fixes #6050

diff --git a/lib/request.php b/lib/request.php
index 770ccd5bdb24eba414feb653c73bcbd8fd575567..dc8e3e61be35e0140af8bf44bad43a7977ea6cbf 100755 (executable)
--- a/lib/request.php
+++ b/lib/request.php
@@ -141,17 +141,30 @@ class OC_Request {
                        $requestUri = '/' . ltrim($requestUri, '/');
                }
 
+               // Remove the query string from REQUEST_URI
+               if ($pos = strpos($requestUri, '?')) {
+                       $requestUri = substr($requestUri, 0, $pos);
+               }
+
                $scriptName = $_SERVER['SCRIPT_NAME'];
-               // in case uri and script name don't match we better throw an exception
-               if (strpos($requestUri, $scriptName) !== 0) {
-                       throw new Exception("REQUEST_URI($requestUri) does not start with the SCRIPT_NAME($scriptName)");
+               $path_info = $requestUri;
+
+               // strip off the script name's dir and file name
+               list($path, $name) = \Sabre_DAV_URLUtil::splitPath($scriptName);
+               if (!empty($path)) {
+                       if( $path === $path_info || strpos($path_info, $path.'/') === 0) {
+                               $path_info = substr($path_info, strlen($path));
+                       } else {
+                               throw new Exception("The requested uri($requestUri) cannot be processed by the script '$scriptName')");
+                       }
                }
-               $path_info = substr($requestUri, strlen($scriptName));
-               // Remove the query string from REQUEST_URI
-               if ($pos = strpos($path_info, '?')) {
-                       $path_info = substr($path_info, 0, $pos);
+               if (strpos($path_info, '/'.$name.'/') === 0) {
+                       $path_info = substr($path_info, strlen($name) + 1);
                }
-               return $path_info;
+               if (strpos($path_info, $name) === 0) {
+                       $path_info = substr($path_info, strlen($name));
+               }
+               return rtrim($path_info, '/');
        }
 
        /**

diff --git a/tests/lib/request.php b/tests/lib/request.php
index a740751f060df22f4191a13d4b735eea0e496319..090cebc923146449ca22d78e3f4bf05d7d32ef0b 100644 (file)
--- a/tests/lib/request.php
+++ b/tests/lib/request.php
@@ -42,6 +42,13 @@ class Test_Request extends PHPUnit_Framework_TestCase {
                        array('/core/ajax/translations.php', 'index.php/core/ajax/translations.php', 'index.php'),
                        array('/core/ajax/translations.php', '/index.php/core/ajax/translations.php', '/index.php'),
                        array('/core/ajax/translations.php', '//index.php/core/ajax/translations.php', '/index.php'),
+                       array('', '/oc/core', '/oc/core/index.php'),
+                       array('', '/oc/core/', '/oc/core/index.php'),
+                       array('', '/oc/core/index.php', '/oc/core/index.php'),
+                       array('/core/ajax/translations.php', '/core/ajax/translations.php', 'index.php'),
+                       array('/core/ajax/translations.php', '//core/ajax/translations.php', '/index.php'),
+                       array('/core/ajax/translations.php', '/oc/core/ajax/translations.php', '/oc/index.php'),
+                       array('/1', '/oc/core/1', '/oc/core/index.php'),
                );
        }
 
@@ -60,9 +67,7 @@ class Test_Request extends PHPUnit_Framework_TestCase {
 
        function rawPathInfoThrowsExceptionProvider() {
                return array(
-                       array('core/ajax/translations.php', '/index.php'),
-                       array('/core/ajax/translations.php', '/index.php'),
-                       array('//core/ajax/translations.php', '/index.php'),
+                       array('/oc/core1', '/oc/core/index.php'),
                );
        }
 }