summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xlib/request.php32
-rw-r--r--tests/lib/request.php73
2 files changed, 101 insertions, 4 deletions
diff --git a/lib/request.php b/lib/request.php
index df33217f95d..1e19fd72eb0 100755
--- a/lib/request.php
+++ b/lib/request.php
@@ -135,12 +135,36 @@ class OC_Request {
* @returns string Path info or false when not found
*/
public static function getRawPathInfo() {
- $path_info = substr($_SERVER['REQUEST_URI'], strlen($_SERVER['SCRIPT_NAME']));
+ $requestUri = $_SERVER['REQUEST_URI'];
+ // remove too many leading slashes - can be caused by reverse proxy configuration
+ if (strpos($requestUri, '/') === 0) {
+ $requestUri = '/' . ltrim($requestUri, '/');
+ }
+
// Remove the query string from REQUEST_URI
- if ($pos = strpos($path_info, '?')) {
- $path_info = substr($path_info, 0, $pos);
+ if ($pos = strpos($requestUri, '?')) {
+ $requestUri = substr($requestUri, 0, $pos);
}
- return $path_info;
+
+ $scriptName = $_SERVER['SCRIPT_NAME'];
+ $path_info = $requestUri;
+
+ // strip off the script name's dir and file name
+ list($path, $name) = \Sabre_DAV_URLUtil::splitPath($scriptName);
+ if (!empty($path)) {
+ if( $path === $path_info || strpos($path_info, $path.'/') === 0) {
+ $path_info = substr($path_info, strlen($path));
+ } else {
+ throw new Exception("The requested uri($requestUri) cannot be processed by the script '$scriptName')");
+ }
+ }
+ if (strpos($path_info, '/'.$name) === 0) {
+ $path_info = substr($path_info, strlen($name) + 1);
+ }
+ if (strpos($path_info, $name) === 0) {
+ $path_info = substr($path_info, strlen($name));
+ }
+ return rtrim($path_info, '/');
}
/**
diff --git a/tests/lib/request.php b/tests/lib/request.php
new file mode 100644
index 00000000000..090cebc9231
--- /dev/null
+++ b/tests/lib/request.php
@@ -0,0 +1,73 @@
+<?php
+/**
+ * Copyright (c) 2013 Thomas Müller <thomas.mueller@tmit.eu>
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file.
+ */
+
+class Test_Request extends PHPUnit_Framework_TestCase {
+
+ public function setUp() {
+ OC_Config::setValue('overwritewebroot', '/domain.tld/ownCloud');
+ }
+
+ public function tearDown() {
+ OC_Config::setValue('overwritewebroot', '');
+ }
+
+ public function testScriptNameOverWrite() {
+ $_SERVER['REMOTE_ADDR'] = '10.0.0.1';
+ $_SERVER["SCRIPT_FILENAME"] = __FILE__;
+
+ $scriptName = OC_Request::scriptName();
+ $this->assertEquals('/domain.tld/ownCloud/tests/lib/request.php', $scriptName);
+ }
+
+ /**
+ * @dataProvider rawPathInfoProvider
+ * @param $expected
+ * @param $requestUri
+ * @param $scriptName
+ */
+ public function testRawPathInfo($expected, $requestUri, $scriptName) {
+ $_SERVER['REQUEST_URI'] = $requestUri;
+ $_SERVER['SCRIPT_NAME'] = $scriptName;
+ $rawPathInfo = OC_Request::getRawPathInfo();
+ $this->assertEquals($expected, $rawPathInfo);
+ }
+
+ function rawPathInfoProvider() {
+ return array(
+ array('/core/ajax/translations.php', 'index.php/core/ajax/translations.php', 'index.php'),
+ array('/core/ajax/translations.php', '/index.php/core/ajax/translations.php', '/index.php'),
+ array('/core/ajax/translations.php', '//index.php/core/ajax/translations.php', '/index.php'),
+ array('', '/oc/core', '/oc/core/index.php'),
+ array('', '/oc/core/', '/oc/core/index.php'),
+ array('', '/oc/core/index.php', '/oc/core/index.php'),
+ array('/core/ajax/translations.php', '/core/ajax/translations.php', 'index.php'),
+ array('/core/ajax/translations.php', '//core/ajax/translations.php', '/index.php'),
+ array('/core/ajax/translations.php', '/oc/core/ajax/translations.php', '/oc/index.php'),
+ array('/1', '/oc/core/1', '/oc/core/index.php'),
+ );
+ }
+
+ /**
+ * @dataProvider rawPathInfoThrowsExceptionProvider
+ * @expectedException Exception
+ *
+ * @param $requestUri
+ * @param $scriptName
+ */
+ public function testRawPathInfoThrowsException($requestUri, $scriptName) {
+ $_SERVER['REQUEST_URI'] = $requestUri;
+ $_SERVER['SCRIPT_NAME'] = $scriptName;
+ OC_Request::getRawPathInfo();
+ }
+
+ function rawPathInfoThrowsExceptionProvider() {
+ return array(
+ array('/oc/core1', '/oc/core/index.php'),
+ );
+ }
+}