diff options
-rwxr-xr-x | lib/request.php | 32 | ||||
-rw-r--r-- | tests/lib/request.php | 73 |
2 files changed, 101 insertions, 4 deletions
diff --git a/lib/request.php b/lib/request.php index df33217f95d..1e19fd72eb0 100755 --- a/lib/request.php +++ b/lib/request.php @@ -135,12 +135,36 @@ class OC_Request { * @returns string Path info or false when not found */ public static function getRawPathInfo() { - $path_info = substr($_SERVER['REQUEST_URI'], strlen($_SERVER['SCRIPT_NAME'])); + $requestUri = $_SERVER['REQUEST_URI']; + // remove too many leading slashes - can be caused by reverse proxy configuration + if (strpos($requestUri, '/') === 0) { + $requestUri = '/' . ltrim($requestUri, '/'); + } + // Remove the query string from REQUEST_URI - if ($pos = strpos($path_info, '?')) { - $path_info = substr($path_info, 0, $pos); + if ($pos = strpos($requestUri, '?')) { + $requestUri = substr($requestUri, 0, $pos); } - return $path_info; + + $scriptName = $_SERVER['SCRIPT_NAME']; + $path_info = $requestUri; + + // strip off the script name's dir and file name + list($path, $name) = \Sabre_DAV_URLUtil::splitPath($scriptName); + if (!empty($path)) { + if( $path === $path_info || strpos($path_info, $path.'/') === 0) { + $path_info = substr($path_info, strlen($path)); + } else { + throw new Exception("The requested uri($requestUri) cannot be processed by the script '$scriptName')"); + } + } + if (strpos($path_info, '/'.$name) === 0) { + $path_info = substr($path_info, strlen($name) + 1); + } + if (strpos($path_info, $name) === 0) { + $path_info = substr($path_info, strlen($name)); + } + return rtrim($path_info, '/'); } /** diff --git a/tests/lib/request.php b/tests/lib/request.php new file mode 100644 index 00000000000..090cebc9231 --- /dev/null +++ b/tests/lib/request.php @@ -0,0 +1,73 @@ +<?php +/** + * Copyright (c) 2013 Thomas Müller <thomas.mueller@tmit.eu> + * This file is licensed under the Affero General Public License version 3 or + * later. + * See the COPYING-README file. + */ + +class Test_Request extends PHPUnit_Framework_TestCase { + + public function setUp() { + OC_Config::setValue('overwritewebroot', '/domain.tld/ownCloud'); + } + + public function tearDown() { + OC_Config::setValue('overwritewebroot', ''); + } + + public function testScriptNameOverWrite() { + $_SERVER['REMOTE_ADDR'] = '10.0.0.1'; + $_SERVER["SCRIPT_FILENAME"] = __FILE__; + + $scriptName = OC_Request::scriptName(); + $this->assertEquals('/domain.tld/ownCloud/tests/lib/request.php', $scriptName); + } + + /** + * @dataProvider rawPathInfoProvider + * @param $expected + * @param $requestUri + * @param $scriptName + */ + public function testRawPathInfo($expected, $requestUri, $scriptName) { + $_SERVER['REQUEST_URI'] = $requestUri; + $_SERVER['SCRIPT_NAME'] = $scriptName; + $rawPathInfo = OC_Request::getRawPathInfo(); + $this->assertEquals($expected, $rawPathInfo); + } + + function rawPathInfoProvider() { + return array( + array('/core/ajax/translations.php', 'index.php/core/ajax/translations.php', 'index.php'), + array('/core/ajax/translations.php', '/index.php/core/ajax/translations.php', '/index.php'), + array('/core/ajax/translations.php', '//index.php/core/ajax/translations.php', '/index.php'), + array('', '/oc/core', '/oc/core/index.php'), + array('', '/oc/core/', '/oc/core/index.php'), + array('', '/oc/core/index.php', '/oc/core/index.php'), + array('/core/ajax/translations.php', '/core/ajax/translations.php', 'index.php'), + array('/core/ajax/translations.php', '//core/ajax/translations.php', '/index.php'), + array('/core/ajax/translations.php', '/oc/core/ajax/translations.php', '/oc/index.php'), + array('/1', '/oc/core/1', '/oc/core/index.php'), + ); + } + + /** + * @dataProvider rawPathInfoThrowsExceptionProvider + * @expectedException Exception + * + * @param $requestUri + * @param $scriptName + */ + public function testRawPathInfoThrowsException($requestUri, $scriptName) { + $_SERVER['REQUEST_URI'] = $requestUri; + $_SERVER['SCRIPT_NAME'] = $scriptName; + OC_Request::getRawPathInfo(); + } + + function rawPathInfoThrowsExceptionProvider() { + return array( + array('/oc/core1', '/oc/core/index.php'), + ); + } +} |