diff options
| author | Björn Schießle <bjoern@schiessle.org> | 2013-11-26 10:13:58 -0800 |
|---|---|---|
| committer | Björn Schießle <bjoern@schiessle.org> | 2013-11-26 10:13:58 -0800 |
| commit | 1fef97f6a535cd79d0aea600634ec54c5f87bcea (patch) | |
| tree | 858607759cc0db65b7e5b41e77a32064a407ccd6 | |
| parent | e2ca88af5ed5f57f8e4328221280c95973171039 (diff) | |
| parent | 52941341fde072410308ff1e27742095f5d38f21 (diff) | |
| download | nextcloud-server-1fef97f6a535cd79d0aea600634ec54c5f87bcea.tar.gz nextcloud-server-1fef97f6a535cd79d0aea600634ec54c5f87bcea.zip | |
Merge pull request #6060 from owncloud/fix-6050-oc6
fixing getRawPathInfo() once more
| -rwxr-xr-x | lib/private/request.php | 29 | ||||
| -rw-r--r-- | tests/lib/request.php | 11 |
2 files changed, 29 insertions, 11 deletions
diff --git a/lib/private/request.php b/lib/private/request.php index 7a75bf25208..37d918d2032 100755 --- a/lib/private/request.php +++ b/lib/private/request.php @@ -142,17 +142,30 @@ class OC_Request { $requestUri = '/' . ltrim($requestUri, '/'); } + // Remove the query string from REQUEST_URI + if ($pos = strpos($requestUri, '?')) { + $requestUri = substr($requestUri, 0, $pos); + } + $scriptName = $_SERVER['SCRIPT_NAME']; - // in case uri and script name don't match we better throw an exception - if (strpos($requestUri, $scriptName) !== 0) { - throw new Exception("REQUEST_URI($requestUri) does not start with the SCRIPT_NAME($scriptName)"); + $path_info = $requestUri; + + // strip off the script name's dir and file name + list($path, $name) = \Sabre_DAV_URLUtil::splitPath($scriptName); + if (!empty($path)) { + if( $path === $path_info || strpos($path_info, $path.'/') === 0) { + $path_info = substr($path_info, strlen($path)); + } else { + throw new Exception("The requested uri($requestUri) cannot be processed by the script '$scriptName')"); + } } - $path_info = substr($requestUri, strlen($scriptName)); - // Remove the query string from REQUEST_URI - if ($pos = strpos($path_info, '?')) { - $path_info = substr($path_info, 0, $pos); + if (strpos($path_info, '/'.$name) === 0) { + $path_info = substr($path_info, strlen($name) + 1); } - return $path_info; + if (strpos($path_info, $name) === 0) { + $path_info = substr($path_info, strlen($name)); + } + return rtrim($path_info, '/'); } /** diff --git a/tests/lib/request.php b/tests/lib/request.php index a740751f060..090cebc9231 100644 --- a/tests/lib/request.php +++ b/tests/lib/request.php @@ -42,6 +42,13 @@ class Test_Request extends PHPUnit_Framework_TestCase { array('/core/ajax/translations.php', 'index.php/core/ajax/translations.php', 'index.php'), array('/core/ajax/translations.php', '/index.php/core/ajax/translations.php', '/index.php'), array('/core/ajax/translations.php', '//index.php/core/ajax/translations.php', '/index.php'), + array('', '/oc/core', '/oc/core/index.php'), + array('', '/oc/core/', '/oc/core/index.php'), + array('', '/oc/core/index.php', '/oc/core/index.php'), + array('/core/ajax/translations.php', '/core/ajax/translations.php', 'index.php'), + array('/core/ajax/translations.php', '//core/ajax/translations.php', '/index.php'), + array('/core/ajax/translations.php', '/oc/core/ajax/translations.php', '/oc/index.php'), + array('/1', '/oc/core/1', '/oc/core/index.php'), ); } @@ -60,9 +67,7 @@ class Test_Request extends PHPUnit_Framework_TestCase { function rawPathInfoThrowsExceptionProvider() { return array( - array('core/ajax/translations.php', '/index.php'), - array('/core/ajax/translations.php', '/index.php'), - array('//core/ajax/translations.php', '/index.php'), + array('/oc/core1', '/oc/core/index.php'), ); } } |