**
*
* PMA_fatalError() displays the given error message on phpMyAdmin error page in
* foreign language
* and ends script execution and closes session
*
* @package PhpMyAdmin-test
*/
class PMA_CleanupPathInfo_Test extends PHPUnit_Framework_TestCase
{
/**
* Test for PMA_cleanupPathInfo
*
* @param string $php_self The PHP_SELF value
* @param string $request The REQUEST_URI value
* @param string $path_info The PATH_INFO value
* @param string $expected Expected result
*
* @return void
*
* @dataProvider pathsProvider
*/
public function testPahtInfo($php_self, $request, $path_info, $expected)
{
$_SERVER['PHP_SELF'] = $php_self;
$_SERVER['REQUEST_URI'] = $request;
$_SERVER['PATH_INFO'] = $path_info;
PMA_cleanupPathInfo();
$this->assertEquals(
$expected,
$GLOBALS['PMA_PHP_SELF']
);
}

/**
* Data provider for PMA_cleanupPathInfo tests
*
* @return array
*/
public function pathsProvider()
{
return array(
array(
'/phpmyadmin/index.php/; cookieinj=value/',
'/phpmyadmin/index.php/;%20cookieinj=value///',
'/; cookieinj=value/',
'/phpmyadmin/index.php'
),
array(
'',
'/phpmyadmin/index.php/;%20cookieinj=value///',
'/; cookieinj=value/',
'/phpmyadmin/index.php'
),
array(
'/phpmyadmin/index.php',
'/phpmyadmin/index.php',
'',
'/phpmyadmin/index.php'
),
array(
'',
'/phpmyadmin/index.php',
'',
'/phpmyadmin/index.php'
),
);
}
}

0 comments on commit 27caf5b

Please sign in to comment.