From 70ba9dac03049330ee2d83d6e8fe54b76b2fd478 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 22 Oct 2023 20:46:29 +0200 Subject: [PATCH 1/4] [ticket/17201] Do not run dirname() on dir path during install redirect PHPBB3-17201 --- phpBB/common.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/common.php b/phpBB/common.php index 4ce3ba8a640..088be276a58 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -58,7 +58,7 @@ } // $phpbb_root_path accounts for redirects from e.g. /adm - $script_path = trim(dirname($script_name)) . '/' . $phpbb_root_path . 'install/app.' . $phpEx; + $script_path = trim(substr($script_name, -1) !== '/' ? dirname($script_name) : $script_name) . '/' . $phpbb_root_path . 'install/app.' . $phpEx; // Replace any number of consecutive backslashes and/or slashes with a single slash // (could happen on some proxy setups and/or Windows servers) $script_path = preg_replace('#[\\\\/]{2,}#', '/', $script_path); From 607a2c483a5c1e2ca629b4c29707e397ecbe614b Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Mon, 23 Oct 2023 17:26:10 +0200 Subject: [PATCH 2/4] [ticket/17201] Add dot for improved dirname for URI ending in slash PHPBB3-17201 --- phpBB/common.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/phpBB/common.php b/phpBB/common.php index 088be276a58..c682b7aeefd 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -57,8 +57,10 @@ $script_name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF'); } + $script_name = substr($script_name, -1) === '/' ? $script_name . '.' : $script_name; + // $phpbb_root_path accounts for redirects from e.g. /adm - $script_path = trim(substr($script_name, -1) !== '/' ? dirname($script_name) : $script_name) . '/' . $phpbb_root_path . 'install/app.' . $phpEx; + $script_path = trim(dirname($script_name)) . '/' . $phpbb_root_path . 'install/app.' . $phpEx; // Replace any number of consecutive backslashes and/or slashes with a single slash // (could happen on some proxy setups and/or Windows servers) $script_path = preg_replace('#[\\\\/]{2,}#', '/', $script_path); From 593c4b875c84c98b55ccc4ab68789cd0becb560d Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Mon, 23 Oct 2023 21:10:53 +0200 Subject: [PATCH 3/4] [ticket/17201] Split off logic into function and add tests PHPBB3-17201 --- phpBB/common.php | 16 +---- phpBB/includes/functions.php | 24 +++++++ .../phpbb_get_install_redirect_test.php | 68 +++++++++++++++++++ 3 files changed, 94 insertions(+), 14 deletions(-) create mode 100644 tests/functions/phpbb_get_install_redirect_test.php diff --git a/phpBB/common.php b/phpBB/common.php index c682b7aeefd..616be921181 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -51,22 +51,10 @@ $server_port = 443; } - $script_name = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : getenv('REQUEST_URI'); - if (!$script_name) - { - $script_name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF'); - } - - $script_name = substr($script_name, -1) === '/' ? $script_name . '.' : $script_name; - - // $phpbb_root_path accounts for redirects from e.g. /adm - $script_path = trim(dirname($script_name)) . '/' . $phpbb_root_path . 'install/app.' . $phpEx; - // Replace any number of consecutive backslashes and/or slashes with a single slash - // (could happen on some proxy setups and/or Windows servers) - $script_path = preg_replace('#[\\\\/]{2,}#', '/', $script_path); + $script_path = phpbb_get_install_redirect($phpbb_root_path, $phpEx); // Eliminate . and .. from the path - require($phpbb_root_path . 'phpbb/filesystem.' . $phpEx); + require($phpbb_root_path . 'phpbb/filesystem/filesystem.' . $phpEx); $phpbb_filesystem = new phpbb\filesystem\filesystem(); $script_path = $phpbb_filesystem->clean_path($script_path); diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 7353fa2132e..c5bab68d3c0 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1814,6 +1814,30 @@ function redirect($url, $return = false, $disable_cd_check = false) exit; } +/** + * Returns the install redirect path for phpBB. + * + * @param string $phpbb_root_path The root path of the phpBB installation. + * @param string $phpEx The file extension of php files, e.g., "php". + * @return string The install redirect path. + */ +function phpbb_get_install_redirect(string $phpbb_root_path, string $phpEx): string +{ + $script_name = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : getenv('REQUEST_URI'); + if (!$script_name) + { + $script_name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF'); + } + + $script_name = substr($script_name, -1) === '/' ? $script_name . '.' : $script_name; + + // $phpbb_root_path accounts for redirects from e.g. /adm + $script_path = trim(dirname($script_name)) . '/' . $phpbb_root_path . 'install/app.' . $phpEx; + // Replace any number of consecutive backslashes and/or slashes with a single slash + // (could happen on some proxy setups and/or Windows servers) + return preg_replace('#[\\\\/]{2,}#', '/', $script_path); +} + /** * Re-Apply session id after page reloads */ diff --git a/tests/functions/phpbb_get_install_redirect_test.php b/tests/functions/phpbb_get_install_redirect_test.php new file mode 100644 index 00000000000..22b9ade5895 --- /dev/null +++ b/tests/functions/phpbb_get_install_redirect_test.php @@ -0,0 +1,68 @@ + + * @license GNU General Public License, version 2 (GPL-2.0) + * + * For full copyright and license information, please see + * the docs/CREDITS.txt file. + * + */ + +class phpbb_get_install_redirect_test extends phpbb_test_case +{ + public function data_redirect(): array + { + return [ + [ + ['REQUEST_URI' => '/foo/bar/'], + '/foo/bar/install/app.php', + ], + [ + ['REQUEST_URI' => '/foo/bar/index.php'], + '/foo/bar/install/app.php', + ], + [ + ['REQUEST_URI' => '/foo/bar'], + '/foo/install/app.php', + ], + [ + ['REQUEST_URI' => '/foo/'], + '/foo/install/app.php', + ], + [ + ['REQUEST_URI' => '/foo/index.php'], + '/foo/install/app.php', + ], + [ + [ + 'REQUEST_URI' => '/foo/bar/', + 'PHP_SELF' => '/foo/bar/index.php' + ], + '/foo/bar/install/app.php', + ], + [ + [ + 'REQUEST_URI' => '', + 'PHP_SELF' => '/foo/bar/index.php' + ], + '/foo/bar/install/app.php', + ], + ]; + } + + /** + * @backupGlobals enabled + * @dataProvider data_redirect + */ + public function test_install_redirect($server_vars, $expected) + { + $phpbb_root_path = '/'; + $phpEx = 'php'; + + $_SERVER = array_merge($_SERVER, $server_vars); + $this->assertEquals($expected, phpbb_get_install_redirect($phpbb_root_path, $phpEx)); + } +} From 58fc9e042a9eac604a549a6d19bbf4e19bf1b5c9 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 29 Oct 2023 16:54:07 +0100 Subject: [PATCH 4/4] [ticket/17201] Add comment on need to add dot to script_name PHPBB3-17201 --- phpBB/includes/functions.php | 1 + 1 file changed, 1 insertion(+) diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index c5bab68d3c0..17b3eda34e4 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1829,6 +1829,7 @@ function phpbb_get_install_redirect(string $phpbb_root_path, string $phpEx): str $script_name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF'); } + // Add trailing dot to prevent dirname() from returning parent directory if $script_name is a directory $script_name = substr($script_name, -1) === '/' ? $script_name . '.' : $script_name; // $phpbb_root_path accounts for redirects from e.g. /adm